Trojan.DNS et adware.winfixer

Résolu/Fermé
zicore Messages postés 17 Date d'inscription jeudi 6 novembre 2008 Statut Membre Dernière intervention 18 septembre 2013 - 5 janv. 2009 à 21:02
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 9 janv. 2009 à 10:01
Bonjour à la communauté
j'ai des problèmes avec mon ordi et je n'arrive pas à m'en débarasser. Spyware doctor me trouve un trojan.DNs et adware.winfixer. Pouvez vous m'indiquer quoi faire, s'il vous plait.

voici mon rapport highjack :

Logfile of HijackThis v1.99.1
Scan saved at 21:00:56, on 05/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ServoApp.exe
C:\Program Files\MFP Server\App\Common\MFPAgent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MFP Manager] C:\Program Files\MFP Server\MFPAgent.exe -CheckAutoRun
O4 - HKLM\..\Run: [Server Application] C:\WINDOWS\system32\ServoApp.exe
O4 - HKLM\..\Run: [GDI Manager] "C:\Program Files\MFP Server\App\Common\MFPAgent.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [face bin load show] C:\Documents and Settings\All Users\Application Data\title tool face bin\gram start.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S63.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S36.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NameBib] C:\DOCUME~1\nico\APPLIC~1\PROCFI~1\Boremagsdownload.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe


si certains veulent m'indiquer quelque chose, ce sera avec plaisir.

a bientôt

24 réponses

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
5 janv. 2009 à 21:09
Bonsoir zicore,

commence par faire ceci stp :

Option 1 - Recherche :


▶ télécharge smitfraudfix et enregistre le sur le bureau

▶ Ensuite double clique sur smitfraudfix puis exécuter

▶ Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

▶ copier/coller le rapport dans la réponse.


Voici un tutoriel sonore et animé en cas de problème d'utilisation



(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains,
cet utilitaire pourrait arrêter des logiciels de sécurité.)
0
zicore Messages postés 17 Date d'inscription jeudi 6 novembre 2008 Statut Membre Dernière intervention 18 septembre 2013
5 janv. 2009 à 21:35
merci pour la réponse rapide, voilà le rapport :

SmitFraudFix v2.388

Rapport fait à 21:29:54,16, 05/01/2009
Executé à partir de C:\Documents and Settings\nico\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ServoApp.exe
C:\Program Files\MFP Server\App\Common\MFPAgent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nico


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\nico\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nico\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\nico\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: LAN-Express AS IEEE 802.11g miniPCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


qu'en penses tu ?
0
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
5 janv. 2009 à 21:37
ok maintenant fais ceci stp :

Option 2 - Nettoyage :


redémarre le PC en mode sans échec

▶ Double cliquer sur smitfraudfix

▶ Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

▶ A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

▶ Enregistre le rapport sur ton bureau


▶ Redémarrer en mode normal et poster le rapport.
0
zicore Messages postés 17 Date d'inscription jeudi 6 novembre 2008 Statut Membre Dernière intervention 18 septembre 2013
5 janv. 2009 à 22:12
encore merci pour la rapidité de la réponse, voilà ce que tu demandais :

SmitFraudFix v2.388

Rapport fait à 21:48:44,88, 05/01/2009
Executé à partir de C:\Documents and Settings\nico\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


qu'en penses-tu ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
5 janv. 2009 à 22:16
Maintenant fais ceci stp :

- relance SmitfraudFix

- choisi l option 5

- poste le rapport généré à la fin
0
zicore Messages postés 17 Date d'inscription jeudi 6 novembre 2008 Statut Membre Dernière intervention 18 septembre 2013
5 janv. 2009 à 22:20
voilà le rapport :

SmitFraudFix v2.388

Rapport fait à 22:18:27,50, 05/01/2009
Executé à partir de C:\Documents and Settings\nico\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

Description: LAN-Express AS IEEE 802.11g miniPCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240

»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

Description: LAN-Express AS IEEE 802.11g miniPCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D0D023E-626D-4512-A9A3-6168E2198F25}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F3994A66-A0AD-4D46-99BE-FBDB9477BBC4}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F92288D0-DFB5-4DAC-ABE3-2BED100F9B4D}: DhcpNameServer=85.255.116.122,85.255.112.79
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240



???
0
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
5 janv. 2009 à 22:21
On reviendra peut être sur SmitfraudFix plus tard...

▶ Télécharge malwarebyte's anti-malware

▶ Un tutoriel sera à ta disposition sur mon site pour t'aider à l'utiliser.

▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

▶ L'analyse peut durer un bon moment.....

▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum


* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée


Et ensuite refais un nouveau rapport hijackthis stp
0
zicore Messages postés 17 Date d'inscription jeudi 6 novembre 2008 Statut Membre Dernière intervention 18 septembre 2013
6 janv. 2009 à 18:46
alors avec un peu de retard, je renvoie ce que tu avais demandé (en mode sans échec car il avait planté normalement), voici le rapport :

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1619
Windows 5.1.2600 Service Pack 3

06/01/2009 18:18:04
mbam-log-2009-01-06 (18-17-58).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 135199
Temps écoulé: 1 hour(s), 23 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9d0d023e-626d-4512-a9a3-6168e2198f25}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.122,85.255.112.79 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3994a66-a0ad-4d46-99be-fbdb9477bbc4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.122,85.255.112.79 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f92288d0-dfb5-4dac-abe3-2bed100f9b4d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.122,85.255.112.79 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9d0d023e-626d-4512-a9a3-6168e2198f25}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.122,85.255.112.79 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3994a66-a0ad-4d46-99be-fbdb9477bbc4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.122,85.255.112.79 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f92288d0-dfb5-4dac-abe3-2bed100f9b4d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.122,85.255.112.79 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9d0d023e-626d-4512-a9a3-6168e2198f25}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.122,85.255.112.79 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f3994a66-a0ad-4d46-99be-fbdb9477bbc4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.122,85.255.112.79 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f92288d0-dfb5-4dac-abe3-2bed100f9b4d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.122,85.255.112.79 -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


qu'en penses tu ?
merci pour toutes ces indications !
0
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
6 janv. 2009 à 19:48
Bonjour,

je vois que tu n as pas appliqué d action : No action taken

As-tu affiché les résultats et supprimé la liste d infections ??
0
zicore Messages postés 17 Date d'inscription jeudi 6 novembre 2008 Statut Membre Dernière intervention 18 septembre 2013
6 janv. 2009 à 21:23
oui j'ai tout supprimé (comme sur le tutoriel) et spyware doctor me dit que je n'ai plus d'infections (intelligent guard)
ce doit être bon signe ???

(même si je trouve qu'il pédale encore un peu (mais il y a eu de gros progrès))

merci pour toutes ces indications
0
zicore Messages postés 17 Date d'inscription jeudi 6 novembre 2008 Statut Membre Dernière intervention 18 septembre 2013
6 janv. 2009 à 21:51
c'eut été trop beau il pédale encore et après uune nouvelle analyse il me dit que j'ai un trojan.lop_com
qu'en penses tu ?
0
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
6 janv. 2009 à 22:13
Pour vérifier :

▶ Double clique sur smitfraudfix puis exécuter

▶ Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

▶ copier/coller le rapport dans la réponse.
0
zicore Messages postés 17 Date d'inscription jeudi 6 novembre 2008 Statut Membre Dernière intervention 18 septembre 2013
6 janv. 2009 à 22:51
voila voila :

SmitFraudFix v2.388

Rapport fait à 22:44:23,17, 06/01/2009
Executé à partir de C:\Documents and Settings\nico\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ServoApp.exe
C:\Program Files\MFP Server\App\Common\MFPAgent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nico


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\nico\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nico\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\nico\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: LAN-Express AS IEEE 802.11g miniPCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B5D7A8E0-8D80-459A-896E-E85B3C4080E5}: DhcpNameServer=212.27.40.241 212.27.40.240


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
6 janv. 2009 à 22:54
Ok les trojans DNS ont été supprimés... Maintenant fais ceci stp :

▶ Télécharger et enregistrer lopSD sur le Bureau

▶ Double-clic Lop S&D

▶ Faire l'installation

▶ Fermer toutes les applications

▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

▶ Taper F pour français , puis presser entrée

▶ Taper 1

▶ Presser Entrée

▶ Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

▶ Attendre l'apparition du rapport
▶ Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR
0
zicore Messages postés 17 Date d'inscription jeudi 6 novembre 2008 Statut Membre Dernière intervention 18 septembre 2013
6 janv. 2009 à 23:10
le pc n'a pas redémarré mais voilà le rapport de lop :

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : PhoenixBIOS 4.0 Release 6.0
USER : nico ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:27 Go (Free:8 Go)
D:\ (Local Disk) - NTFS - Total:27 Go (Free:8 Go)
E:\ (USB)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 06/01/2009|22:59 )

--------------------\\ Listing des dossiers dans APPLIC~1

[27/04/2005|10:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[27/04/2005|10:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Drag'n Drop CD+DVD
[12/11/2003|16:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[12/11/2003|16:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[27/04/2005|10:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[13/11/2003|09:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[13/11/2003|10:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[27/04/2005|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/01/2009|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
[29/08/2007|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[06/11/2006|14:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[12/02/2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[08/03/2008|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[03/11/2008|20:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[18/09/2006|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[16/10/2007|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[03/01/2009|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[05/01/2009|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[03/01/2009|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15/06/2008|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[27/04/2005|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[12/11/2003|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/04/2005|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[04/03/2007|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[29/12/2008|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[22/05/2006|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06/01/2009|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04/01/2009|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin
[03/11/2008|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[27/04/2005|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VAIO Media Platform
[28/06/2006|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[21/02/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[04/03/2007|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[27/04/2005|10:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[27/04/2005|10:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Drag'n Drop CD+DVD
[12/11/2003|16:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[12/11/2003|16:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[27/04/2005|10:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[13/11/2003|09:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[13/11/2003|10:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[12/02/2007|18:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[27/04/2005|10:28] C:\DOCUME~1\losotros\APPLIC~1\Adobe
[27/04/2005|10:52] C:\DOCUME~1\losotros\APPLIC~1\Drag'n Drop CD+DVD
[12/11/2003|16:44] C:\DOCUME~1\losotros\APPLIC~1\Identities
[02/11/2005|18:02] C:\DOCUME~1\losotros\APPLIC~1\Macromedia
[12/02/2007|18:44] C:\DOCUME~1\losotros\APPLIC~1\Microsoft
[27/04/2005|10:24] C:\DOCUME~1\losotros\APPLIC~1\Real
[13/11/2003|09:53] C:\DOCUME~1\losotros\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\losotros\APPLIC~1\Sun
[13/11/2003|10:29] C:\DOCUME~1\losotros\APPLIC~1\Symantec
[22/11/2005|20:23] C:\DOCUME~1\losotros\APPLIC~1\WinPatrol

[12/02/2007|18:44] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[31/08/2008|14:35] C:\DOCUME~1\nico\APPLIC~1\Adobe
[31/08/2008|14:55] C:\DOCUME~1\nico\APPLIC~1\AdobeUM
[27/04/2006|15:59] C:\DOCUME~1\nico\APPLIC~1\Apple Computer
[30/11/2008|23:47] C:\DOCUME~1\nico\APPLIC~1\Azureus
[27/04/2005|10:52] C:\DOCUME~1\nico\APPLIC~1\Drag'n Drop CD+DVD
[15/03/2008|21:04] C:\DOCUME~1\nico\APPLIC~1\FileZilla
[01/02/2007|21:33] C:\DOCUME~1\nico\APPLIC~1\Google
[19/05/2005|17:51] C:\DOCUME~1\nico\APPLIC~1\Help
[12/11/2003|16:44] C:\DOCUME~1\nico\APPLIC~1\Identities
[14/10/2008|17:48] C:\DOCUME~1\nico\APPLIC~1\IndexEducation
[13/10/2008|17:49] C:\DOCUME~1\nico\APPLIC~1\InstallShield
[09/05/2005|19:04] C:\DOCUME~1\nico\APPLIC~1\InterVideo
[03/01/2009|19:29] C:\DOCUME~1\nico\APPLIC~1\Lavasoft
[07/05/2005|17:00] C:\DOCUME~1\nico\APPLIC~1\Macromedia
[05/01/2009|22:26] C:\DOCUME~1\nico\APPLIC~1\Malwarebytes
[05/11/2008|20:18] C:\DOCUME~1\nico\APPLIC~1\Microsoft
[08/05/2005|18:09] C:\DOCUME~1\nico\APPLIC~1\Microsoft Web Folders
[06/11/2008|17:14] C:\DOCUME~1\nico\APPLIC~1\MSN6
[06/01/2009|22:00] C:\DOCUME~1\nico\APPLIC~1\OpenOffice.org2
[29/12/2008|10:53] C:\DOCUME~1\nico\APPLIC~1\PC Tools
[04/01/2009|14:45] C:\DOCUME~1\nico\APPLIC~1\Proc film
[18/05/2005|16:50] C:\DOCUME~1\nico\APPLIC~1\Real
[06/04/2008|19:47] C:\DOCUME~1\nico\APPLIC~1\SecuROM
[15/12/2007|17:16] C:\DOCUME~1\nico\APPLIC~1\Snapfish
[13/11/2003|09:53] C:\DOCUME~1\nico\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\nico\APPLIC~1\Sun
[29/12/2008|11:29] C:\DOCUME~1\nico\APPLIC~1\SUPERAntiSpyware.com
[13/11/2003|10:29] C:\DOCUME~1\nico\APPLIC~1\Symantec
[10/04/2008|20:56] C:\DOCUME~1\nico\APPLIC~1\temp
[29/09/2007|20:14] C:\DOCUME~1\nico\APPLIC~1\U3
[05/11/2007|18:54] C:\DOCUME~1\nico\APPLIC~1\vlc
[05/11/2005|17:51] C:\DOCUME~1\nico\APPLIC~1\WinPatrol

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[06/01/2009 22:00][--ah-----] C:\WINDOWS\tasks\AC9DF273918A64A7.job
[06/01/2009 22:06][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[04/11/2008 14:19][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[06/01/2009 21:57][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AC9DF273918A64A7.job )=( c:\docume~1\nico\applic~1\procfi~1\BAITACTIVEHECK.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[03/11/2008|20:00] C:\Program Files\ABBYY FineReader 6.0 Sprint
[31/08/2008|14:28] C:\Program Files\Adobe
[12/02/2007|18:42] C:\Program Files\Alwil Software
[06/01/2009|18:23] C:\Program Files\AntiVir PersonalEdition Classic
[18/08/2008|12:45] C:\Program Files\Apple Software Update
[12/11/2003|17:16] C:\Program Files\ATI Technologies
[05/11/2005|17:22] C:\Program Files\AVIcodec
[21/05/2006|10:45] C:\Program Files\AxBx
[05/11/2005|17:31] C:\Program Files\Axon Data
[05/11/2005|17:51] C:\Program Files\BillP Studios
[18/08/2008|12:41] C:\Program Files\Bonjour
[04/03/2007|16:30] C:\Program Files\CCleaner
[12/11/2003|17:11] C:\Program Files\Common Files
[12/11/2003|16:41] C:\Program Files\ComPlus Applications
[12/11/2003|16:37] C:\Program Files\CONEXANT
[19/09/2005|14:50] C:\Program Files\DivX
[27/04/2005|10:46] C:\Program Files\drag'n drop cd+dvd
[07/05/2005|16:55] C:\Program Files\ECI Telecom
[06/04/2008|20:13] C:\Program Files\Electronic Arts
[06/11/2008|17:27] C:\Program Files\epson
[17/10/2007|06:45] C:\Program Files\Everest Poker
[05/01/2009|18:32] C:\Program Files\Fichiers communs
[08/03/2008|12:02] C:\Program Files\FileZilla FTP Client
[05/11/2007|18:47] C:\Program Files\Freeplayer
[06/01/2008|20:55] C:\Program Files\Google
[15/02/2007|20:02] C:\Program Files\Grisoft
[02/09/2008|13:49] C:\Program Files\Guitar Pro 5
[05/01/2009|21:00] C:\Program Files\Hijackthis Version Fran‡aise
[09/02/2007|14:05] C:\Program Files\IncrediMail
[05/11/2008|11:52] C:\Program Files\InstallShield Installation Information
[10/12/2008|23:38] C:\Program Files\Internet Explorer
[13/11/2003|10:00] C:\Program Files\InterVideo
[18/08/2008|12:43] C:\Program Files\iPod
[18/08/2008|12:43] C:\Program Files\iTunes
[05/11/2005|17:07] C:\Program Files\IZArc
[06/12/2008|14:20] C:\Program Files\Java
[03/10/2005|17:23] C:\Program Files\JeCreeMaCuisineAvecLeroyMerlin
[12/11/2003|17:14] C:\Program Files\LanExpress
[03/01/2009|19:38] C:\Program Files\Lavasoft
[22/04/2006|14:27] C:\Program Files\LitexMedia
[05/01/2009|22:26] C:\Program Files\Malwarebytes' Anti-Malware
[21/08/2008|11:13] C:\Program Files\Messenger
[06/11/2008|17:25] C:\Program Files\MFP Server
[22/02/2008|00:39] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[08/05/2005|18:09] C:\Program Files\microsoft frontpage
[08/05/2005|18:09] C:\Program Files\Microsoft Office
[08/05/2005|18:16] C:\Program Files\Microsoft Visual Studio
[27/04/2005|10:50] C:\Program Files\Microsoft Works
[27/04/2005|10:39] C:\Program Files\MoodLogic
[21/08/2008|11:06] C:\Program Files\Movie Maker
[05/11/2008|21:47] C:\Program Files\MSN
[12/11/2003|16:40] C:\Program Files\MSN Gaming Zone
[28/05/2007|15:22] C:\Program Files\Multi_Media_France
[21/08/2008|10:58] C:\Program Files\NetMeeting
[05/12/2007|18:16] C:\Program Files\OpenOffice.org 2.3
[21/08/2008|10:58] C:\Program Files\Outlook Express
[04/01/2009|14:45] C:\Program Files\Proc film
[18/08/2008|12:40] C:\Program Files\QuickTime
[08/05/2005|11:15] C:\Program Files\QuickZip4
[27/04/2005|10:24] C:\Program Files\Real
[18/08/2008|12:30] C:\Program Files\Safari
[12/11/2003|16:42] C:\Program Files\Services en ligne
[27/04/2005|10:46] C:\Program Files\sony
[13/11/2003|09:52] C:\Program Files\Sony Corporation
[08/12/2005|21:47] C:\Program Files\Sports Interactive
[04/03/2007|15:32] C:\Program Files\Spybot - Search & Destroy
[06/01/2009|18:49] C:\Program Files\Spyware Doctor
[05/01/2009|18:32] C:\Program Files\SUPERAntiSpyware
[12/11/2003|17:12] C:\Program Files\Synaptics
[05/11/2005|17:16] C:\Program Files\ToniArts
[18/05/2005|16:16] C:\Program Files\Trend Micro
[30/06/2008|21:25] C:\Program Files\UBISOFT
[12/11/2003|17:02] C:\Program Files\Uninstall Information
[21/05/2007|18:25] C:\Program Files\vanBasco's Karaoke Player
[29/01/2006|22:20] C:\Program Files\VideoLAN
[05/11/2005|17:58] C:\Program Files\vso
[14/09/2005|06:48] C:\Program Files\Wanadoo
[29/12/2008|10:46] C:\Program Files\Windows Live
[21/02/2008|11:34] C:\Program Files\Windows Live Favorites
[21/02/2008|11:35] C:\Program Files\Windows Live Toolbar
[11/01/2007|18:39] C:\Program Files\Windows Media Connect 2
[21/08/2008|10:58] C:\Program Files\Windows Media Player
[21/08/2008|10:58] C:\Program Files\Windows NT
[07/05/2005|15:15] C:\Program Files\WindowsUpdate
[12/11/2003|16:45] C:\Program Files\xerox
[04/03/2007|16:29] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[31/08/2008|14:49] C:\Program Files\Fichiers communs\Adobe
[29/08/2007|21:26] C:\Program Files\Fichiers communs\Apple
[08/05/2005|18:16] C:\Program Files\Fichiers communs\Designer
[03/11/2008|20:04] C:\Program Files\Fichiers communs\InstallShield
[13/11/2003|09:59] C:\Program Files\Fichiers communs\Java
[21/02/2008|11:34] C:\Program Files\Fichiers communs\Microsoft Shared
[12/11/2003|16:42] C:\Program Files\Fichiers communs\MSSoap
[12/11/2003|16:35] C:\Program Files\Fichiers communs\ODBC
[18/05/2005|16:44] C:\Program Files\Fichiers communs\Real
[12/11/2003|16:42] C:\Program Files\Fichiers communs\Services
[27/04/2005|10:45] C:\Program Files\Fichiers communs\Sony Shared
[12/11/2003|16:35] C:\Program Files\Fichiers communs\SpeechEngines
[22/05/2006|15:53] C:\Program Files\Fichiers communs\Symantec Shared
[21/08/2008|10:58] C:\Program Files\Fichiers communs\System
[21/02/2008|11:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[18/05/2005|16:45] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 56 Processes )

IEXPLORE.EXE ~ [PID:1520]
IEXPLORE.EXE ~ [PID:1948]
iexplore.exe ~ [PID:3788]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\nico\APPLIC~1\PROCFI~1
C:\DOCUME~1\nico\APPLIC~1\PROCFI~1\BAIT ACTIVE HECK.exe
C:\DOCUME~1\nico\APPLIC~1\PROCFI~1\Boremagsdownload.exe
C:\DOCUME~1\nico\APPLIC~1\PROCFI~1\czqfzibg.exe
C:\DOCUME~1\nico\APPLIC~1\PROCFI~1\ixxvaeme.exe
C:\DOCUME~1\nico\APPLIC~1\PROCFI~1\tarrzkij.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin
C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin\gram start.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin\gram start.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin\Inter send.exe
C:\DOCUME~1\nico\APPLIC~1\procfi~1
C:\DOCUME~1\nico\APPLIC~1\procfi~1\BAIT ACTIVE HECK.exe
C:\DOCUME~1\nico\APPLIC~1\procfi~1\Boremagsdownload.exe
C:\DOCUME~1\nico\APPLIC~1\procfi~1\czqfzibg.exe
C:\DOCUME~1\nico\APPLIC~1\procfi~1\ixxvaeme.exe
C:\DOCUME~1\nico\APPLIC~1\procfi~1\tarrzkij.exe
C:\Program Files\procfi~1
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\DOCUME~1\nico\Cookies\nico@adopt.euroclick[1].txt
C:\DOCUME~1\nico\Cookies\nico@partypoker[2].txt
C:\WINDOWS\Tasks\AC9DF273918A64A7.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\deletetraydate]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\nico\\APPLIC~1\\PROCFI~1\\Boremagsdownload.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NameBib"="C:\\DOCUME~1\\nico\\APPLIC~1\\PROCFI~1\\Boremagsdownload.exe"
"NameBib"="C:\\DOCUME~1\\nico\\APPLIC~1\\PROCFI~1\\Boremagsdownload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"face bin load show"="C:\\Documents and Settings\\All Users\\Application Data\\title tool face bin\\gram start.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 23:02:44
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:24][D:9]-> C:\DOCUME~1\nico\LOCALS~1\Temp
[F:80][D:0]-> C:\DOCUME~1\nico\Cookies
[F:2217][D:8]-> C:\DOCUME~1\nico\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 06/01/2009|23:06 - Option : [1]

--------------------\\ Fin du rapport a 23:06:13
0
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
6 janv. 2009 à 23:38
ok maintenant fais ceci stp :

▶ Relance Lop S&D

▶ Choisis cette fois-ci l'option 2 (Suppression)

▶ Ne ferme pas la fenêtre lors de la suppression !

▶ Poste le rapport généré (C:\lopR.txt)

* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)


ensuite :


▶ Télécharge a-squared free 3.5

▶ Voici un tutoriel pour bien l utiliser.

▶ fais la mise à jour et une analyse complète.

▶ poste le rapport stp

ensuite refais un nouveau rapport hijackthis stp
0
zicore Messages postés 17 Date d'inscription jeudi 6 novembre 2008 Statut Membre Dernière intervention 18 septembre 2013
7 janv. 2009 à 21:41
avec un peu de retard mais j'ai tout :

rapport lop :


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : PhoenixBIOS 4.0 Release 6.0
USER : nico ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:27 Go (Free:8 Go)
D:\ (Local Disk) - NTFS - Total:27 Go (Free:8 Go)
E:\ (USB)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 06/01/2009|22:59 )

--------------------\\ Listing des dossiers dans APPLIC~1

[27/04/2005|10:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[27/04/2005|10:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Drag'n Drop CD+DVD
[12/11/2003|16:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[12/11/2003|16:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[27/04/2005|10:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[13/11/2003|09:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[13/11/2003|10:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[27/04/2005|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/01/2009|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
[29/08/2007|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[06/11/2006|14:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[12/02/2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[08/03/2008|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[03/11/2008|20:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[18/09/2006|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[16/10/2007|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[03/01/2009|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[05/01/2009|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[03/01/2009|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15/06/2008|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[27/04/2005|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[12/11/2003|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/04/2005|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[04/03/2007|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[29/12/2008|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[22/05/2006|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06/01/2009|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04/01/2009|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin
[03/11/2008|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[27/04/2005|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VAIO Media Platform
[28/06/2006|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[21/02/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[04/03/2007|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[27/04/2005|10:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[27/04/2005|10:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Drag'n Drop CD+DVD
[12/11/2003|16:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[12/11/2003|16:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[27/04/2005|10:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[13/11/2003|09:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[13/11/2003|10:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[12/02/2007|18:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[27/04/2005|10:28] C:\DOCUME~1\losotros\APPLIC~1\Adobe
[27/04/2005|10:52] C:\DOCUME~1\losotros\APPLIC~1\Drag'n Drop CD+DVD
[12/11/2003|16:44] C:\DOCUME~1\losotros\APPLIC~1\Identities
[02/11/2005|18:02] C:\DOCUME~1\losotros\APPLIC~1\Macromedia
[12/02/2007|18:44] C:\DOCUME~1\losotros\APPLIC~1\Microsoft
[27/04/2005|10:24] C:\DOCUME~1\losotros\APPLIC~1\Real
[13/11/2003|09:53] C:\DOCUME~1\losotros\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\losotros\APPLIC~1\Sun
[13/11/2003|10:29] C:\DOCUME~1\losotros\APPLIC~1\Symantec
[22/11/2005|20:23] C:\DOCUME~1\losotros\APPLIC~1\WinPatrol

[12/02/2007|18:44] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[31/08/2008|14:35] C:\DOCUME~1\nico\APPLIC~1\Adobe
[31/08/2008|14:55] C:\DOCUME~1\nico\APPLIC~1\AdobeUM
[27/04/2006|15:59] C:\DOCUME~1\nico\APPLIC~1\Apple Computer
[30/11/2008|23:47] C:\DOCUME~1\nico\APPLIC~1\Azureus
[27/04/2005|10:52] C:\DOCUME~1\nico\APPLIC~1\Drag'n Drop CD+DVD
[15/03/2008|21:04] C:\DOCUME~1\nico\APPLIC~1\FileZilla
[01/02/2007|21:33] C:\DOCUME~1\nico\APPLIC~1\Google
[19/05/2005|17:51] C:\DOCUME~1\nico\APPLIC~1\Help
[12/11/2003|16:44] C:\DOCUME~1\nico\APPLIC~1\Identities
[14/10/2008|17:48] C:\DOCUME~1\nico\APPLIC~1\IndexEducation
[13/10/2008|17:49] C:\DOCUME~1\nico\APPLIC~1\InstallShield
[09/05/2005|19:04] C:\DOCUME~1\nico\APPLIC~1\InterVideo
[03/01/2009|19:29] C:\DOCUME~1\nico\APPLIC~1\Lavasoft
[07/05/2005|17:00] C:\DOCUME~1\nico\APPLIC~1\Macromedia
[05/01/2009|22:26] C:\DOCUME~1\nico\APPLIC~1\Malwarebytes
[05/11/2008|20:18] C:\DOCUME~1\nico\APPLIC~1\Microsoft
[08/05/2005|18:09] C:\DOCUME~1\nico\APPLIC~1\Microsoft Web Folders
[06/11/2008|17:14] C:\DOCUME~1\nico\APPLIC~1\MSN6
[06/01/2009|22:00] C:\DOCUME~1\nico\APPLIC~1\OpenOffice.org2
[29/12/2008|10:53] C:\DOCUME~1\nico\APPLIC~1\PC Tools
[04/01/2009|14:45] C:\DOCUME~1\nico\APPLIC~1\Proc film
[18/05/2005|16:50] C:\DOCUME~1\nico\APPLIC~1\Real
[06/04/2008|19:47] C:\DOCUME~1\nico\APPLIC~1\SecuROM
[15/12/2007|17:16] C:\DOCUME~1\nico\APPLIC~1\Snapfish
[13/11/2003|09:53] C:\DOCUME~1\nico\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\nico\APPLIC~1\Sun
[29/12/2008|11:29] C:\DOCUME~1\nico\APPLIC~1\SUPERAntiSpyware.com
[13/11/2003|10:29] C:\DOCUME~1\nico\APPLIC~1\Symantec
[10/04/2008|20:56] C:\DOCUME~1\nico\APPLIC~1\temp
[29/09/2007|20:14] C:\DOCUME~1\nico\APPLIC~1\U3
[05/11/2007|18:54] C:\DOCUME~1\nico\APPLIC~1\vlc
[05/11/2005|17:51] C:\DOCUME~1\nico\APPLIC~1\WinPatrol

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[06/01/2009 22:00][--ah-----] C:\WINDOWS\tasks\AC9DF273918A64A7.job
[06/01/2009 22:06][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[04/11/2008 14:19][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[06/01/2009 21:57][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AC9DF273918A64A7.job )=( c:\docume~1\nico\applic~1\procfi~1\BAITACTIVEHECK.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[03/11/2008|20:00] C:\Program Files\ABBYY FineReader 6.0 Sprint
[31/08/2008|14:28] C:\Program Files\Adobe
[12/02/2007|18:42] C:\Program Files\Alwil Software
[06/01/2009|18:23] C:\Program Files\AntiVir PersonalEdition Classic
[18/08/2008|12:45] C:\Program Files\Apple Software Update
[12/11/2003|17:16] C:\Program Files\ATI Technologies
[05/11/2005|17:22] C:\Program Files\AVIcodec
[21/05/2006|10:45] C:\Program Files\AxBx
[05/11/2005|17:31] C:\Program Files\Axon Data
[05/11/2005|17:51] C:\Program Files\BillP Studios
[18/08/2008|12:41] C:\Program Files\Bonjour
[04/03/2007|16:30] C:\Program Files\CCleaner
[12/11/2003|17:11] C:\Program Files\Common Files
[12/11/2003|16:41] C:\Program Files\ComPlus Applications
[12/11/2003|16:37] C:\Program Files\CONEXANT
[19/09/2005|14:50] C:\Program Files\DivX
[27/04/2005|10:46] C:\Program Files\drag'n drop cd+dvd
[07/05/2005|16:55] C:\Program Files\ECI Telecom
[06/04/2008|20:13] C:\Program Files\Electronic Arts
[06/11/2008|17:27] C:\Program Files\epson
[17/10/2007|06:45] C:\Program Files\Everest Poker
[05/01/2009|18:32] C:\Program Files\Fichiers communs
[08/03/2008|12:02] C:\Program Files\FileZilla FTP Client
[05/11/2007|18:47] C:\Program Files\Freeplayer
[06/01/2008|20:55] C:\Program Files\Google
[15/02/2007|20:02] C:\Program Files\Grisoft
[02/09/2008|13:49] C:\Program Files\Guitar Pro 5
[05/01/2009|21:00] C:\Program Files\Hijackthis Version Fran‡aise
[09/02/2007|14:05] C:\Program Files\IncrediMail
[05/11/2008|11:52] C:\Program Files\InstallShield Installation Information
[10/12/2008|23:38] C:\Program Files\Internet Explorer
[13/11/2003|10:00] C:\Program Files\InterVideo
[18/08/2008|12:43] C:\Program Files\iPod
[18/08/2008|12:43] C:\Program Files\iTunes
[05/11/2005|17:07] C:\Program Files\IZArc
[06/12/2008|14:20] C:\Program Files\Java
[03/10/2005|17:23] C:\Program Files\JeCreeMaCuisineAvecLeroyMerlin
[12/11/2003|17:14] C:\Program Files\LanExpress
[03/01/2009|19:38] C:\Program Files\Lavasoft
[22/04/2006|14:27] C:\Program Files\LitexMedia
[05/01/2009|22:26] C:\Program Files\Malwarebytes' Anti-Malware
[21/08/2008|11:13] C:\Program Files\Messenger
[06/11/2008|17:25] C:\Program Files\MFP Server
[22/02/2008|00:39] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[08/05/2005|18:09] C:\Program Files\microsoft frontpage
[08/05/2005|18:09] C:\Program Files\Microsoft Office
[08/05/2005|18:16] C:\Program Files\Microsoft Visual Studio
[27/04/2005|10:50] C:\Program Files\Microsoft Works
[27/04/2005|10:39] C:\Program Files\MoodLogic
[21/08/2008|11:06] C:\Program Files\Movie Maker
[05/11/2008|21:47] C:\Program Files\MSN
[12/11/2003|16:40] C:\Program Files\MSN Gaming Zone
[28/05/2007|15:22] C:\Program Files\Multi_Media_France
[21/08/2008|10:58] C:\Program Files\NetMeeting
[05/12/2007|18:16] C:\Program Files\OpenOffice.org 2.3
[21/08/2008|10:58] C:\Program Files\Outlook Express
[04/01/2009|14:45] C:\Program Files\Proc film
[18/08/2008|12:40] C:\Program Files\QuickTime
[08/05/2005|11:15] C:\Program Files\QuickZip4
[27/04/2005|10:24] C:\Program Files\Real
[18/08/2008|12:30] C:\Program Files\Safari
[12/11/2003|16:42] C:\Program Files\Services en ligne
[27/04/2005|10:46] C:\Program Files\sony
[13/11/2003|09:52] C:\Program Files\Sony Corporation
[08/12/2005|21:47] C:\Program Files\Sports Interactive
[04/03/2007|15:32] C:\Program Files\Spybot - Search & Destroy
[06/01/2009|18:49] C:\Program Files\Spyware Doctor
[05/01/2009|18:32] C:\Program Files\SUPERAntiSpyware
[12/11/2003|17:12] C:\Program Files\Synaptics
[05/11/2005|17:16] C:\Program Files\ToniArts
[18/05/2005|16:16] C:\Program Files\Trend Micro
[30/06/2008|21:25] C:\Program Files\UBISOFT
[12/11/2003|17:02] C:\Program Files\Uninstall Information
[21/05/2007|18:25] C:\Program Files\vanBasco's Karaoke Player
[29/01/2006|22:20] C:\Program Files\VideoLAN
[05/11/2005|17:58] C:\Program Files\vso
[14/09/2005|06:48] C:\Program Files\Wanadoo
[29/12/2008|10:46] C:\Program Files\Windows Live
[21/02/2008|11:34] C:\Program Files\Windows Live Favorites
[21/02/2008|11:35] C:\Program Files\Windows Live Toolbar
[11/01/2007|18:39] C:\Program Files\Windows Media Connect 2
[21/08/2008|10:58] C:\Program Files\Windows Media Player
[21/08/2008|10:58] C:\Program Files\Windows NT
[07/05/2005|15:15] C:\Program Files\WindowsUpdate
[12/11/2003|16:45] C:\Program Files\xerox
[04/03/2007|16:29] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[31/08/2008|14:49] C:\Program Files\Fichiers communs\Adobe
[29/08/2007|21:26] C:\Program Files\Fichiers communs\Apple
[08/05/2005|18:16] C:\Program Files\Fichiers communs\Designer
[03/11/2008|20:04] C:\Program Files\Fichiers communs\InstallShield
[13/11/2003|09:59] C:\Program Files\Fichiers communs\Java
[21/02/2008|11:34] C:\Program Files\Fichiers communs\Microsoft Shared
[12/11/2003|16:42] C:\Program Files\Fichiers communs\MSSoap
[12/11/2003|16:35] C:\Program Files\Fichiers communs\ODBC
[18/05/2005|16:44] C:\Program Files\Fichiers communs\Real
[12/11/2003|16:42] C:\Program Files\Fichiers communs\Services
[27/04/2005|10:45] C:\Program Files\Fichiers communs\Sony Shared
[12/11/2003|16:35] C:\Program Files\Fichiers communs\SpeechEngines
[22/05/2006|15:53] C:\Program Files\Fichiers communs\Symantec Shared
[21/08/2008|10:58] C:\Program Files\Fichiers communs\System
[21/02/2008|11:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[18/05/2005|16:45] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 56 Processes )

IEXPLORE.EXE ~ [PID:1520]
IEXPLORE.EXE ~ [PID:1948]
iexplore.exe ~ [PID:3788]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\nico\APPLIC~1\PROCFI~1
C:\DOCUME~1\nico\APPLIC~1\PROCFI~1\BAIT ACTIVE HECK.exe
C:\DOCUME~1\nico\APPLIC~1\PROCFI~1\Boremagsdownload.exe
C:\DOCUME~1\nico\APPLIC~1\PROCFI~1\czqfzibg.exe
C:\DOCUME~1\nico\APPLIC~1\PROCFI~1\ixxvaeme.exe
C:\DOCUME~1\nico\APPLIC~1\PROCFI~1\tarrzkij.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin
C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin\gram start.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin\gram start.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin\Inter send.exe
C:\DOCUME~1\nico\APPLIC~1\procfi~1
C:\DOCUME~1\nico\APPLIC~1\procfi~1\BAIT ACTIVE HECK.exe
C:\DOCUME~1\nico\APPLIC~1\procfi~1\Boremagsdownload.exe
C:\DOCUME~1\nico\APPLIC~1\procfi~1\czqfzibg.exe
C:\DOCUME~1\nico\APPLIC~1\procfi~1\ixxvaeme.exe
C:\DOCUME~1\nico\APPLIC~1\procfi~1\tarrzkij.exe
C:\Program Files\procfi~1
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\DOCUME~1\nico\Cookies\nico@adopt.euroclick[1].txt
C:\DOCUME~1\nico\Cookies\nico@partypoker[2].txt
C:\WINDOWS\Tasks\AC9DF273918A64A7.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\deletetraydate]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\nico\\APPLIC~1\\PROCFI~1\\Boremagsdownload.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NameBib"="C:\\DOCUME~1\\nico\\APPLIC~1\\PROCFI~1\\Boremagsdownload.exe"
"NameBib"="C:\\DOCUME~1\\nico\\APPLIC~1\\PROCFI~1\\Boremagsdownload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"face bin load show"="C:\\Documents and Settings\\All Users\\Application Data\\title tool face bin\\gram start.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 23:02:44
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:24][D:9]-> C:\DOCUME~1\nico\LOCALS~1\Temp
[F:80][D:0]-> C:\DOCUME~1\nico\Cookies
[F:2217][D:8]-> C:\DOCUME~1\nico\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 06/01/2009|23:06 - Option : [1]

--------------------\\ Fin du rapport a 23:06:13


rapport a squarred free :

ersion - a-squared Free 4.0
Dernière mise à jour : 07/01/2009 17:26:21

Paramètres des balayages :

Éléments : Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Balaye dans les archives : Marche
Analyse heuristique : Marche
Balaye dans les ADS : Marche

Début du balayage : 07/01/2009 19:28:56

C:\Documents and Settings\nico\Cookies\nico@commentcamarche[1].txt Objets détectés : Trace.TrackingCookie.com!A2
C:\Documents and Settings\nico\Cookies\nico@mediatraffic[1].txt Objets détectés : Trace.TrackingCookie.media!A2
C:\Documents and Settings\nico\Cookies\nico@sexxxdoll[2].txt Objets détectés : Trace.TrackingCookie.sex!A2
C:\Documents and Settings\nico\Cookies\nico@weborama[1].txt Objets détectés : Trace.TrackingCookie.weborama!A2
C:\Documents and Settings\nico\Cookies\nico@www.buy404s[2].txt Objets détectés : Trace.TrackingCookie.www.buy!A2

Analysé

Fichiers : 211057
Traces : 598424
Cookies : 99
Processus : 52

Objets trouvés

Fichiers : 0
Traces : 0
Cookies : 5
Processus : 0
Clés de Registre : 0

Fin du balayage : 07/01/2009 21:25:07
Temps du balayage : 1:56:11

C:\Documents and Settings\nico\Cookies\nico@www.buy404s[2].txt Objets Supprimés Trace.TrackingCookie.www.buy!A2
C:\Documents and Settings\nico\Cookies\nico@weborama[1].txt Objets Supprimés Trace.TrackingCookie.weborama!A2
C:\Documents and Settings\nico\Cookies\nico@sexxxdoll[2].txt Objets Supprimés Trace.TrackingCookie.sex!A2
C:\Documents and Settings\nico\Cookies\nico@mediatraffic[1].txt Objets Supprimés Trace.TrackingCookie.media!A2
C:\Documents and Settings\nico\Cookies\nico@commentcamarche[1].txt Objets Supprimés Trace.TrackingCookie.com!A2

Objets Supprimés

Fichiers : 0
Traces : 0
Cookies : 5


rapport highjack :

Logfile of HijackThis v1.99.1
Scan saved at 21:36:09, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ServoApp.exe
C:\Program Files\MFP Server\App\Common\MFPAgent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MFP Manager] C:\Program Files\MFP Server\MFPAgent.exe -CheckAutoRun
O4 - HKLM\..\Run: [Server Application] C:\WINDOWS\system32\ServoApp.exe
O4 - HKLM\..\Run: [GDI Manager] "C:\Program Files\MFP Server\App\Common\MFPAgent.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S63.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S36.tmp" /EF "HKCU"
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe



l'ordi semble fonctionner à nouveau plus rapidement.

que penses tu des rapports ?
0
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
8 janv. 2009 à 01:44
Re,

tu n as pas posté le bon rapport de lopSD, tu as posté le rapport de la recherche...

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

puis tu cliques sur fix checked.

ensuite :

désinstalle les versions adobe reader 6.0 et 7.0 et télécharge la dernière version à cette adresse :

https://get2.adobe.com/reader/otherversions/

ensuite :

▶ Télécharge JavaRa.zip

▶ Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)

▶ Double-clique sur le répertoire JavaRa obtenu.

▶ Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)

▶ Clique sur Search For Updates.

▶ Sélectionne Update Using jucheck.exe puis clique sur Search.

▶ Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.

▶ Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.

▶ Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

▶ Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.

* Note : le rapport se trouve aussi là : ( C:\JavaRa.log )

Ferme l'application et dis moi si tu as encore des problèmes.


lire ceci concernant Spyware Doctor
0
zicore Messages postés 17 Date d'inscription jeudi 6 novembre 2008 Statut Membre Dernière intervention 18 septembre 2013
8 janv. 2009 à 13:49
bonjour,

tout d'abord le rapport lod sur lequel je m'étais trompé (avec mes excuses) :

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : PhoenixBIOS 4.0 Release 6.0
USER : nico ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:27 Go (Free:8 Go)
D:\ (Local Disk) - NTFS - Total:27 Go (Free:8 Go)
E:\ (USB)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 07/01/2009|16:31 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin\gram start.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin\gram start.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin\Inter send.exe
Supprime! - C:\DOCUME~1\nico\APPLIC~1\procfi~1\BAIT ACTIVE HECK.exe
Supprime! - C:\DOCUME~1\nico\APPLIC~1\procfi~1\Boremagsdownload.exe
Supprime! - C:\DOCUME~1\nico\APPLIC~1\procfi~1\czqfzibg.exe
Supprime! - C:\DOCUME~1\nico\APPLIC~1\procfi~1\ixxvaeme.exe
Supprime! - C:\DOCUME~1\nico\APPLIC~1\procfi~1\tarrzkij.exe
Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG
Supprime! - C:\DOCUME~1\nico\Cookies\nico@adopt.euroclick[1].txt
Supprime! - C:\DOCUME~1\nico\Cookies\nico@partypoker[2].txt
Supprime! - C:\WINDOWS\Tasks\AC9DF273918A64A7.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\title tool face bin
Supprime! - C:\DOCUME~1\nico\APPLIC~1\procfi~1
Supprime! - C:\Program Files\procfi~1
Supprime! - C:\Program Files\Multi_Media_France

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[27/04/2005|10:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[27/04/2005|10:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Drag'n Drop CD+DVD
[12/11/2003|16:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[12/11/2003|16:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[27/04/2005|10:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[13/11/2003|09:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[13/11/2003|10:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[27/04/2005|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/01/2009|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
[29/08/2007|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[06/11/2006|14:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[12/02/2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[08/03/2008|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[03/11/2008|20:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[18/09/2006|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[16/10/2007|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[03/01/2009|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[05/01/2009|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[03/01/2009|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15/06/2008|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[27/04/2005|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[12/11/2003|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/04/2005|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[04/03/2007|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[29/12/2008|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[22/05/2006|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[07/01/2009|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[03/11/2008|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[27/04/2005|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VAIO Media Platform
[28/06/2006|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[21/02/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[04/03/2007|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[27/04/2005|10:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[27/04/2005|10:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Drag'n Drop CD+DVD
[12/11/2003|16:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[12/11/2003|16:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[27/04/2005|10:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[13/11/2003|09:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[13/11/2003|10:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[12/02/2007|18:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[27/04/2005|10:28] C:\DOCUME~1\losotros\APPLIC~1\Adobe
[27/04/2005|10:52] C:\DOCUME~1\losotros\APPLIC~1\Drag'n Drop CD+DVD
[12/11/2003|16:44] C:\DOCUME~1\losotros\APPLIC~1\Identities
[02/11/2005|18:02] C:\DOCUME~1\losotros\APPLIC~1\Macromedia
[12/02/2007|18:44] C:\DOCUME~1\losotros\APPLIC~1\Microsoft
[27/04/2005|10:24] C:\DOCUME~1\losotros\APPLIC~1\Real
[13/11/2003|09:53] C:\DOCUME~1\losotros\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\losotros\APPLIC~1\Sun
[13/11/2003|10:29] C:\DOCUME~1\losotros\APPLIC~1\Symantec
[22/11/2005|20:23] C:\DOCUME~1\losotros\APPLIC~1\WinPatrol

[12/02/2007|18:44] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[31/08/2008|14:35] C:\DOCUME~1\nico\APPLIC~1\Adobe
[31/08/2008|14:55] C:\DOCUME~1\nico\APPLIC~1\AdobeUM
[27/04/2006|15:59] C:\DOCUME~1\nico\APPLIC~1\Apple Computer
[30/11/2008|23:47] C:\DOCUME~1\nico\APPLIC~1\Azureus
[27/04/2005|10:52] C:\DOCUME~1\nico\APPLIC~1\Drag'n Drop CD+DVD
[15/03/2008|21:04] C:\DOCUME~1\nico\APPLIC~1\FileZilla
[01/02/2007|21:33] C:\DOCUME~1\nico\APPLIC~1\Google
[19/05/2005|17:51] C:\DOCUME~1\nico\APPLIC~1\Help
[12/11/2003|16:44] C:\DOCUME~1\nico\APPLIC~1\Identities
[14/10/2008|17:48] C:\DOCUME~1\nico\APPLIC~1\IndexEducation
[13/10/2008|17:49] C:\DOCUME~1\nico\APPLIC~1\InstallShield
[09/05/2005|19:04] C:\DOCUME~1\nico\APPLIC~1\InterVideo
[03/01/2009|19:29] C:\DOCUME~1\nico\APPLIC~1\Lavasoft
[07/05/2005|17:00] C:\DOCUME~1\nico\APPLIC~1\Macromedia
[05/01/2009|22:26] C:\DOCUME~1\nico\APPLIC~1\Malwarebytes
[05/11/2008|20:18] C:\DOCUME~1\nico\APPLIC~1\Microsoft
[08/05/2005|18:09] C:\DOCUME~1\nico\APPLIC~1\Microsoft Web Folders
[06/11/2008|17:14] C:\DOCUME~1\nico\APPLIC~1\MSN6
[07/01/2009|16:08] C:\DOCUME~1\nico\APPLIC~1\OpenOffice.org2
[29/12/2008|10:53] C:\DOCUME~1\nico\APPLIC~1\PC Tools
[18/05/2005|16:50] C:\DOCUME~1\nico\APPLIC~1\Real
[06/04/2008|19:47] C:\DOCUME~1\nico\APPLIC~1\SecuROM
[15/12/2007|17:16] C:\DOCUME~1\nico\APPLIC~1\Snapfish
[13/11/2003|09:53] C:\DOCUME~1\nico\APPLIC~1\Sony Corporation
[13/11/2003|10:00] C:\DOCUME~1\nico\APPLIC~1\Sun
[29/12/2008|11:29] C:\DOCUME~1\nico\APPLIC~1\SUPERAntiSpyware.com
[13/11/2003|10:29] C:\DOCUME~1\nico\APPLIC~1\Symantec
[10/04/2008|20:56] C:\DOCUME~1\nico\APPLIC~1\temp
[29/09/2007|20:14] C:\DOCUME~1\nico\APPLIC~1\U3
[05/11/2007|18:54] C:\DOCUME~1\nico\APPLIC~1\vlc
[05/11/2005|17:51] C:\DOCUME~1\nico\APPLIC~1\WinPatrol

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[07/01/2009 16:06][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[04/11/2008 14:19][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[07/01/2009 16:01][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[03/11/2008|20:00] C:\Program Files\ABBYY FineReader 6.0 Sprint
[31/08/2008|14:28] C:\Program Files\Adobe
[12/02/2007|18:42] C:\Program Files\Alwil Software
[06/01/2009|18:23] C:\Program Files\AntiVir PersonalEdition Classic
[18/08/2008|12:45] C:\Program Files\Apple Software Update
[12/11/2003|17:16] C:\Program Files\ATI Technologies
[05/11/2005|17:22] C:\Program Files\AVIcodec
[21/05/2006|10:45] C:\Program Files\AxBx
[05/11/2005|17:31] C:\Program Files\Axon Data
[05/11/2005|17:51] C:\Program Files\BillP Studios
[18/08/2008|12:41] C:\Program Files\Bonjour
[04/03/2007|16:30] C:\Program Files\CCleaner
[12/11/2003|17:11] C:\Program Files\Common Files
[12/11/2003|16:41] C:\Program Files\ComPlus Applications
[12/11/2003|16:37] C:\Program Files\CONEXANT
[19/09/2005|14:50] C:\Program Files\DivX
[27/04/2005|10:46] C:\Program Files\drag'n drop cd+dvd
[07/05/2005|16:55] C:\Program Files\ECI Telecom
[06/04/2008|20:13] C:\Program Files\Electronic Arts
[06/11/2008|17:27] C:\Program Files\epson
[17/10/2007|06:45] C:\Program Files\Everest Poker
[05/01/2009|18:32] C:\Program Files\Fichiers communs
[08/03/2008|12:02] C:\Program Files\FileZilla FTP Client
[05/11/2007|18:47] C:\Program Files\Freeplayer
[06/01/2008|20:55] C:\Program Files\Google
[15/02/2007|20:02] C:\Program Files\Grisoft
[02/09/2008|13:49] C:\Program Files\Guitar Pro 5
[05/01/2009|21:00] C:\Program Files\Hijackthis Version Fran‡aise
[09/02/2007|14:05] C:\Program Files\IncrediMail
[05/11/2008|11:52] C:\Program Files\InstallShield Installation Information
[10/12/2008|23:38] C:\Program Files\Internet Explorer
[13/11/2003|10:00] C:\Program Files\InterVideo
[18/08/2008|12:43] C:\Program Files\iPod
[18/08/2008|12:43] C:\Program Files\iTunes
[05/11/2005|17:07] C:\Program Files\IZArc
[06/12/2008|14:20] C:\Program Files\Java
[03/10/2005|17:23] C:\Program Files\JeCreeMaCuisineAvecLeroyMerlin
[12/11/2003|17:14] C:\Program Files\LanExpress
[03/01/2009|19:38] C:\Program Files\Lavasoft
[22/04/2006|14:27] C:\Program Files\LitexMedia
[05/01/2009|22:26] C:\Program Files\Malwarebytes' Anti-Malware
[21/08/2008|11:13] C:\Program Files\Messenger
[06/11/2008|17:25] C:\Program Files\MFP Server
[22/02/2008|00:39] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[08/05/2005|18:09] C:\Program Files\microsoft frontpage
[08/05/2005|18:09] C:\Program Files\Microsoft Office
[08/05/2005|18:16] C:\Program Files\Microsoft Visual Studio
[27/04/2005|10:50] C:\Program Files\Microsoft Works
[27/04/2005|10:39] C:\Program Files\MoodLogic
[21/08/2008|11:06] C:\Program Files\Movie Maker
[05/11/2008|21:47] C:\Program Files\MSN
[12/11/2003|16:40] C:\Program Files\MSN Gaming Zone
[21/08/2008|10:58] C:\Program Files\NetMeeting
[05/12/2007|18:16] C:\Program Files\OpenOffice.org 2.3
[21/08/2008|10:58] C:\Program Files\Outlook Express
[18/08/2008|12:40] C:\Program Files\QuickTime
[08/05/2005|11:15] C:\Program Files\QuickZip4
[27/04/2005|10:24] C:\Program Files\Real
[18/08/2008|12:30] C:\Program Files\Safari
[12/11/2003|16:42] C:\Program Files\Services en ligne
[27/04/2005|10:46] C:\Program Files\sony
[13/11/2003|09:52] C:\Program Files\Sony Corporation
[08/12/2005|21:47] C:\Program Files\Sports Interactive
[04/03/2007|15:32] C:\Program Files\Spybot - Search & Destroy
[07/01/2009|16:18] C:\Program Files\Spyware Doctor
[05/01/2009|18:32] C:\Program Files\SUPERAntiSpyware
[12/11/2003|17:12] C:\Program Files\Synaptics
[05/11/2005|17:16] C:\Program Files\ToniArts
[18/05/2005|16:16] C:\Program Files\Trend Micro
[30/06/2008|21:25] C:\Program Files\UBISOFT
[12/11/2003|17:02] C:\Program Files\Uninstall Information
[21/05/2007|18:25] C:\Program Files\vanBasco's Karaoke Player
[29/01/2006|22:20] C:\Program Files\VideoLAN
[05/11/2005|17:58] C:\Program Files\vso
[14/09/2005|06:48] C:\Program Files\Wanadoo
[29/12/2008|10:46] C:\Program Files\Windows Live
[21/02/2008|11:34] C:\Program Files\Windows Live Favorites
[21/02/2008|11:35] C:\Program Files\Windows Live Toolbar
[11/01/2007|18:39] C:\Program Files\Windows Media Connect 2
[21/08/2008|10:58] C:\Program Files\Windows Media Player
[21/08/2008|10:58] C:\Program Files\Windows NT
[07/05/2005|15:15] C:\Program Files\WindowsUpdate
[12/11/2003|16:45] C:\Program Files\xerox
[04/03/2007|16:29] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[31/08/2008|14:49] C:\Program Files\Fichiers communs\Adobe
[29/08/2007|21:26] C:\Program Files\Fichiers communs\Apple
[08/05/2005|18:16] C:\Program Files\Fichiers communs\Designer
[03/11/2008|20:04] C:\Program Files\Fichiers communs\InstallShield
[13/11/2003|09:59] C:\Program Files\Fichiers communs\Java
[21/02/2008|11:34] C:\Program Files\Fichiers communs\Microsoft Shared
[12/11/2003|16:42] C:\Program Files\Fichiers communs\MSSoap
[12/11/2003|16:35] C:\Program Files\Fichiers communs\ODBC
[18/05/2005|16:44] C:\Program Files\Fichiers communs\Real
[12/11/2003|16:42] C:\Program Files\Fichiers communs\Services
[27/04/2005|10:45] C:\Program Files\Fichiers communs\Sony Shared
[12/11/2003|16:35] C:\Program Files\Fichiers communs\SpeechEngines
[22/05/2006|15:53] C:\Program Files\Fichiers communs\Symantec Shared
[21/08/2008|10:58] C:\Program Files\Fichiers communs\System
[21/02/2008|11:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[18/05/2005|16:45] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 53 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 16:34:28
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:24][D:9]-> C:\DOCUME~1\nico\LOCALS~1\Temp
[F:83][D:0]-> C:\DOCUME~1\nico\Cookies
[F:2721][D:8]-> C:\DOCUME~1\nico\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 06/01/2009|23:06 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 07/01/2009|16:37 - Option : [2]

--------------------\\ Fin du rapport a 16:37:27




ensuite, j'ai fait ce que tu m'as conseillé :

pour higjackthis, il m'a mis un message d'erreur :

unexpected error occured !
error#52 (nom ou numéro de fichier incorrect) in sub getlongpath (?.exe)
please send a report to meriyn@spywareinfo.com
mentionning what you were doing and what versions of windows you have
this message has been copied to your clipboard.

qu'en pense tu ?


le rapport demandé :

avaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jan 08 13:36:38 2009

Found and removed: C:\Program Files\Java\j2re1.4.2_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142010}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142010}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410201

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410201

Found and removed: SOFTWARE\Classes\JavaPlugin.142_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_01

Found and removed: Software\Classes\JavaPlugin.142_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.




je n'ai pas encore eu le temps de constater si tout fonctionnait normalement mais il fonctionne déjà beaucoup mieux que lorsque j'ai demandé les conseils sur le site, donc merci pour toutes tes indications.

j'ai cru comprendre que spyware doctor n'était pas très conseillé, devrai-je le désinstaller d'après toi ?

bonne journée (ou soirée)
0
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
8 janv. 2009 à 14:02
Bizarre le message d erreur... Personnellement je désinstallerais spyware doctor... Tu as maintenant Malwarebytes qui est un excellent logiciel...

Est-ce que tu as le logiciel Spybot ??

fais ceci stp :

▶ Télécharge RegCleaner

▶ Une fois installé, double-clique sur son icône pour l'exécuter

▶ Dans la barre de menu, clique sur Options puis sélectionne Language => Choose the language

▶ recherche French.rlg et double-clique dessus pour appliquer la langue

▶ Clique ensuite sur Outils dans la barre de menu

▶ Sélectionne Nettoyage du registre => Nettoyeur de registre automatique

▶ RegCleaner va alors lancer le nettoyage automatiquement

▶ Coche ensuite les entrées invalides qui sont apparues dans la fenêtre et clique sur Supprimer sélections => Terminer => Quitter


Et ensuite refais un nouveau rapport hijackthis pour vérifier stp
0