Sujet Précédent Sujet Suivant

PUB CID

Résolu
beliax Messages postés 51 Statut Membre -  
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour j'ai u quelque probleme ses derniers temp avec ses satannées pUB CID j'ai lu ses ke je devai faire voiçi le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:47, on 3/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Users\neigel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\TuePub\TuePub.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\neigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IV09NKJF\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Deaf Thunk] "C:\ProgramData\64SoftwareSoftware.g3ul1r"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-be.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

7 réponses

Réponse 1 / 7
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Bonjour

Ton rapport Lop n'est pas complet.
0
Réponse 2 / 7
beliax Messages postés 51 Statut Membre 10
 
1) raport

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1602
Windows 6.0.6001 Service Pack 1

3/01/2009 20:22:45
mbam-log-2009-01-03 (20-22-45).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 167140
Temps écoulé: 1 hour(s), 6 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bags Else Hole Lite (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\ProgramData\Extra Test Axis.92hz5 (Trojan.Agent) -> Quarantined and deleted successfully.

2) Raport --------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : neigel ( Administrator )
BOOT : Normal boot
Antivirus : Norton AntiVirus 15.0.0.58 (Activated)
Firewall : Norton AntiVirus 15.0.0.58 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:54 Go)
D:\ (Local Disk) - NTFS - Total:111 Go (Free:111 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( sam. 03/01/2009|20:47 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[01/12/2007|21:42] C:\Users\neigel\AppData\Local\Acer Arcade Deluxe
[26/03/2008|09:55] C:\Users\neigel\AppData\Local\acer eNM
[26/01/2008|22:13] C:\Users\neigel\AppData\Local\Adobe
[20/05/2008|15:02] C:\Users\neigel\AppData\Local\Apple
[11/07/2008|17:42] C:\Users\neigel\AppData\Local\Apple Computer
[01/12/2007|01:27] C:\Users\neigel\AppData\Local\Application Data
[03/01/2009|11:13] C:\Users\neigel\AppData\Local\ApplicationHistory
[27/12/2008|19:56] C:\Users\neigel\AppData\Local\d3d9caps.dat
[03/01/2009|14:45] C:\Users\neigel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[01/12/2007|21:43] C:\Users\neigel\AppData\Local\DVDivine
[20/09/2008|06:56] C:\Users\neigel\AppData\Local\fusioncache.dat
[01/12/2007|01:27] C:\Users\neigel\AppData\Local\GDIPFONTCACHEV1.DAT
[01/12/2007|22:18] C:\Users\neigel\AppData\Local\Google
[01/12/2007|01:27] C:\Users\neigel\AppData\Local\Historique
[02/01/2009|21:16] C:\Users\neigel\AppData\Local\IconCache.db
[19/10/2008|13:28] C:\Users\neigel\AppData\Local\Microsoft
[20/06/2008|15:12] C:\Users\neigel\AppData\Local\Microsoft Games
[16/04/2008|15:57] C:\Users\neigel\AppData\Local\Microsoft Help
[08/12/2008|17:53] C:\Users\neigel\AppData\Local\Netlog
[01/12/2007|01:28] C:\Users\neigel\AppData\Local\PlayMovie
[01/12/2007|21:42] C:\Users\neigel\AppData\Local\PowerCinema
[29/12/2007|13:38] C:\Users\neigel\AppData\Local\Steam
[03/01/2009|20:47] C:\Users\neigel\AppData\Local\Temp
[01/12/2007|01:27] C:\Users\neigel\AppData\Local\Temporary Internet Files
[01/12/2007|20:02] C:\Users\neigel\AppData\Local\VirtualStore
[08/01/2008|00:03] C:\Users\neigel\AppData\Local\Windows Live Writer

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[03/01/2009 11:16][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{A9D9D966-7C29-454F-B128-B9FC0080B915}.job
[22/12/2008 20:07][--a------] C:\Windows\tasks\Norton AntiVirus - Effectuer une analyse complŠte du systŠme - neigel.job
[30/11/2007 21:25][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[03/01/2009 11:12][--ah-----] C:\Windows\tasks\SA.DAT
[02/01/2009 21:16][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[26/07/2007|03:43] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[19/04/2008|10:21] C:\ProgramData\64SoftwareSoftware.8wyj2
[26/03/2008|21:18] C:\ProgramData\64SoftwareSoftware.c6ea42p
[19/04/2008|09:37] C:\ProgramData\64SoftwareSoftware.d40r6
[19/04/2008|10:43] C:\ProgramData\64SoftwareSoftware.g3ul1r
[26/03/2008|21:18] C:\ProgramData\64SoftwareSoftware.oos66sh
[19/04/2008|09:59] C:\ProgramData\64SoftwareSoftware.rgnpy
[31/10/2008|10:58] C:\ProgramData\Adobe
[11/07/2008|17:39] C:\ProgramData\Apple
[02/11/2006|14:02] C:\ProgramData\Application Data
[02/01/2009|12:53] C:\ProgramData\AVS4YOU
[01/12/2007|01:27] C:\ProgramData\Bureau
[30/11/2007|20:03] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[16/06/2008|17:27] C:\ProgramData\eMule
[01/12/2007|01:27] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[13/04/2008|16:52] C:\ProgramData\Forge of Games
[01/12/2007|22:05] C:\ProgramData\Google
[07/10/2008|15:39] C:\ProgramData\Iso Web Bags Else
[03/01/2009|19:14] C:\ProgramData\Malwarebytes
[01/12/2007|01:27] C:\ProgramData\Menu D‚marrer
[14/04/2008|19:04] C:\ProgramData\Microsoft
[12/12/2008|09:34] C:\ProgramData\Microsoft Help
[01/12/2007|01:27] C:\ProgramData\ModŠles
[02/11/2006|14:02] C:\ProgramData\Start Menu
[10/10/2008|15:21] C:\ProgramData\Symantec
[02/11/2006|14:02] C:\ProgramData\Templates
[20/10/2008|12:57] C:\ProgramData\WLInstaller
[30/11/2007|20:38] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[26/09/2007|09:24] C:\Program Files\Acer Arcade Deluxe
[26/09/2007|09:37] C:\Program Files\ACER Crystal Eye webcam
[20/09/2008|14:33] C:\Program Files\Acer GameZone
[26/09/2007|09:40] C:\Program Files\Acer Inc
[26/07/2007|03:43] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[31/10/2008|10:57] C:\Program Files\Adobe
[11/07/2008|17:58] C:\Program Files\Adobe Media Player
[07/10/2008|15:39] C:\Program Files\Apoint2K
[11/07/2008|17:39] C:\Program Files\Apple Software Update
[19/09/2008|19:15] C:\Program Files\AviSynth 2.5
[02/01/2009|12:57] C:\Program Files\AVS4YOU
[11/07/2008|17:39] C:\Program Files\Bonjour
[26/01/2008|22:21] C:\Program Files\CamStudio
[02/01/2009|12:51] C:\Program Files\Common Files
[26/07/2007|02:29] C:\Program Files\CONEXANT
[26/07/2007|03:13] C:\Program Files\CyberLink
[26/12/2008|10:10] C:\Program Files\Dofus
[01/12/2007|01:27] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[26/03/2008|09:55] C:\Program Files\Google
[08/11/2008|18:26] C:\Program Files\IconCool Software
[04/07/2008|15:37] C:\Program Files\InstallShield Installation Information
[07/10/2008|15:39] C:\Program Files\Internet Explorer
[10/12/2007|09:52] C:\Program Files\Java
[26/09/2007|09:23] C:\Program Files\Launch Manager
[03/01/2009|19:14] C:\Program Files\Malwarebytes' Anti-Malware
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[26/07/2007|03:43] C:\Program Files\Microsoft Office
[30/11/2007|21:30] C:\Program Files\Microsoft SQL Server Compact Edition
[11/09/2008|19:04] C:\Program Files\Microsoft Works
[26/07/2007|03:40] C:\Program Files\Microsoft.NET
[07/10/2008|15:39] C:\Program Files\Movie Maker
[02/11/2006|13:37] C:\Program Files\MSBuild
[01/12/2007|00:01] C:\Program Files\MSXML 4.0
[26/07/2007|03:11] C:\Program Files\NewTech Infosystems
[22/01/2008|16:51] C:\Program Files\Nobilis
[02/04/2008|14:40] C:\Program Files\Norton AntiVirus
[26/09/2007|09:25] C:\Program Files\Realtek
[19/03/2008|16:58] C:\Program Files\RealVNC
[19/09/2008|19:37] C:\Program Files\Red Kawa
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[24/11/2008|17:23] C:\Program Files\RegCure
[30/01/2008|12:38] C:\Program Files\Sega
[19/09/2008|17:17] C:\Program Files\Sony Setup
[26/09/2007|09:37] C:\Program Files\SUYIN
[05/06/2008|17:29] C:\Program Files\Symantec
[13/09/2008|11:56] C:\Program Files\TrackMania Sunrise
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[29/12/2007|13:30] C:\Program Files\Valve
[07/11/2008|11:38] C:\Program Files\Wakfu
[07/10/2008|15:37] C:\Program Files\Windows Calendar
[07/10/2008|15:39] C:\Program Files\Windows Collaboration
[07/10/2008|15:39] C:\Program Files\Windows Defender
[07/10/2008|15:39] C:\Program Files\Windows Journal
[28/02/2008|08:51] C:\Program Files\Windows Live
[30/11/2007|21:24] C:\Program Files\Windows Live Favorites
[30/11/2007|21:24] C:\Program Files\Windows Live Toolbar
[13/12/2008|00:26] C:\Program Files\Windows Mail
[08/12/2008|17:53] C:\Program Files\Windows Media Player
[01/12/2007|01:27] C:\Program Files\Windows NT
[07/10/2008|15:39] C:\Program Files\Windows Photo Gallery
[07/10/2008|15:39] C:\Program Files\Windows Sidebar

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[31/10/2008|10:58] C:\Program Files\Common Files\Adobe
[02/01/2009|12:57] C:\Program Files\Common Files\AVSMedia
[08/12/2007|16:13] C:\Program Files\Common Files\Blizzard Entertainment
[26/07/2007|03:40] C:\Program Files\Common Files\DESIGNER
[07/12/2007|18:14] C:\Program Files\Common Files\i4j_jres
[26/07/2007|03:13] C:\Program Files\Common Files\InstallShield
[10/12/2007|09:51] C:\Program Files\Common Files\Java
[26/07/2007|03:11] C:\Program Files\Common Files\LightScribe
[13/02/2008|17:51] C:\Program Files\Common Files\microsoft shared
[26/07/2007|03:11] C:\Program Files\Common Files\muvee Technologies
[26/07/2007|03:11] C:\Program Files\Common Files\NewTech Infosystems
[26/07/2007|03:49] C:\Program Files\Common Files\Oberon Media
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[26/09/2007|09:36] C:\Program Files\Common Files\snp2uvc
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[03/12/2008|14:23] C:\Program Files\Common Files\Steam
[31/10/2008|11:01] C:\Program Files\Common Files\Symantec Shared
[07/10/2008|15:39] C:\Program Files\Common Files\System
[30/11/2007|21:20] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 86 Processes )

iexplore.exe ~ [PID:4640]
iexplore.exe ~ [PID:1284]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\64SoftwareSoftware.8wyj2
C:\ProgramData\64SoftwareSoftware.d40r6
C:\ProgramData\64SoftwareSoftware.rgnpy
C:\ProgramData\64SoftwareSoftware.g3ul1r
C:\ProgramData\64SoftwareSoftware.c6ea42p
C:\ProgramData\64SoftwareSoftware.oos66sh

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Iso Web Bags Else
C:\ProgramData\Iso Web Bags Else\window two.exe
C:\Users\neigel\AppData\Local\Temp\nsb8C3B.tmp
C:\Users\neigel\AppData\Local\Temp\nsbA621.tmp
C:\Users\neigel\AppData\Local\Temp\nsc8892.tmp
C:\Users\neigel\AppData\Local\Temp\nsf1807.tmp
C:\Users\neigel\AppData\Local\Temp\nsf191F.tmp
C:\Users\neigel\AppData\Local\Temp\nsfEBC9.tmp
C:\Users\neigel\AppData\Local\Temp\nsg458A.tmp
C:\Users\neigel\AppData\Local\Temp\nsh6971.tmp
C:\Users\neigel\AppData\Local\Temp\nsiAEA8.tmp
C:\Users\neigel\AppData\Local\Temp\nsjC03.tmp
C:\Users\neigel\AppData\Local\Temp\nsk397C.tmp
C:\Users\neigel\AppData\Local\Temp\nsl6431.tmp
C:\Users\neigel\AppData\Local\Temp\nsmE60E.tmp
C:\Users\neigel\AppData\Local\Temp\nso3A46.tmp
C:\Users\neigel\AppData\Local\Temp\nsq1F38.tmp
C:\Users\neigel\AppData\Local\Temp\nsqF1E2.tmp
C:\Users\neigel\AppData\Local\Temp\nst364D.tmp
C:\Users\neigel\AppData\Local\Temp\nsu2484.tmp
C:\Users\neigel\AppData\Local\Temp\nsu943C.tmp
C:\Users\neigel\AppData\Local\Temp\nsuA65E.tmp
C:\Users\neigel\AppData\Local\Temp\nsxBD19.tmp
C:\Users\neigel\AppData\Local\Temp\nsy60A.tmp
C:\Users\neigel\AppData\Local\Temp\nsz29BB.tmp
C:\Users\neigel\AppData\Local\Temp\nsz7C05.tmp

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Deaf Thunk"="\"C:\\ProgramData\\64SoftwareSoftware.g3ul1r\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 20:47:43
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 33

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:2704][D:121]-> C:\Users\neigel\AppData\Local\Temp
[F:107][D:0]-> C:\Users\neigel\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1906][D:10]-> C:\Users\neigel\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:101][D:7]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - sam. 03/01/2009|20:28 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - sam. 03/01/2009|20:36 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - sam. 03/01/2009|20:49 - Option : [1]

--------------------\\ Fin du rapport a 20:50:00
[ UAC => 1 ]

3 raport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:09, on 3/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Users\neigel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\TuePub\TuePub.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\neigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IV09NKJF\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Deaf Thunk] "C:\ProgramData\64SoftwareSoftware.g3ul1r"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-be.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 3 / 7
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Pourquoi MBAM tout de suite ?
Pourquoi un autre Hijackthis ?

Relance Lop S&D

* Choisis cette fois ci l'Option 2 (Suppression)

* Ne ferme pas la fenêtre lors de la suppression !

* Poste le rapport généré (C:\lopR.txt)

0
Réponse 4 / 7
beliax Messages postés 51 Statut Membre 10
 
Voila et apré ???

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : neigel ( Administrator )
BOOT : Normal boot
Antivirus : Norton AntiVirus 15.0.0.58 (Activated)
Firewall : Norton AntiVirus 15.0.0.58 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:54 Go)
D:\ (Local Disk) - NTFS - Total:111 Go (Free:111 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( sam. 03/01/2009|21:13 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[01/12/2007|21:42] C:\Users\neigel\AppData\Local\Acer Arcade Deluxe
[26/03/2008|09:55] C:\Users\neigel\AppData\Local\acer eNM
[26/01/2008|22:13] C:\Users\neigel\AppData\Local\Adobe
[20/05/2008|15:02] C:\Users\neigel\AppData\Local\Apple
[11/07/2008|17:42] C:\Users\neigel\AppData\Local\Apple Computer
[01/12/2007|01:27] C:\Users\neigel\AppData\Local\Application Data
[03/01/2009|21:12] C:\Users\neigel\AppData\Local\ApplicationHistory
[27/12/2008|19:56] C:\Users\neigel\AppData\Local\d3d9caps.dat
[03/01/2009|14:45] C:\Users\neigel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[01/12/2007|21:43] C:\Users\neigel\AppData\Local\DVDivine
[20/09/2008|06:56] C:\Users\neigel\AppData\Local\fusioncache.dat
[01/12/2007|01:27] C:\Users\neigel\AppData\Local\GDIPFONTCACHEV1.DAT
[01/12/2007|22:18] C:\Users\neigel\AppData\Local\Google
[01/12/2007|01:27] C:\Users\neigel\AppData\Local\Historique
[02/01/2009|21:16] C:\Users\neigel\AppData\Local\IconCache.db
[19/10/2008|13:28] C:\Users\neigel\AppData\Local\Microsoft
[20/06/2008|15:12] C:\Users\neigel\AppData\Local\Microsoft Games
[16/04/2008|15:57] C:\Users\neigel\AppData\Local\Microsoft Help
[08/12/2008|17:53] C:\Users\neigel\AppData\Local\Netlog
[01/12/2007|01:28] C:\Users\neigel\AppData\Local\PlayMovie
[01/12/2007|21:42] C:\Users\neigel\AppData\Local\PowerCinema
[29/12/2007|13:38] C:\Users\neigel\AppData\Local\Steam
[03/01/2009|21:13] C:\Users\neigel\AppData\Local\Temp
[01/12/2007|01:27] C:\Users\neigel\AppData\Local\Temporary Internet Files
[01/12/2007|20:02] C:\Users\neigel\AppData\Local\VirtualStore
[08/01/2008|00:03] C:\Users\neigel\AppData\Local\Windows Live Writer

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[03/01/2009 11:16][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{A9D9D966-7C29-454F-B128-B9FC0080B915}.job
[22/12/2008 20:07][--a------] C:\Windows\tasks\Norton AntiVirus - Effectuer une analyse complŠte du systŠme - neigel.job
[30/11/2007 21:25][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[03/01/2009 21:10][--ah-----] C:\Windows\tasks\SA.DAT
[02/01/2009 21:16][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[26/07/2007|03:43] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[31/10/2008|10:58] C:\ProgramData\Adobe
[11/07/2008|17:39] C:\ProgramData\Apple
[02/11/2006|14:02] C:\ProgramData\Application Data
[02/01/2009|12:53] C:\ProgramData\AVS4YOU
[01/12/2007|01:27] C:\ProgramData\Bureau
[30/11/2007|20:03] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[16/06/2008|17:27] C:\ProgramData\eMule
[01/12/2007|01:27] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[13/04/2008|16:52] C:\ProgramData\Forge of Games
[01/12/2007|22:05] C:\ProgramData\Google
[03/01/2009|19:14] C:\ProgramData\Malwarebytes
[01/12/2007|01:27] C:\ProgramData\Menu D‚marrer
[14/04/2008|19:04] C:\ProgramData\Microsoft
[12/12/2008|09:34] C:\ProgramData\Microsoft Help
[01/12/2007|01:27] C:\ProgramData\ModŠles
[02/11/2006|14:02] C:\ProgramData\Start Menu
[10/10/2008|15:21] C:\ProgramData\Symantec
[02/11/2006|14:02] C:\ProgramData\Templates
[20/10/2008|12:57] C:\ProgramData\WLInstaller
[30/11/2007|20:38] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[26/09/2007|09:24] C:\Program Files\Acer Arcade Deluxe
[26/09/2007|09:37] C:\Program Files\ACER Crystal Eye webcam
[20/09/2008|14:33] C:\Program Files\Acer GameZone
[26/09/2007|09:40] C:\Program Files\Acer Inc
[26/07/2007|03:43] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[31/10/2008|10:57] C:\Program Files\Adobe
[11/07/2008|17:58] C:\Program Files\Adobe Media Player
[07/10/2008|15:39] C:\Program Files\Apoint2K
[11/07/2008|17:39] C:\Program Files\Apple Software Update
[19/09/2008|19:15] C:\Program Files\AviSynth 2.5
[02/01/2009|12:57] C:\Program Files\AVS4YOU
[11/07/2008|17:39] C:\Program Files\Bonjour
[26/01/2008|22:21] C:\Program Files\CamStudio
[02/01/2009|12:51] C:\Program Files\Common Files
[26/07/2007|02:29] C:\Program Files\CONEXANT
[26/07/2007|03:13] C:\Program Files\CyberLink
[26/12/2008|10:10] C:\Program Files\Dofus
[01/12/2007|01:27] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[26/03/2008|09:55] C:\Program Files\Google
[08/11/2008|18:26] C:\Program Files\IconCool Software
[04/07/2008|15:37] C:\Program Files\InstallShield Installation Information
[07/10/2008|15:39] C:\Program Files\Internet Explorer
[10/12/2007|09:52] C:\Program Files\Java
[26/09/2007|09:23] C:\Program Files\Launch Manager
[03/01/2009|19:14] C:\Program Files\Malwarebytes' Anti-Malware
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[26/07/2007|03:43] C:\Program Files\Microsoft Office
[30/11/2007|21:30] C:\Program Files\Microsoft SQL Server Compact Edition
[11/09/2008|19:04] C:\Program Files\Microsoft Works
[26/07/2007|03:40] C:\Program Files\Microsoft.NET
[07/10/2008|15:39] C:\Program Files\Movie Maker
[02/11/2006|13:37] C:\Program Files\MSBuild
[01/12/2007|00:01] C:\Program Files\MSXML 4.0
[26/07/2007|03:11] C:\Program Files\NewTech Infosystems
[22/01/2008|16:51] C:\Program Files\Nobilis
[02/04/2008|14:40] C:\Program Files\Norton AntiVirus
[26/09/2007|09:25] C:\Program Files\Realtek
[19/03/2008|16:58] C:\Program Files\RealVNC
[19/09/2008|19:37] C:\Program Files\Red Kawa
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[24/11/2008|17:23] C:\Program Files\RegCure
[30/01/2008|12:38] C:\Program Files\Sega
[19/09/2008|17:17] C:\Program Files\Sony Setup
[26/09/2007|09:37] C:\Program Files\SUYIN
[05/06/2008|17:29] C:\Program Files\Symantec
[13/09/2008|11:56] C:\Program Files\TrackMania Sunrise
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[29/12/2007|13:30] C:\Program Files\Valve
[07/11/2008|11:38] C:\Program Files\Wakfu
[07/10/2008|15:37] C:\Program Files\Windows Calendar
[07/10/2008|15:39] C:\Program Files\Windows Collaboration
[07/10/2008|15:39] C:\Program Files\Windows Defender
[07/10/2008|15:39] C:\Program Files\Windows Journal
[28/02/2008|08:51] C:\Program Files\Windows Live
[30/11/2007|21:24] C:\Program Files\Windows Live Favorites
[30/11/2007|21:24] C:\Program Files\Windows Live Toolbar
[13/12/2008|00:26] C:\Program Files\Windows Mail
[08/12/2008|17:53] C:\Program Files\Windows Media Player
[01/12/2007|01:27] C:\Program Files\Windows NT
[07/10/2008|15:39] C:\Program Files\Windows Photo Gallery
[07/10/2008|15:39] C:\Program Files\Windows Sidebar

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[31/10/2008|10:58] C:\Program Files\Common Files\Adobe
[02/01/2009|12:57] C:\Program Files\Common Files\AVSMedia
[08/12/2007|16:13] C:\Program Files\Common Files\Blizzard Entertainment
[26/07/2007|03:40] C:\Program Files\Common Files\DESIGNER
[07/12/2007|18:14] C:\Program Files\Common Files\i4j_jres
[26/07/2007|03:13] C:\Program Files\Common Files\InstallShield
[10/12/2007|09:51] C:\Program Files\Common Files\Java
[26/07/2007|03:11] C:\Program Files\Common Files\LightScribe
[13/02/2008|17:51] C:\Program Files\Common Files\microsoft shared
[26/07/2007|03:11] C:\Program Files\Common Files\muvee Technologies
[26/07/2007|03:11] C:\Program Files\Common Files\NewTech Infosystems
[26/07/2007|03:49] C:\Program Files\Common Files\Oberon Media
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[26/09/2007|09:36] C:\Program Files\Common Files\snp2uvc
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[03/12/2008|14:23] C:\Program Files\Common Files\Steam
[31/10/2008|11:01] C:\Program Files\Common Files\Symantec Shared
[07/10/2008|15:39] C:\Program Files\Common Files\System
[30/11/2007|21:20] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 78 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 21:13:46
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 33

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:2678][D:120]-> C:\Users\neigel\AppData\Local\Temp
[F:111][D:0]-> C:\Users\neigel\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2079][D:10]-> C:\Users\neigel\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:101][D:7]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - sam. 03/01/2009|20:28 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - sam. 03/01/2009|20:36 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - sam. 03/01/2009|20:49 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - sam. 03/01/2009|21:06 - Option : [2]
5 - "C:\Lop SD\LopR_5.txt" - sam. 03/01/2009|21:16 - Option : [2]

--------------------\\ Fin du rapport a 21:16:48
[ UAC => 1 ]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Après ?
Normalement c'est là qu'on aurait dû faire MBAM ;-))

As-tu encore des pubs ?
0
Réponse 6 / 7
beliax Messages postés 51 Statut Membre 10
 
au dirai que non merci enfin :) 100 PUB CID PAR jour libre :)
0
Réponse 7 / 7
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
* Télécharge CCleaner.
(attention à l'installation penser à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner).

https://www.pcastuces.com/logitheque/ccleaner.htm
https://www.commentcamarche.net/telecharger/ 168 ccleaner

Installe le dans un répertoire dédié.

Décoche pendant l'installation

--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour

* Lance Ccleaner pour un nettoyage complet :

Déconnecte-toi et ferme toutes les applications en cours
* va dans "nettoyeur" : fait analyse puis nettoyage
* va dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

Tutorial ici :
https://kerio.probb.fr/
https://www.malekal.com/tutoriel-ccleaner/
ET
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
0

Discussions similaires

Ouvrir un fichier .pub sans Publisher
baissaoui -
baissaoui -

0 réponse
Ouvrir document Publisher sans Publisher
Curtis Hayes -
Curtis Hayes -

7 réponses
lire un fichier .pub
xycoco -
Valou -

38 réponses
Lire, afficher, exécuter un fichier *.pub sans Publisher
jeannoellaurenti -
informatique_fujitsu -

1 réponse
Recherche musique air : ta, ti, tatati, tatati et tatata
Mikael -
Binou -

3 réponses