virus "you have a security problem"Résolu/Fermé

Question

Bonjour,

Voila, depuis 2 h s'affiche toutes les 30 secondes dans la barre des taches ce message "you have a security problem", qui en cliquant dessus me renvoie vers un site pour telecharger Antivirus 2008 et autres antivirus.

Je suis en train de suivre la meme procedure qu'un autre topic sur ce meme probleme !

Merci d'avance de m'aider !

Donc voila mon Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:11:46, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\FREDERIC\LOCALS~1\Temp\setup85.exe
C:\Program Files\OrangeFrance\Orange Connect\Orange Connect.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\DOCUME~1\FREDERIC\LOCALS~1\Temp\18.tmp
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Documents and Settings\FREDERIC\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\FREDERIC\LOCALS~1\Temp\setup85.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Orange Connect.lnk = C:\Program Files\OrangeFrance\Orange Connect\Orange Connect.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://miamiparadise.microgaming.com/frmiamiparadise/FlashAX.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F4E679D-0E33-4DD8-AB9C-C2345F375EEE}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB75CD1B-C730-43C9-9344-A4DDCC3696A1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Fichiers communs\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: navapsvc - Unknown owner - (no file)
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SNDSrvc -   - (no file)
O23 - Service: SPBBCSvc - Adaptec, Inc. - (no file)

Destrio5 · Answer

Salut,

---> Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

Utilisateur anonyme · Answer

Xray,


Malwarebytes supprime, sans autre intervention antivirus 2008 !

Télécharger Malwarebytes : http://www.malwarebytes.org/mbam.php

Installer et mettez à jours Malwarebytes.
Redémarrer en mode sans échec (F8 sitôt après le logo du Bios).

Lancer un scan complet, lorsque teminer choisissez de supprimer tout ce qu'il aura trouvé.

Afficher le rapport généré par Malwarebytes.

Ré-afficher un rapport HijackThis

Xray · Answer

Merci à tous les 2 pour votre aide !

Après avoir fait Hijackthis ( ci dessus ), j'ai scanné completement mon disque grace à Malwarebytes,
Il a trouvé une trentaine de fichiers infectés , dont 2 n'ont pu etre supprimé qu'au redemarrage de l'ordi.

Apres le redemarrage de mon PC, cette fenetre intempestive "you have a security problem" a totalement disparu et mon PC refonctionne desormais normalement !

Voici donc le rapport Malwarebytes :

Eléments examinés: 158820
Temps écoulé: 1 hour(s), 27 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
C:\WINDOWS\system32\config\55286692.Evt (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\FREDERIC\Local Settings\Temp\setup85.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Xray · Answer

... et le nouveau rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:46:01, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OrangeFrance\Orange Connect\Orange Connect.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\FREDERIC\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Orange Connect.lnk = C:\Program Files\OrangeFrance\Orange Connect\Orange Connect.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://miamiparadise.microgaming.com/frmiamiparadise/FlashAX.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F4E679D-0E33-4DD8-AB9C-C2345F375EEE}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB75CD1B-C730-43C9-9344-A4DDCC3696A1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Fichiers communs\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: navapsvc - Unknown owner - (no file)
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SNDSrvc -   - (no file)
O23 - Service: SPBBCSvc - Adaptec, Inc. - (no file)

Xray · Answer

A vous donc de me dire si pour vous, le virus a completement disparu ...
Merci encore !

Utilisateur anonyme · Answer

Xray, Relancer HijackThis,appuyer sur [Do a system scan only], cochées (à gauche) les lignes suivantes (de 02 à 023) et appuyer sur [Fix Checked]. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file) O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll (file missing) O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://miamiparadise.microgaming.com/frmiamiparadise/FlashAX.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe O23 - Service: SNDSrvc - - (no file) O23 - Service: SPBBCSvc - Adaptec, Inc. - (no file) _____________________________ Ouvrer le Bloc-note (dans Démarrer --> Tout les prorammes --> Accessoires ) Copier / coller (telquelle) les lignes en gras suivantes : Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter] "{2AB289AE-4B90-4281-B2AE-1F4BB034B647}"=- Sauvegarder comme Fixreg.REG Double-cliquer sur Fixreg.REG et valider ______________________________________________ Téléchargez Lop S&D et enregistrez-le sur votre Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 Double-cliquez sur le fichier LopSD.exe, un raccourci sera créé sur votre Bureau. Sélectionner l'option 2 - Suppression + Hosts et validez par . ***** Patientez suppression en cours. ***** Une fois le nettoyage fait, une recherche sera relancée et un rapport s'ouvrira automatiquement dans le Bloc-Notes. Copiez-collez le contenu de ce rapport sur le forum pour contrôle. Tutoriel Lop S&D : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/eliminez-pubs-cid-sujet_198443_1.htm ______________________________________________ Téléchargez OTMoveIt2 (de Old_Timer) sur votre Bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe Double-cliquez sur OTMoveIt.exe pour le lancer. Assurez vous que la case "Unregister Dll's and Ocx's" soit bien cochée ! Copiez / collez la ligne suivante (en gras) dans la fenêtre de gauche de OTMoveIt nommé "Paste List of Files/Folders to be moved". C:\Program Files\RXToolBar\sfcont.dll C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe Cliquez sur [MoveIt!] pour lancer la suppression. Si OTMoveIt propose de redémarrer votre PC, acceptez. Lorsque un résultat apparaît dans le cadre Results, cliquez sur . Afficher le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles. ______________________________________________ Aller dans Démarrer --> Exécuter.. entrée services.msc et valide par OK Rechercher dans la fenêtre de droite Boonty Double-cliquer dessus. Vérifier que le Chemin d'accès des fichiers exécutables := C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe Si c'est le cas : Dans Type de démarrage, choisis Désactiver. Dans État du service, clique sur [Arrêter]. Fait [Appliquer] [OK] et fermer toutes les fenêtres. --> Refaite la même chose dans services.msc pour : - (iWinGamesInstaller - iWin Inc) --> C:\Program Files\iWin Games\iWinGamesInstaller.exe - (SNDSrvc) et - (SPBBCSvc). Redémarre le PC. _____________________________________________ Utilisez vous BufferZone et qu'est-ce c'est. Mettre à jours Adobe reader : https://get2.adobe.com/reader/otherversions/ Installer SpywareBlaster 4.1 : http://www.brightfort.com/spywareblaster.html Ré-afficher un rapport Hijackthis et les rapports LopS&D ainsi que OTMoveIt2.

Xray · Answer

Merci Mido2 pour tes explications detaillées que j'ai suivi à la lettre !

Concernant Bufferzone, je ne sais pas comment il a atterri ici, et quand je clique dessus, le PC ne trouve pas ce logiciel ! Donc je pense qu'on peut l'enlever, mais ca c'est à toi de me le dire !

Sinon voici dans l'ordre les differents rapports :

*Rapport LopS&D :


 --------------------\  Lop S&D 4.2.2-9   XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : FREDERIC ] [ "C:\Lop SD" ] [ Selection : 2 ]
   [ 14/08/2008 | 18:27:54 ] [ PC : PCLULU (Proc:x86)]
   [ MAJ : 13-08-2008 | 21:02 ]


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\DOCUME~1\FREDERIC\LOCALS~1\Temp
se13.tmp
   Supprime! - C:\Program Files\BitDownload\BitDownload.exe
   Supprime! - C:\Program Files\BitDownload\settings.ini
   Supprime! - C:\Program Files\BitDownload\settings.stp
   Supprime! - C:\Program Files\BitDownload\SkinCrafterDll.dll
   Supprime! - C:\Program Files\BitDownload\Skins
   Supprime! - C:\Program Files\BitDownload\Support
   Supprime! - C:\Program Files\BitDownload\unins000.dat
   Supprime! - C:\Program Files\BitDownload\unins000.exe
   Supprime! - C:\Program Files\BitTorrent Fastest Tool\BitDownload-3.0-setup.exe
   Supprime! - C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@adserver.advertstream[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@advertstream[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@d2.advertserve[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@inside.bitdownload[1].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@adultfriendfinder[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@banners.adultfriendfinder[1].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@search.adultfriendfinder[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@advertising[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@adex.bigpoint[1].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@adin.bigpoint[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@bigpoint[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@www.bigpoint[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@adopt.euroclick[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@pacificpoker[1].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@partygaming.122.2o7[1].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@partypoker[1].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@2xmoinscher[1].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@toutelatele.2xmoinscher[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@www.2xmoinscher[2].txt
   Supprime! - C:\DOCUME~1\FREDERIC\Cookies\frederic@888[1].txt
   Supprime! - C:\Program Files\BitDownload
   Supprime! - C:\Program Files\BitTorrent Fastest Tool
 
   \\\\\\\\\\\\\\\ 

   Supprime! - C:\Program Files\Viewpoint
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
 
   \\\\\\\\\\\\\\\

 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [18/11/2007|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\4D
   [25/06/2008|03:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [02/06/2007|15:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
   [31/07/2008|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [28/07/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [14/08/2008|05:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
   [18/02/2007|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
   [25/11/2006|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
   [28/10/2007|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
   [23/12/2006|03:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [16/08/2004|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [27/10/2007|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios
   [26/01/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [10/05/2004|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
   [05/05/2004|21:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
   [01/08/2008|00:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin Games
   [01/08/2008|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ludia
   [17/02/2007|00:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [14/08/2008|02:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [01/08/2008|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [26/11/2006|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
   [03/05/2004|00:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
   [01/08/2008|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [23/01/2007|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [02/05/2004|13:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
   [18/05/2004|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [31/07/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
   [30/03/2008|13:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [12/08/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [10/08/2008|13:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
   [26/11/2006|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [11/09/2006|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [18/06/2007|03:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
   [17/08/2007|18:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [16/08/2004|18:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [02/05/2004|13:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [02/05/2004|13:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [02/05/2004|13:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
   [02/05/2004|13:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
   [02/05/2004|13:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
   [02/05/2004|13:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
   [02/05/2004|13:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

   [06/04/2008|00:10] C:\DOCUME~1\FREDERIC\APPLIC~1\Adobe
   [25/06/2008|03:30] C:\DOCUME~1\FREDERIC\APPLIC~1\AdobeUM
   [02/06/2007|15:19] C:\DOCUME~1\FREDERIC\APPLIC~1\AOL
   [13/01/2007|01:22] C:\DOCUME~1\FREDERIC\APPLIC~1\Beep Industries
   [26/11/2006|18:18] C:\DOCUME~1\FREDERIC\APPLIC~1\Brother
   [22/05/2008|18:11] C:\DOCUME~1\FREDERIC\APPLIC~1\Canon
   [23/12/2006|03:40] C:\DOCUME~1\FREDERIC\APPLIC~1\CyberLink
   [05/08/2008|19:37] C:\DOCUME~1\FREDERIC\APPLIC~1\dcdl_prefs
   [16/08/2004|18:55] C:\DOCUME~1\FREDERIC\APPLIC~1\desktop.ini
   [18/02/2007|18:59] C:\DOCUME~1\FREDERIC\APPLIC~1\DivX
   [10/08/2008|12:32] C:\DOCUME~1\FREDERIC\APPLIC~1\FileZilla
   [14/05/2008|11:57] C:\DOCUME~1\FREDERIC\APPLIC~1\FrostWire
   [12/04/2008|19:15] C:\DOCUME~1\FREDERIC\APPLIC~1\GDIPFONTCACHEV1.DAT
   [26/01/2007|20:14] C:\DOCUME~1\FREDERIC\APPLIC~1\Google
   [10/05/2004|10:13] C:\DOCUME~1\FREDERIC\APPLIC~1\GTek
   [11/09/2006|17:43] C:\DOCUME~1\FREDERIC\APPLIC~1\Help
   [17/09/2006|12:56] C:\DOCUME~1\FREDERIC\APPLIC~1\HP
   [28/12/2007|19:13] C:\DOCUME~1\FREDERIC\APPLIC~1\Identities
   [01/08/2008|23:23] C:\DOCUME~1\FREDERIC\APPLIC~1\iWin
   [01/08/2008|00:21] C:\DOCUME~1\FREDERIC\APPLIC~1\iWinArcade
   [10/12/2006|13:05] C:\DOCUME~1\FREDERIC\APPLIC~1\Leadertech
   [01/08/2008|16:31] C:\DOCUME~1\FREDERIC\APPLIC~1\Ludia
   [02/05/2004|13:55] C:\DOCUME~1\FREDERIC\APPLIC~1\Macromedia
   [14/08/2008|02:27] C:\DOCUME~1\FREDERIC\APPLIC~1\Malwarebytes
   [31/05/2008|03:03] C:\DOCUME~1\FREDERIC\APPLIC~1\Microsoft
   [01/09/2007|14:46] C:\DOCUME~1\FREDERIC\APPLIC~1\Microsoft Web Folders
   [06/07/2007|18:10] C:\DOCUME~1\FREDERIC\APPLIC~1\Mindscape
   [02/07/2006|17:35] C:\DOCUME~1\FREDERIC\APPLIC~1\MobileAction
   [07/10/2006|19:11] C:\DOCUME~1\FREDERIC\APPLIC~1\Mozilla
   [05/05/2004|19:21] C:\DOCUME~1\FREDERIC\APPLIC~1\OD2
   [14/08/2008|18:20] C:\DOCUME~1\FREDERIC\APPLIC~1\OpenOffice.org2
   [01/08/2008|21:52] C:\DOCUME~1\FREDERIC\APPLIC~1\PlayFirst
   [11/08/2008|21:55] C:\DOCUME~1\FREDERIC\APPLIC~1\qp1c_prefs
   [10/05/2004|13:32] C:\DOCUME~1\FREDERIC\APPLIC~1\Real
   [10/12/2006|13:06] C:\DOCUME~1\FREDERIC\APPLIC~1\Sonic
   [02/05/2004|13:55] C:\DOCUME~1\FREDERIC\APPLIC~1\Sun
   [05/04/2008|20:05] C:\DOCUME~1\FREDERIC\APPLIC~1\Symantec
   [14/09/2006|18:13] C:\DOCUME~1\FREDERIC\APPLIC~1\uTorrent
   [03/07/2008|03:13] C:\DOCUME~1\FREDERIC\APPLIC~1\vlc
   [02/05/2004|13:55] C:\DOCUME~1\FREDERIC\APPLIC~1\You've Got Pictures Screensaver
   [28/12/2007|19:13] C:\DOCUME~1\FREDERIC\APPLIC~1\Zylom

   [14/08/2008|05:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [14/08/2008|05:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
   [19/05/2004|17:43] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [09/08/2008 14:41][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [14/08/2008 17:33][--a------] C:\WINDOWS	asks\V‚rifier les mises … jour de Windows Live Toolbar.job
   [14/08/2008 18:19][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 15:00][-rah-----] C:\WINDOWS	asks\desktop.ini
   [02/05/2004 09:11][--a------] C:\WINDOWS	asks\Rappel d'enregistrement 2.job

   --------------------\  Listing des dossiers dans C:\Program Files

   [14/03/2001|10:03] C:\Program Files\_INST32I.EX_
   [14/03/2001|10:03] C:\Program Files\_ISDEL.EXE
   [14/03/2001|10:03] C:\Program Files\_setup.dll
   [14/03/2001|10:03] C:\Program Files\_sys1.cab
   [14/03/2001|10:03] C:\Program Files\_user1.cab
   [17/06/2007|00:38] C:\Program Files\Adobe
   [11/08/2008|17:55] C:\Program Files\adslTV
   [28/06/2007|08:51] C:\Program Files\Ahead
   [31/08/2007|13:47] C:\Program Files\Alex Feinman
   [19/08/2007|01:59] C:\Program Files\Altnet
   [31/07/2008|23:25] C:\Program Files\Apple Software Update
   [07/06/2000|10:49] C:\Program Files\ar405fre.exe
   [05/05/2008|20:57] C:\Program Files\AskSBar
   [18/01/1999|14:52] C:\Program Files\AUTORUN.INF
   [14/08/2008|05:47] C:\Program Files\Avast
   [12/08/2008|19:53] C:\Program Files\AVG
   [05/05/2004|19:40] C:\Program Files\Ballance
   [11/08/2008|23:39] C:\Program Files\BFG
   [18/02/2007|17:40] C:\Program Files\Boonty
   [20/02/2007|19:05] C:\Program Files\BoontyGames
   [09/02/1998|20:00] C:\Program Files\BORLNDMM.DLL
   [29/04/2008|13:47] C:\Program Files\Brother
   [28/10/2007|18:36] C:\Program Files\BufferZone
   [22/05/2008|17:54] C:\Program Files\Canon
   [02/04/2001|11:18] C:\Program Files\Casse-briques deluxe.pdf
   [30/01/2003|06:04] C:\Program Files\cc3260mt.dll
   [02/04/2007|11:07] C:\Program Files\Chiffres et lettres
   [29/01/1999|10:19] C:\Program Files\clic.avi
   [22/03/2001|15:27] C:\Program Files\clic.exe
   [02/04/2001|11:46] C:\Program Files\clic.ini
   [08/01/1999|11:28] C:\Program Files\clic.wav
   [25/12/2006|18:40] C:\Program Files\coktel
   [29/04/2008|13:46] C:\Program Files\Common Files
   [03/03/1999|21:00] C:\Program Files\CP3245MT.DLL
   [02/05/2004|13:55] C:\Program Files\CyberLink
   [14/03/2001|10:03] C:\Program Files\DATA.TAG
   [14/03/2001|10:03] C:\Program Files\data1.cab
   [20/04/2007|18:05] C:\Program Files\denouvel
   [19/10/2007|18:22] C:\Program Files\DivX
   [13/08/2008|01:21] C:\Program Files\eMule
   [29/06/2008|00:22] C:\Program Files\Everest Poker
   [18/07/2008|23:25] C:\Program Files\Fichiers communs
   [02/07/2008|22:01] C:\Program Files\FileZilla Client
   [28/07/2007|00:23] C:\Program Files\FranceTelecomUninstall
   [01/07/2008|23:22] C:\Program Files\Free
   [01/06/2008|16:33] C:\Program Files\FrostWire
   [20/02/2007|16:43] C:\Program Files\GameSpy Arcade
   [31/03/2008|20:50] C:\Program Files\Google
   [08/07/2008|19:49] C:\Program Files\IKEA HomePlanner
   [10/08/2008|23:23] C:\Program Files\INSTAFINK
   [28/07/2008|22:05] C:\Program Files\InstallShield Installation Information
   [02/05/2004|13:55] C:\Program Files\Intel
   [12/06/2008|03:02] C:\Program Files\Internet Explorer
   [10/08/2008|19:28] C:\Program Files\iWin Games
   [01/08/2008|23:52] C:\Program Files\iWin.com
   [27/07/2008|11:52] C:\Program Files\Java
   [19/06/2008|18:03] C:\Program Files\Jewel Quest
   [11/08/2008|10:39] C:\Program Files\Jewel Quest Solitaire
   [13/03/2008|12:11] C:\Program Files\Jewel Quest Solitaire Deluxe
   [14/03/2001|10:03] C:\Program Files\lang.dat
   [14/03/2001|10:03] C:\Program Files\layout.bin
   [26/11/2006|12:48] C:\Program Files\Luxor 2
   [06/05/2007|02:32] C:\Program Files\maj
   [14/08/2008|02:27] C:\Program Files\Malwarebytes' Anti-Malware
   [12/04/1999|08:40] C:\Program Files\mapi32.dll
   [02/05/2004|13:57] C:\Program Files\Messenger
   [15/08/2007|23:44] C:\Program Files\Micro Application
   [18/11/2007|12:18] C:\Program Files\Microsoft ActiveSync
   [19/06/2007|03:03] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [01/09/2007|14:45] C:\Program Files\microsoft frontpage
   [24/06/2007|00:39] C:\Program Files\Microsoft Games
   [11/12/2006|09:39] C:\Program Files\Microsoft IntelliPoint
   [12/04/2008|19:13] C:\Program Files\Microsoft Office
   [28/07/2008|22:04] C:\Program Files\Mindscape
   [20/04/2007|18:41] C:\Program Files\MOTUS
   [02/05/2004|13:58] C:\Program Files\Movie Maker
   [31/03/2008|21:22] C:\Program Files\Mozilla Firefox
   [03/03/2008|07:10] C:\Program Files\MP3 Player Utilities 3.5.02
   [17/01/2008|19:56] C:\Program Files\MP3 Player Utilities 4.07
   [12/04/2008|19:12] C:\Program Files\MSECache
   [19/05/2004|19:32] C:\Program Files\MSN
   [09/12/2006|00:09] C:\Program Files\MSN Games
   [02/05/2004|13:55] C:\Program Files\MSN Gaming Zone
   [18/06/2007|03:19] C:\Program Files\MSN Messenger
   [15/11/2004|12:11] C:\Program Files\NAVOptRF.dll
   [09/10/2006|19:50] C:\Program Files\Need2Find
   [02/05/2004|13:58] C:\Program Files\NetMeeting
   [02/05/2004|13:58] C:\Program Files\Online Services
   [05/04/2008|18:34] C:\Program Files\OpenOffice.org 2.2
   [30/07/2008|13:53] C:\Program Files\OrangeBs
   [18/07/2008|23:25] C:\Program Files\OrangeFrance
   [14/03/2001|10:03] C:\Program Files\os.dat
   [14/06/2007|03:13] C:\Program Files\Outlook Express
   [19/10/2007|19:06] C:\Program Files\PolicesClic
   [01/11/2007|11:02] C:\Program Files\PopCap Games
   [28/07/2008|20:48] C:\Program Files\QuickTime
   [06/04/2008|15:35] C:\Program Files\Real
   [02/05/2004|13:55] C:\Program Files\Realtek
   [31/12/2006|03:44] C:\Program Files\ReflexiveArcade
   [26/07/2007|15:29] C:\Program Files\Revistronic
   [06/04/2008|15:35] C:\Program Files\RngInterstitial.dll
   [05/02/2001|09:07] C:\Program Files\RTL.bmp
   [19/10/2007|19:06] C:\Program Files\RunImage
   [07/10/2007|14:44] C:\Program Files\SAGEM
   [07/10/2007|14:43] C:\Program Files\Securitoo
   [02/05/2004|13:59] C:\Program Files\Services en ligne
   [14/03/2001|10:03] C:\Program Files\setup.bmp
   [14/03/2001|10:03] C:\Program Files\SETUP.INI
   [14/03/2001|10:03] C:\Program Files\setup.ins
   [14/03/2001|10:03] C:\Program Files\setup.lid
   [15/07/2008|14:58] C:\Program Files\Slickball
   [20/04/2007|18:54] C:\Program Files\Smotus
   [02/05/2004|13:55] C:\Program Files\Sonic
   [31/10/2007|21:29] C:\Program Files\Sony Online Entertainment
   [02/05/2004|13:55] C:\Program Files\Synaptics
   [15/02/1999|11:16] C:\Program Files	f1.bmp
   [12/12/2000|16:46] C:\Program Files\TF1video.bmp
   [27/11/2006|21:32] C:\Program Files\Trymedia
   [06/05/2004|17:20] C:\Program Files\Ubi Soft
   [07/01/1999|21:02] C:\Program Files\VCL40.BPL
   [18/06/1998|20:00] C:\Program Files\VCLX40.BPL
   [02/07/2008|23:31] C:\Program Files\VideoLAN
   [23/12/2007|03:54] C:\Program Files\Virtools
   [19/10/2007|19:06] C:\Program Files\VisuelsClic
   [14/08/2008|00:33] C:\Program Files\VS Revo Group
   [01/12/2007|04:02] C:\Program Files\Windows Live Toolbar
   [18/01/2007|23:25] C:\Program Files\Windows Media Connect 2
   [19/08/2007|01:59] C:\Program Files\Windows Media Player
   [01/06/2007|13:31] C:\Program Files\Windows Messaging
   [02/05/2004|13:59] C:\Program Files\Windows NT
   [01/09/2007|10:11] C:\Program Files\WinISO
   [26/11/2006|12:46] C:\Program Files\WinRAR
   [19/10/2007|19:06] C:\Program Files\WorldOnLine
   [11/12/2000|11:37] C:\Program Files\Worldonline.bmp
   [02/05/2004|13:55] C:\Program Files\xerox
   [01/08/2008|23:39] C:\Program Files\Yahoo! Games
   [26/11/2006|04:25] C:\Program Files\Zone.com Deluxe Games
   [01/08/2008|23:43] C:\Program Files\Zylom Games

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [25/06/2008|03:33] C:\Program Files\Fichiers communs\Adobe
   [21/01/2007|16:18] C:\Program Files\Fichiers communs\Ahead
   [19/08/2007|01:59] C:\Program Files\Fichiers communs\AOL
   [02/05/2004|23:44] C:\Program Files\Fichiers communs\aolback
   [18/02/2007|17:44] C:\Program Files\Fichiers communs\BOONTY Shared
   [18/11/2007|12:18] C:\Program Files\Fichiers communs\Designer
   [18/07/2008|23:25] C:\Program Files\Fichiers communs\GtFlashSwitch
   [29/04/2008|13:46] C:\Program Files\Fichiers communs\InstallShield
   [02/05/2004|13:55] C:\Program Files\Fichiers communs\Java
   [17/02/2007|00:48] C:\Program Files\Fichiers communs\Macrovision Shared
   [12/04/2008|19:13] C:\Program Files\Fichiers communs\Microsoft Shared
   [02/05/2004|13:55] C:\Program Files\Fichiers communs\MSSoap
   [02/05/2004|13:55] C:\Program Files\Fichiers communs\Nullsoft
   [01/09/2007|14:54] C:\Program Files\Fichiers communs\ODBC
   [06/04/2008|15:35] C:\Program Files\Fichiers communs\Real
   [31/03/2008|20:45] C:\Program Files\Fichiers communs\Research In Motion
   [02/05/2004|13:56] C:\Program Files\Fichiers communs\Services
   [02/05/2004|13:56] C:\Program Files\Fichiers communs\Sonic Shared
   [02/05/2004|13:55] C:\Program Files\Fichiers communs\SpeechEngines
   [02/05/2004|13:56] C:\Program Files\Fichiers communs\SureThing Shared
   [18/11/2007|12:17] C:\Program Files\Fichiers communs\System
   [08/07/2008|19:49] C:\Program Files\Fichiers communs\Wise Installation Wizard
   [02/05/2004|13:55] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 45 Processus )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-08-14 18:30:43
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\FREDERIC\Local Settings\Temp\R‚pertoire temporaire 1 pour WinRAR.v3.51+ crack.zip
   C:\DOCUME~1\FREDERIC\Local Settings\Temp\Rar$EX01.719\Crack
   C:\DOCUME~1\FREDERIC\Local Settings\Temp\Rar$EX01.719\The Rise of Atlantis + Crack
   C:\DOCUME~1\FREDERIC\Local Settings\Temp\Rar$EX01.719\Crack	he rise of atlantis.exe
   C:\DOCUME~1\FREDERIC\Local Settings\Temp\Rar$EX01.719\The Rise of Atlantis + Crack\Crack
   C:\DOCUME~1\FREDERIC\Local Settings\Temp\Rar$EX01.719\The Rise of Atlantis + Crack\The Rise of Atlantis + Crack
   C:\DOCUME~1\FREDERIC\Local Settings\Temp\Rar$EX01.719\The Rise of Atlantis + Crack\Crack	he rise of atlantis.exe
   C:\DOCUME~1\FREDERIC\Local Settings\Temp\Rar$EX01.719\The Rise of Atlantis + Crack\The Rise of Atlantis + Crack\en_riseofatlantis_inst.exe
   C:\DOCUME~1\FREDERIC\Recent\The Rise of Atlantis + Crack(1).lnk
   C:\DOCUME~1\FREDERIC\Recent\The Rise of Atlantis + Crack.lnk
   C:\DOCUME~1\FREDERIC\Recent\The Rise Of Atlantis Crack.lnk


   [F:5302][D:349]-> C:\DOCUME~1\FREDERIC\LOCALS~1\Temp
   [F:3844][D:0]-> C:\DOCUME~1\FREDERIC\Cookies
   [F:3032][D:115]-> C:\DOCUME~1\FREDERIC\LOCALS~1\TEMPOR~1\content.IE5

   --------------------\  Fin du rapport a 18:33:11,79

Xray · Answer

* Voici le rapport OtMoveIt :

File/Folder C:\Program Files\RXToolBar\sfcont.dll not found.
File/Folder C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08142008_184301

Xray · Answer

*Et enfin le rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:22, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\GtFlashSwitch\GtFlashSwitch.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OrangeFrance\Orange Connect\Orange Connect.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Documents and Settings\FREDERIC\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Orange Connect.lnk = C:\Program Files\OrangeFrance\Orange Connect\Orange Connect.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F4E679D-0E33-4DD8-AB9C-C2345F375EEE}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB75CD1B-C730-43C9-9344-A4DDCC3696A1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Fichiers communs\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: navapsvc - Unknown owner - (no file)
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

Utilisateur anonyme · Answer

Ray,

Relancer HijackThis et cochées [Fix Checked] les lignes suivantes: 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) 
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) 

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 

O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe (file missing) 

____________________________


Télécharger RegSearch : https://download.bleepingcomputer.com/steelwerx/regsearch.zip

Dézipper le dans un répertoire et lancer regsearch.exe

Sur la première ligne sous "Enter search strings (case independent) and click OK...
Copier / coller la ligne en gras suivante :

C:\Program Files\RXToolBar

Valider par [OK]

Après la recherche le Bloc-note va s'ouvrir avec un rapport.

Afficher ce rapport S.V.P.

____________________________

Vous avez 2 antivirus ça génère beaucoup d'instabilité sur un système 

Désinstaller Norton et pour compléter sa désinstallation télécharger et exécuter l'outil de désinstallation Norton : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

Télécharger Antivir : https://www.avira.com/en/downloads

Désinstaller Avast aussi.
Et installer Antivir.

Tutoriel français Antivir : http://www.libellules.ch/tuto_antivir.php

Xray · Answer

Ok Mido2,
J'ai desinstallé Norton et Avast, et installé AntiVir.

Voila le rapport RegSearch :

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 14/08/2008 20:30:22 for strings:
;  'c:\program files\rxtoolbar '
; Strings excluded from search:
;  (None)
; Search in: 
; Registry Keys  Registry Values  Registry Data  
; HKEY_LOCAL_MACHINE  HKEY_USERS  


; End Of The Log...


Veux-tu que je refasse un scan HiJackthis ?

Utilisateur anonyme · Answer

Ray,

Aller dans Démarrer --> Exécuter.., entrer sc delete BufferZoneSvc et valider

Les fichiers et dossiers cachées sont t-ils accessibles 
Ouvrer le Poste de travail --> Outils --> Options dossiers --> Affichage et
-sélectionner "Afficher les fichiers et dossiers cachées"
-décocher "Masquer les extensions des fichiers dont le type est connu"
-décocher "Masquer les fichier protégés du système d'exploitation (recommandé)"

Vérifier si vous trouvez ce répertoire :
C:\Program Files\RXToolBar 
et aussi 
C:\Program Files\RXToolBar\Semantic Insight

Et retournez l'info sur ces répertoires

__________________________________

Aller en mode sans échec et désinstaller tout ce qu'il y a de Boonty dedans
Et supprimer ces répertoires même si pas capable de désinstaller:
C:\Program Files\Boonty 
C:\Program Files\Fichiers communs\BOONTY Shared 
C:\Program Files\BoontyGames 
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY 
retournez toute l'info sur cette suppression (c-a-d les fichiers qui restent encore sur le disque )
__________________________________

Faites un scan complet avec Antivir et afficher le rapport

Ré-afficher un rapport HijackThis

Xray · Answer

Mido2,

J'ai fait toutes les manipulations que tu me demandais.

Concernant l'execution de "sc delete BufferZoneSvc", je n'ai pas l'impression que cela ai fait quelqechose ...
Comme Bufferzone est toujours dans Program Files, puis-je le supprimer en le desinstallant ou en le mettant à la corbeille?

Concernant C:\Program Files\RXToolBar et aussi C:\Program Files\RXToolBar\Semantic Insight : je n'ai pas trouvé ces repertoires.

Et les repertoires concernant Boonty n'existe plus !

Et voila le rapport Antivir :

Avira AntiVir Personal
Report file date: vendredi 15 août 2008  00:20

Scanning for 1552297 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    PCLULU

Version information:
BUILD.DAT     : 8.1.0.331      16934 Bytes  12/08/2008 11:46:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes  26/06/2008 08:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  26/05/2008 07:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 12:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes  26/05/2008 07:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes  18/07/2007 10:33:34
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes  24/06/2008 13:54:15
ANTIVIR2.VDF  : 7.0.6.10     2587136 Bytes  14/08/2008 19:00:30
ANTIVIR3.VDF  : 7.0.6.16       16896 Bytes  14/08/2008 19:00:31
Engineversion : 8.1.1.19  
AEVDF.DLL     : 8.1.0.5       102772 Bytes  09/07/2008 08:46:50
AESCRIPT.DLL  : 8.1.0.63      311673 Bytes  14/08/2008 19:00:56
AESCN.DLL     : 8.1.0.23      119156 Bytes  14/08/2008 19:00:54
AERDL.DLL     : 8.1.0.20      418165 Bytes  09/07/2008 08:46:50
AEPACK.DLL    : 8.1.2.1       364917 Bytes  14/08/2008 19:00:52
AEOFFICE.DLL  : 8.1.0.21      192891 Bytes  14/08/2008 19:00:49
AEHEUR.DLL    : 8.1.0.47     1368437 Bytes  14/08/2008 19:00:47
AEHELP.DLL    : 8.1.0.15      115063 Bytes  09/07/2008 08:46:50
AEGEN.DLL     : 8.1.0.35      315764 Bytes  14/08/2008 19:00:38
AEEMU.DLL     : 8.1.0.7       430452 Bytes  14/08/2008 19:00:35
AECORE.DLL    : 8.1.1.8       172406 Bytes  14/08/2008 19:00:33
AEBB.DLL      : 8.1.0.1        53617 Bytes  24/04/2008 08:50:42
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 08:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 09:28:01
AVREP.DLL     : 8.0.0.2        98344 Bytes  14/08/2008 19:00:32
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 11:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 12:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 12:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  12/06/2008 13:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 15 août 2008  00:20

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'Orange Connect.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'point32.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'Icon.exe' - '1' Module(s) have been scanned
Scan process 'STDSB.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'GtFlashSwitch.exe' - '1' Module(s) have been scanned
Scan process 'HidService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'savedump.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '57' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\Documents and Settings\FREDERIC\Local Settings\Temp\ZGI29.tmp
    [0] Archive type: ZIP SFX (self extracting)
      --> Mind Medley Deluxe\GameInstlr.exe
        [1] Archive type: ZIP SFX (self extracting)
        --> gtb\GoogleToolbar-fr.exe
          [DETECTION] Is the TR/Dldr.Agent.aaar Trojan
    [NOTE]      The file was moved to '48edbb8c.qua'!
C:\Documents and Settings\FREDERIC\Local Settings\Temp\.zylomisrtemp1206991953\ZylomGameITemp.exe
    [0] Archive type: ZIP SFX (self extracting)
    --> gtb\GoogleToolbar-fr.exe
      [DETECTION] Is the TR/Dldr.Agent.aaar Trojan
    [NOTE]      The file was moved to '4910bbd1.qua'!
C:\Documents and Settings\FREDERIC\Local Settings\Temp\.zylomisrtemp1206991994\ZylomGameITemp.exe
    [0] Archive type: ZIP SFX (self extracting)
    --> gtb\GoogleToolbar-fr.exe
      [DETECTION] Is the TR/Dldr.Agent.aaar Trojan
    [NOTE]      The file was moved to '4910bbd5.qua'!
C:\Documents and Settings\FREDERIC\Local Settings\Temp\.zylomisrtemp1217626993\ZylomGameITemp.exe
    [0] Archive type: ZIP SFX (self extracting)
    --> gtb\GoogleToolbar-fr.exe
      [DETECTION] Is the TR/Dldr.Agent.aaar Trojan
    [NOTE]      The file was moved to '4910bbdf.qua'!
C:\Documents and Settings\FREDERIC\Local Settings\Temporary Internet Files\Content.IE5\R4OJRSV3\index[3].htm
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '4908bca6.qua'!
C:\Documents and Settings\FREDERIC\Local Settings\Temporary Internet Files\Content.IE5\XAJHG7VP\AV2009Install_77040503[1].exe
    [DETECTION] Is the TR/Dldr.Fraud.bby Trojan
    [NOTE]      The file was moved to '48d6bcb0.qua'!
C:\Documents and Settings\FREDERIC\Local Settings\Temporary Internet Files\Content.IE5\XAJHG7VP\index[2].htm
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '4908bcf1.qua'!
C:\Documents and Settings\FREDERIC\Local Settings\Temporary Internet Files\Content.IE5\XAJHG7VP\movie1[1].htm
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '491abd1c.qua'!
C:\Documents and Settings\FREDERIC\Local Settings\Temporary Internet Files\Content.IE5\ZKIMB2OQ\movie1[1].htm
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '491abdb0.qua'!
C:\Documents and Settings\FREDERIC\Local Settings\Temporary Internet Files\Content.IE5\ZNHVCEEAeturn[1].htm
    [DETECTION] Contains recognition pattern of the JS/Dldr.ActiveX.AU Java script virus
    [NOTE]      The file was moved to '4918bdf4.qua'!
C:\Fred	ruc sympa\Cne DEUTSCH_disque dur\Cne DEUTSCH\perso\Divorce internet\capture etc\keylogger\007 Spy Software(Keylogger) Plus Serial By Deeohgee.zip
    [0] Archive type: ZIP
    --> 007 Spy SoftWare(KeyLogger+) Plus Serial By DeeOhGee/007 Spy SoftWare SetUp.exe
      [DETECTION] Contains recognition pattern of the DR/007SpySoft.342.1 dropper
    [NOTE]      The file was moved to '48dbbe48.qua'!
C:\Program Files\eMule\Incoming\Jeux\bookworm.deluxe.1.02.[c]rack-rev.zip
    [0] Archive type: ZIP
    --> CrAcK.exe
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    [NOTE]      The file was moved to '4913bfb0.qua'!
C:\Program Files\eMule\Incoming\Jeux\Cue-Club Billiard CRACK v 1.04.exe
    [DETECTION] Is the TR/Dldr.Small.bws.20 Trojan
    [NOTE]      The file was moved to '4909bfc2.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0008097.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE]      The file was moved to '48d4c51e.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0009119.exe
    [DETECTION] Contains recognition pattern of the DR/Dldr.Small.aazq dropper
    [NOTE]      The file was moved to '48d4c522.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0009120.exe
    [DETECTION] Is the TR/Dldr.FraudLoad.vbch Trojan
    [NOTE]      The file was moved to '48d4c524.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0013116.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE]      The file was moved to '48d4c526.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0013128.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '48d4c528.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0013129.EXE
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '48d4c52b.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0013130.DLL
    [DETECTION] Is the TR/Drop.Softomat.AN Trojan
    [NOTE]      The file was moved to '48d4c52d.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0013131.DLL
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '48d4c52f.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0013134.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '48d4c534.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0013137.DLL
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '48d4c537.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0017260.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.DN.2 back-door program
    [NOTE]      The file was moved to '48d4c546.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0017265.exe
    [DETECTION] Contains recognition pattern of the DR/Lop.BO.7 dropper
    [NOTE]      The file was moved to '48d4c549.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0019158.exe
    [DETECTION] Is the TR/Dldr.Small.bws.20 Trojan
    [NOTE]      The file was moved to '48d4c580.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0019190.exe
    [DETECTION] Is the TR/Dldr.Small.bws.20 Trojan
    [NOTE]      The file was moved to '48d4c583.qua'!
C:\WINDOWS\Temp\hdE.tmp
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE]      The file was moved to '48e9c8fb.qua'!


End of the scan: vendredi 15 août 2008  02:07
Used time:  1:46:41 Hour(s)

The scan has been done completely.

  12677 Scanning directories
 1024291 Files were scanned
     24 viruses and/or unwanted programs were found
      4 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
     28 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 1024261 Files not concerned
  13639 Archives were scanned
      2 Warnings
     28 Notes

Xray · Answer

Et voici le nouvel HiJackThis : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:17:52, on 15/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\GtFlashSwitch\GtFlashSwitch.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OrangeFrance\Orange Connect\Orange Connect.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\FREDERIC\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Orange Connect.lnk = C:\Program Files\OrangeFrance\Orange Connect\Orange Connect.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F4E679D-0E33-4DD8-AB9C-C2345F375EEE}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB75CD1B-C730-43C9-9344-A4DDCC3696A1}: NameServer = 212.27.53.252,212.27.54.252
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Fichiers communs\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

Utilisateur anonyme · Answer

Ray,

Comme Bufferzone est toujours dans Program Files, puis-je le supprimer en le desinstallant ou en le mettant à la corbeille? 
Désinstaller le sinon supprimer le.


Désactiver la Restauration du système pour purger tout les points de restauration qui contiennent plusieurs infections latente dans ..\System Volume Information.
Réactiver la sitôt après.
Tutoriel : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

Au sujet de GTFLASHSWITCH, il n'y a pas beaucoup d'info la dessus, vous devriez le désinstaller sinon supprimer son répertoire.

P.S.: S'il y a des fichires qui ne se supprimer pas en mode normal, aller en mode sans échec pour les supprimer.

Xray · Answer

Mido2,

Bufferzone est desinstallé.

Par contre, pour desactiver la restauration du systeme, je ne comprends pas car en arrivant dans Proprietes du Poste de travail, la case etait dejà cochée !

Donc je ne vois pas comment faire pour supprimer ces fichiers infectés !

Xray · Answer

PS: j'ai aussi supprimé GTFLASHSWITCJ

Xray · Answer

D'ailleurs, est-ce que je peux supprimer tout ce que MBAM et Antivir ont mis en quarantaine ?

bicharo · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:41, on 16/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\user\AppData\Local\Temp\video1152.cfg.exe
C:\Users\user\AppData\Local\Temp\b.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32egsvr32.exe
C:\Users\user\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: mxlivemedia browser enhancer - {7671469E-31F3-B239-A518-616FA0CD844F} - C:\Windows\system32\dgktqztjtkeiaak.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mencyggmkss] C:\Windows\System32egsvr32.exe /s "C:\Windows\system32\dgktqztjtkeiaak.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\user\AppData\Local\Temp\video1152.cfg.exe
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: dartybox.exe
O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

bicharo · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:41, on 16/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\user\AppData\Local\Temp\video1152.cfg.exe
C:\Users\user\AppData\Local\Temp\b.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32egsvr32.exe
C:\Users\user\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: mxlivemedia browser enhancer - {7671469E-31F3-B239-A518-616FA0CD844F} - C:\Windows\system32\dgktqztjtkeiaak.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mencyggmkss] C:\Windows\System32egsvr32.exe /s "C:\Windows\system32\dgktqztjtkeiaak.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\user\AppData\Local\Temp\video1152.cfg.exe
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: dartybox.exe
O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

BIG AL · Answer

Tu as reçu un virus, antivirus 2008 est un virus....

Bonne chance pour le désinstaller moi j'ai du formater mon disque.

BIG AL

Virus "you have a security problem"

21 réponses

Discussions similaires

Newsletters