Sujet Précédent Sujet Suivant

J'ai besoin d'aide pour pyagcore

Résolu/Fermé
sylviesfr - 12 mars 2009 à 18:32
kevin05 Messages postés 3636 Date d'inscription samedi 29 novembre 2008 Statut Contributeur sécurité Dernière intervention 13 mai 2010 - 29 mars 2009 à 18:36
Bonjour,

J'ai besoin d'aide "pyagcore" qui je bloc internet explorer et les options MSN J'ai instaler "hijackthis" le bloc note m'a donner ce résulta

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:18, on 12/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SFR\CONTRO~1\bin\OPTGui.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\confo\local settings\application data\guimg.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SFR\Controle Parental\bin\optproxy.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen147.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Documents and Settings\confo\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Documents and Settings\confo\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\SeekeenSrch\seekeen.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_watchop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\SFR\CONTRO~1\bin\OPTGui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [guimg] "c:\documents and settings\confo\local settings\application data\guimg.exe" guimg
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\confo\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Mindscape Website.url
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - C:\WINDOWS\system32\controlkids2.dll
O20 - Winlogon Notify: Scryptnat - Scryptnat.dll (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Contrôle Parental SFR (OPTENET_FILTER) - SFR - C:\Program Files\SFR\Controle Parental\bin\optproxy.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SeekeenSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen147.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe

35 réponses

  • 1
  • 2
Réponse 1 / 35
Utilisateur anonyme
12 mars 2009 à 18:41
Télécharge ToolBarSD (Team IDN) sur ton Bureau.

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

0
sylviesfr
12 mars 2009 à 19:57
bonsoir,

merci de bien vouloir m'aider.
voila j'ai fait comme tu a dit voici le rapport


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : confo ( Administrator )
BOOT : Normal boot
Antivirus : VirusKeeper 2009 Pro antivirus 9.0 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:20 Go)
D:\ (Local Disk) - FAT32 - Total:72 Go (Free:71 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 12/03/2009|19:52 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts\ScreenSaver\Images\00346852.urr
C:\Program Files\FunWebProducts\Shared\Cache
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_a.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_ie.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_m.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_y.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\logger.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIE.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_a.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_m.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_y.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\allow.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\block.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\dontsend.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbardropdownmenu.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsHelprolloverbase.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_bg.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_dp.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm2rolloverbase.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarstextrollover.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\kiwee_iconX16.ico
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\kiwee_iconX48.ico
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\send.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_eg.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_emoticons.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_eyeglass.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_gear.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_images.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_kiwee.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_msnlogo.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_news.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_text.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_videos.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_webshots.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_winks.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\X.bmp
C:\Program Files\Kiwee Toolbar
C:\Program Files\Kiwee Toolbar\2.8.167
C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll
C:\Program Files\Kiwee Toolbar\2.8.167\AolIMToolbar.dll
C:\Program Files\Kiwee Toolbar\2.8.167\firefox
C:\Program Files\Kiwee Toolbar\2.8.167\FlashCOM.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIMToolbar.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll
C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.tlb
C:\Program Files\Kiwee Toolbar\2.8.167\kiweetoolbar.zip
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\Kiwee Toolbar\2.8.167\mfc80u.dll
C:\Program Files\Kiwee Toolbar\2.8.167\Microsoft.VC80.CRT.manifest
C:\Program Files\Kiwee Toolbar\2.8.167\Microsoft.VC80.MFC.manifest
C:\Program Files\Kiwee Toolbar\2.8.167\msimg32.dll
C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll
C:\Program Files\Kiwee Toolbar\2.8.167\msvcp80.dll
C:\Program Files\Kiwee Toolbar\2.8.167\msvcr80.dll
C:\Program Files\Kiwee Toolbar\2.8.167\RemoteLib.dll
C:\Program Files\Kiwee Toolbar\2.8.167\Riched20.dll
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome.manifest
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\firefox.xpi
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\install.rdf
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome\kiweetoolbar.jar
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.js
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.xpt
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\KiweeSearchHistory.js
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.js
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.xpt
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults\preferences
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults\preferences\defaults.js
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\manifest.mf
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.rsa
C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.sf
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\Program Files\Multi_Media_France\Multi_Media_FranceToolbarHelper.exe
C:\Program Files\Multi_Media_France\tbMult.dll
C:\Program Files\Multi_Media_France\toolbar.cfg
C:\Program Files\Multi_Media_France\UNWISE.EXE
C:\Program Files\Multi_Media_France\UNWISE.INI
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs\Config.xml
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs\db
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs\dwld
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs\report
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs\res2
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs\db\Aliases.dbs
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs\db\Sites.dbs
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs\dwld\WhiteList.xip
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs\report\aggr_storage.xml
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs\report\send_storage.xml
C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\ShoppingReport\Bin\2.5.0
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Program Files\Internet Explorer\msimg32.dll
C:\DOCUME~1\confo\LOCALS~1\Temp\nsg176.tmp
C:\DOCUME~1\confo\LOCALS~1\Temp\nsw168.tmp
C:\DOCUME~1\confo\LOCALS~1\Temp\nsx1EE.tmp

-----------\\ Extensions

(confo) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(confo) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://home.sweetim.com/"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
"Default_Page_URL"="https://www.msn.com/fr-fr"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://home.sweetim.com/"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\Pack.epk

C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg.dat
C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg.exe
C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg_nav.dat
C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg_navps.dat
[b]==> EGDACCESS <==/b




1 - "C:\ToolBar SD\TB_1.txt" - 12/03/2009|19:53 - Option : [1]

-----------\\ Fin du rapport a 19:53:25,78
0
Réponse 2 / 35
Utilisateur anonyme
12 mars 2009 à 18:43
ps ca va prendre du temps de te desinfecter parceque que franchement
des pc infectés comme le tien c'est pas souvent...
c'est meme etonnant qu'il fonctionne encore (?)
0
Réponse 3 / 35
Utilisateur anonyme
12 mars 2009 à 19:42
t'en es ou ?
parcequ'il est vraiment tant de faire quelquechose pour ton pc ;))
0
Réponse 4 / 35
NicoIsAGeek Messages postés 19 Date d'inscription mercredi 11 mars 2009 Statut Membre Dernière intervention 29 mars 2009
12 mars 2009 à 19:44
Ton ordi a du voir un peu trop de film X... Sans rancune hein ? C'est juste pour la déconne ;). Bye !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 35
Utilisateur anonyme
12 mars 2009 à 20:36
nico is a gekk on se passe de commentaires ......

sylviegr

ta desinfection risque d'etre longue car tu es sur-multi-infectée et il va falloir faire plusieurs procedures, ne t'inquietes pas si je ne te reponds pas tout de suite, je ne t'oublies pas, au pire je reviens toujours plus tard ...!!!
on a analysé (option 1)maintenant on va nettoyer(option2)...

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" (au lieu de 1)puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.



0
Réponse 6 / 35
kevin05 Messages postés 3636 Date d'inscription samedi 29 novembre 2008 Statut Contributeur sécurité Dernière intervention 13 mai 2010 147
12 mars 2009 à 20:39
MOUARFFFFFF

Jolie entre les toolbars infectés et tout le bordel

Bonne chance neophyte ;-)
0
Réponse 7 / 35
Utilisateur anonyme
13 mars 2009 à 14:49
bonjour sylviefr

alors tu en es ou ?
tu a reussi a faire le post 6 ou tu a besoin d'aide ou de precisions ?

on a analysé (option 1)maintenant on va nettoyer(option2)...

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" (au lieu de 1)puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
0
sylviesfr
13 mars 2009 à 15:14
Bonjour

merci de ta patience.
je te donne le rapport n°2


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : confo ( Administrator )
BOOT : Normal boot
Antivirus : VirusKeeper 2009 Pro antivirus 9.0 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:20 Go)
D:\ (Local Disk) - FAT32 - Total:72 Go (Free:71 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 13/03/2009|15:07 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\FunWebProducts\ScreenSaver
Supprime! - C:\Program Files\FunWebProducts\Shared
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images
Supprime! - C:\Program Files\Kiwee Toolbar\2.8.167
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar
Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG
Supprime! - C:\Program Files\Multi_Media_France\Multi_Media_FranceToolbarHelper.exe
Supprime! - C:\Program Files\Multi_Media_France\tbMult.dll
Supprime! - C:\Program Files\Multi_Media_France\toolbar.cfg
Supprime! - C:\Program Files\Multi_Media_France\UNWISE.EXE
Supprime! - C:\Program Files\Multi_Media_France\UNWISE.INI
Supprime! - C:\DOCUME~1\confo\APPLIC~1\ShoppingReport\cs
Supprime! - C:\Program Files\ShoppingReport\Bin
Supprime! - C:\Program Files\ShoppingReport\Uninst.exe
Supprime! - C:\Program Files\Internet Explorer\msimg32.dll
Supprime! - C:\DOCUME~1\confo\LOCALS~1\Temp\nsg176.tmp
Supprime! - C:\DOCUME~1\confo\LOCALS~1\Temp\nsw168.tmp
Supprime! - C:\DOCUME~1\confo\LOCALS~1\Temp\nsx1EE.tmp
Supprime! - C:\Program Files\FunWebProducts
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar
Supprime! - C:\Program Files\Kiwee Toolbar
Supprime! - C:\Program Files\Multi_Media_France
Supprime! - C:\DOCUME~1\confo\APPLIC~1\ShoppingReport
Supprime! - C:\Program Files\ShoppingReport

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(confo) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(confo) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://home.sweetim.com/"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
"Default_Page_URL"="https://www.msn.com/fr-fr"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\Pack.epk

C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg.dat
C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg.exe
C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg_nav.dat
C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg_navps.dat
[b]==> EGDACCESS <==/b




1 - "C:\ToolBar SD\TB_1.txt" - 12/03/2009|19:53 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 13/03/2009|15:09 - Option : [2]

-----------\\ Fin du rapport a 15:09:58,92

moi j'y comprend rien.
si toi oui c super.
encore merci de m'aider.
0
sylviesfr
13 mars 2009 à 15:19
merci merci

c trop cool ça remarche.

c super sympa d'avoir pris un moment pour m'aider.

amicalement

Sylviesfr
0
sylviesfr
14 mars 2009 à 10:30
bonjour

voilas le nouveau rapport (je pensé qu'il y en aurait moins)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:51, on 14/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SFR\CONTRO~1\bin\OPTGui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\confo\local settings\application data\guimg.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SFR\Controle Parental\bin\optproxy.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen147.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
C:\Documents and Settings\confo\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\confo\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\SeekeenSrch\seekeen.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\SFR\CONTRO~1\bin\OPTGui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [guimg] "c:\documents and settings\confo\local settings\application data\guimg.exe" guimg
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\confo\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Mindscape Website.url
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - C:\WINDOWS\system32\controlkids2.dll
O20 - Winlogon Notify: Scryptnat - Scryptnat.dll (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Contrôle Parental SFR (OPTENET_FILTER) - SFR - C:\Program Files\SFR\Controle Parental\bin\optproxy.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SeekeenSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen147.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
0
Réponse 8 / 35
Utilisateur anonyme
13 mars 2009 à 15:26
slt *
attention ca remarche comme tu dis mais c'est provisoire, si tu laisses les autres infections dans une semaine tu reviens...
est ce qu'on continue et on remet ton pc a neuf ??? en tout cas je te le conseille fortement...;)

et a la fin de la desinfection je te donnerais des conseils et astuces pour ne plus te prendre de virus !

alors on continue ?
0
sylviesfr
13 mars 2009 à 21:09
Salut
alors on en a pas fini (c' était trop simple)
dit moi ce qui serais bien de faire.
pour avoir un super ordi super sur.
merci

sylviesfr
0
Réponse 9 / 35
Utilisateur anonyme
13 mars 2009 à 21:41
rassures toi on en a enlevé un gros morceau ;)

maintenent peux tu reposter un nouveau rapport hijackthis comme tu as fais au 1 er post stp?

0
Réponse 10 / 35
Utilisateur anonyme
14 mars 2009 à 11:03
bon, le logiciel toolsbar sd n' a pas enlevé la totalité de ce qu'il aurait du !


On va relancer toolsbar sd et encore l'option 2 mais cette fois en mode sans echec !
je t'explique :

pour cela tu dois redemarrer ton pc et juste avant le logo windows (des le debut),
tu vas tapoter la touche F5 OU F8 selon les pc
et tu vas tomber sur une fenetre bizarre ou avec les fleches haut/bas de ton clavier il faudra
aller sur : demarrer sans echec (c'est un mode de diagnostic de windows qui utilise que le minimum vital de ton pc)

ensuite ton bureau va apparaitre avec des couleurs et icones bizarres c'est normal !
tu n'auras pas acces a internet !


Relances toolsbar sd option 2

redemarre en mode normal (c'est fait automatiquement) reconnectes toi et poste le rapport dans la prochaine reponse

T'inquiete pas on va remettre ce pc a neuf ;)

et ps: quand tu postes un message rends toi directement ds le cadre blanc en bas de la page (ne fais pas repondre a) sinon on va se perdre ;)
0
Réponse 11 / 35
sylviesfr
14 mars 2009 à 11:26
Voici le nouveau rapport

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : confo ( Administrator )
BOOT : Fail-safe boot
Antivirus : VirusKeeper 2009 Pro antivirus 9.0 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:22 Go)
D:\ (Local Disk) - FAT32 - Total:72 Go (Free:71 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 14/03/2009|11:08 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(confo) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(confo) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
"Default_Page_URL"="https://www.msn.com/fr-fr"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections




C:\WINDOWS\Pack.epk

C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg.dat
C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg.exe
C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg_nav.dat
C:\DOCUME~1\confo\LOCALS~1\APPLIC~1\guimg_navps.dat
[b]==> EGDACCESS <==/b




1 - "C:\ToolBar SD\TB_1.txt" - 12/03/2009|19:53 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 13/03/2009|15:09 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 14/03/2009|11:10 - Option : [2]

-----------\\ Fin du rapport a 11:10:58,95
0
Réponse 12 / 35
Utilisateur anonyme
14 mars 2009 à 11:36
Télécharge Malwarebytes ICI

Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

Lance une analyse complète en cliquant sur "Exécuter un examen complet"

Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

L'analyse peut durer un bon moment.....

Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum


* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée
0
Réponse 13 / 35
sylviesfr Messages postés 9 Date d'inscription samedi 14 mars 2009 Statut Membre Dernière intervention 15 mars 2009
14 mars 2009 à 14:18
salut
je suis trop bête j'ai cliquer sur redémarrer avant de copier le rapport je me souvient qu'il y avais 20 infections qu'il a effacer.
désoler le week-end je doit être un peu mono-neurone. mais je suis sur que ça se soigne comme mon ordi (grace a toi)
0
Réponse 14 / 35
Utilisateur anonyme
14 mars 2009 à 14:21
ce petit tutoriel t'aidera a te servir de malwarebyte, il faudra garder ce logiciel a l'avenir, je t'expliquerai pourquoi a la fin
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
retourne ds malware byte et tu as un onglet "rapport/logs" va dedans et ton rapport se trouve dedans !
poste le
0
Réponse 15 / 35
sylviesfr Messages postés 9 Date d'inscription samedi 14 mars 2009 Statut Membre Dernière intervention 15 mars 2009
14 mars 2009 à 15:53
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1848
Windows 5.1.2600 Service Pack 3

14/03/2009 12:40:05
mbam-log-2009-03-14 (12-40-05).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 243408
Temps écoulé: 43 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\multi_media_france toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guimg (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\confo\Local Settings\Application Data\guimg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\confo\Local Settings\Application Data\guimg_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\confo\Local Settings\Application Data\guimg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\confo\Local Settings\Application Data\guimg.exe (Adware.Navipromo.H) -> Delete on reboot.
C:\ToolBar SD\Backup-TB\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\confo\Local Settings\Temp\ShprInstaller.exe (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP554\A0239431.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP554\A0239433.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
0
Réponse 16 / 35
Utilisateur anonyme
14 mars 2009 à 15:55
excellent
il faudrait un nouveau rapport hijackthis stp (ca devrait etre le dernier je pense)
0
Réponse 17 / 35
sylviesfr Messages postés 9 Date d'inscription samedi 14 mars 2009 Statut Membre Dernière intervention 15 mars 2009
14 mars 2009 à 15:59
alors docteur il est sauver.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:32, on 14/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\SFR\CONTRO~1\bin\OPTGui.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SFR\Controle Parental\bin\optproxy.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen147.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SeekeenSrch\seekeen.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\confo\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\confo\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_watchop.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\SFR\CONTRO~1\bin\OPTGui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\confo\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Mindscape Website.url
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - C:\WINDOWS\system32\controlkids2.dll
O20 - Winlogon Notify: Scryptnat - Scryptnat.dll (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Contrôle Parental SFR (OPTENET_FILTER) - SFR - C:\Program Files\SFR\Controle Parental\bin\optproxy.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SeekeenSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen147.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
0
Réponse 18 / 35
Utilisateur anonyme
14 mars 2009 à 16:17
Non pas encore sauvé, je t'avais prévenu que le tien etait un rapport hors du commun ;)
t'inquietes pas , ca doit deja aller mieux la ?

allez on continue :

Télécharge et enregistre lopSD sur ton bureau

Double-clic Lop S&D

Fair l'installation

Ferme toutes les applications

Le lancer par un double-clic sur le raccourci qui est sur le bureau

Taper F pour français , puis presser entrée

Taper 1

Presse Entrée

Le PC va redémarrer

* Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

Attendre l'apparition du rapport

Copier le rapport et le coller dans la réponse


* le rapport se trouve aussi à C:\lopR
0
Réponse 19 / 35
sylviesfr Messages postés 9 Date d'inscription samedi 14 mars 2009 Statut Membre Dernière intervention 15 mars 2009
14 mars 2009 à 18:11
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : confo ( Administrator )
BOOT : Normal boot
Antivirus : VirusKeeper 2009 Pro antivirus 9.0 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:20 Go)
D:\ (Local Disk) - FAT32 - Total:72 Go (Free:71 Go)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:3824 Mo (Free:3 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (Local Disk) - NTFS - Total:465 Go (Free:128 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 14/03/2009|18:05 )

--------------------\\ Listing des dossiers dans APPLIC~1

[06/10/2006|23:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[06/10/2006|23:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[06/10/2006|23:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[04/01/2009|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/07/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\agi
[16/02/2007|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[30/08/2008|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[10/11/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04/12/2007|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Backup
[21/08/2007|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
[11/11/2006|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[26/12/2006|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Disney Interactive
[24/01/2009|18:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eBay
[03/01/2009|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/11/2006|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[18/07/2008|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[18/07/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[23/01/2007|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[05/11/2008|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar2
[14/03/2009|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[08/02/2009|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[20/02/2009|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[05/01/2009|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[08/01/2007|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
[28/10/2007|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[20/11/2006|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Otto
[15/08/2007|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[25/12/2006|01:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[05/03/2009|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekeenSrch
[02/11/2008|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Softdisk LLC
[29/10/2008|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[21/07/2008|11:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[13/11/2006|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[22/11/2008|14:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[07/02/2009|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
[12/11/2008|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[16/02/2007|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[19/01/2009|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
[18/08/2008|18:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[20/07/2008|09:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[12/11/2006|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[01/08/2008|06:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[16/08/2007|13:36] C:\DOCUME~1\confo\APPLIC~1\Ace
[23/01/2009|14:46] C:\DOCUME~1\confo\APPLIC~1\Adobe
[12/11/2006|15:12] C:\DOCUME~1\confo\APPLIC~1\AdobeUM
[24/07/2008|20:52] C:\DOCUME~1\confo\APPLIC~1\agi
[16/02/2007|11:31] C:\DOCUME~1\confo\APPLIC~1\AOL
[31/10/2008|19:39] C:\DOCUME~1\confo\APPLIC~1\Apple Computer
[01/12/2008|20:49] C:\DOCUME~1\confo\APPLIC~1\ArcSoft
[12/11/2006|16:26] C:\DOCUME~1\confo\APPLIC~1\CyberLink
[25/12/2007|09:29] C:\DOCUME~1\confo\APPLIC~1\Disney Interactive
[22/01/2009|21:42] C:\DOCUME~1\confo\APPLIC~1\dvdcss
[24/01/2009|18:36] C:\DOCUME~1\confo\APPLIC~1\eBay
[04/02/2009|17:24] C:\DOCUME~1\confo\APPLIC~1\Google
[11/11/2006|18:57] C:\DOCUME~1\confo\APPLIC~1\Help
[29/10/2008|13:48] C:\DOCUME~1\confo\APPLIC~1\HP
[06/10/2006|23:18] C:\DOCUME~1\confo\APPLIC~1\Identities
[27/12/2008|12:01] C:\DOCUME~1\confo\APPLIC~1\InstallShield
[14/08/2007|17:22] C:\DOCUME~1\confo\APPLIC~1\InterTrust
[09/03/2009|11:26] C:\DOCUME~1\confo\APPLIC~1\LimeWire
[19/05/2007|11:59] C:\DOCUME~1\confo\APPLIC~1\LiteOn
[06/10/2006|23:18] C:\DOCUME~1\confo\APPLIC~1\Macromedia
[14/03/2009|11:49] C:\DOCUME~1\confo\APPLIC~1\Malwarebytes
[27/01/2007|15:00] C:\DOCUME~1\confo\APPLIC~1\Micro Application
[13/01/2009|15:05] C:\DOCUME~1\confo\APPLIC~1\Microsoft
[05/01/2009|10:48] C:\DOCUME~1\confo\APPLIC~1\Mozilla
[20/07/2008|09:27] C:\DOCUME~1\confo\APPLIC~1\MSNInstaller
[14/03/2009|12:48] C:\DOCUME~1\confo\APPLIC~1\OpenOffice.org2
[20/11/2006|17:37] C:\DOCUME~1\confo\APPLIC~1\Otto
[25/10/2008|16:32] C:\DOCUME~1\confo\APPLIC~1\PopupCop
[26/09/2008|17:56] C:\DOCUME~1\confo\APPLIC~1\Samsung
[23/03/2007|14:35] C:\DOCUME~1\confo\APPLIC~1\Sony Ericsson
[12/11/2006|15:48] C:\DOCUME~1\confo\APPLIC~1\Sun
[23/03/2007|14:43] C:\DOCUME~1\confo\APPLIC~1\Teleca
[18/06/2008|15:57] C:\DOCUME~1\confo\APPLIC~1\tuxmath
[15/08/2007|18:03] C:\DOCUME~1\confo\APPLIC~1\Ulead Systems
[10/09/2008|06:23] C:\DOCUME~1\confo\APPLIC~1\Viewpoint
[12/06/2007|11:46] C:\DOCUME~1\confo\APPLIC~1\vlc
[16/02/2007|11:26] C:\DOCUME~1\confo\APPLIC~1\You've Got Pictures Screensaver

[06/10/2006|23:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[06/10/2006|23:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[06/10/2006|23:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[06/10/2006|23:18] C:\DOCUME~1\FRANOI~1\APPLIC~1\Macromedia
[15/11/2007|17:08] C:\DOCUME~1\FRANOI~1\APPLIC~1\Microsoft

[23/09/2007|15:16] C:\DOCUME~1\INVIT~1\APPLIC~1\Apple Computer
[20/10/2007|14:56] C:\DOCUME~1\INVIT~1\APPLIC~1\CyberLink
[22/10/2007|09:40] C:\DOCUME~1\INVIT~1\APPLIC~1\Help
[06/10/2006|23:18] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[18/09/2007|09:45] C:\DOCUME~1\INVIT~1\APPLIC~1\LiteOn
[06/10/2006|23:18] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[30/09/2007|10:25] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[29/09/2007|15:02] C:\DOCUME~1\INVIT~1\APPLIC~1\Ulead Systems
[22/09/2007|17:36] C:\DOCUME~1\INVIT~1\APPLIC~1\vlc

[24/07/2008|20:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
[27/12/2007|18:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[06/10/2006|23:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[05/03/2009|14:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

[10/11/2008|18:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\agi
[06/10/2006|23:18] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[17/11/2007|12:06] C:\DOCUME~1\OUVERT~1\APPLIC~1\InstallShield
[17/11/2007|12:06] C:\DOCUME~1\OUVERT~1\APPLIC~1\InstallShield Installation Information
[06/10/2006|23:18] C:\DOCUME~1\OUVERT~1\APPLIC~1\Macromedia
[06/02/2008|12:20] C:\DOCUME~1\OUVERT~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[09/03/2009 18:48][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[14/03/2009 12:41][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[04/12/2007|17:13] C:\Program Files\AbiSuite2
[06/10/2006|23:19] C:\Program Files\Acer WLAN 11g USB Dongle
[04/01/2009|09:41] C:\Program Files\Adobe
[05/11/2008|17:20] C:\Program Files\AGI
[22/11/2008|16:29] C:\Program Files\Alwil Software
[21/12/2008|18:20] C:\Program Files\AOL
[02/09/2008|12:19] C:\Program Files\Apple Software Update
[01/12/2008|20:47] C:\Program Files\ArcSoft
[22/10/2007|16:43] C:\Program Files\Atout Clic CE1
[02/09/2008|17:33] C:\Program Files\Atout Clic CP
[04/01/2009|22:08] C:\Program Files\AxBx
[10/11/2008|18:57] C:\Program Files\Bonjour
[15/06/2008|18:55] C:\Program Files\Boonty
[10/11/2008|18:12] C:\Program Files\BoontyGames
[04/01/2009|22:05] C:\Program Files\CCleaner
[12/11/2008|11:14] C:\Program Files\Come2PlayK2P
[06/10/2006|23:19] C:\Program Files\commercial
[12/11/2008|11:09] C:\Program Files\Conduit
[15/11/2008|20:33] C:\Program Files\Control Kids
[06/10/2006|23:19] C:\Program Files\CyberLink
[20/11/2007|20:19] C:\Program Files\DeskPlayer
[06/10/2006|23:19] C:\Program Files\DIFX
[20/02/2009|20:09] C:\Program Files\Disney Interactive
[25/06/2007|16:50] C:\Program Files\DV Cam
[01/12/2008|21:14] C:\Program Files\DVBT Application
[24/01/2009|18:36] C:\Program Files\eBay
[27/09/2008|08:14] C:\Program Files\eMule
[21/02/2009|20:41] C:\Program Files\FairUse Wizard 2
[26/12/2008|18:47] C:\Program Files\Fichiers communs
[02/11/2008|22:00] C:\Program Files\Freeze.com
[06/10/2006|23:19] C:\Program Files\FrenchOtto
[27/12/2008|11:55] C:\Program Files\Games
[06/10/2006|23:19] C:\Program Files\GemMasterFrench
[04/02/2009|17:31] C:\Program Files\Google
[05/06/2007|07:37] C:\Program Files\GT Interactive
[11/11/2006|18:56] C:\Program Files\Hachette Multim‚dia
[02/09/2008|17:32] C:\Program Files\Happyneuron
[29/10/2008|13:10] C:\Program Files\Hewlett-Packard
[29/10/2008|13:42] C:\Program Files\HP
[11/11/2008|19:40] C:\Program Files\IncrediMail
[20/02/2009|20:09] C:\Program Files\InstallShield Installation Information
[28/11/2008|14:20] C:\Program Files\Integard
[12/11/2006|17:29] C:\Program Files\InterActual
[13/03/2009|15:07] C:\Program Files\Internet Explorer
[18/11/2008|13:11] C:\Program Files\iWizz
[14/12/2008|21:29] C:\Program Files\Java
[16/02/2007|11:26] C:\Program Files\Learn2.com
[09/02/2009|17:56] C:\Program Files\LimeWire
[08/09/2008|19:16] C:\Program Files\livetvbar
[08/02/2009|21:53] C:\Program Files\McDonaldsDragons
[30/09/2008|22:22] C:\Program Files\Messenger
[08/02/2009|06:49] C:\Program Files\Messenger Plus! Live
[26/09/2008|18:04] C:\Program Files\Micro Application
[26/12/2008|19:07] C:\Program Files\Microsoft
[20/07/2008|10:16] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[06/10/2006|23:19] C:\Program Files\microsoft frontpage
[20/01/2008|14:27] C:\Program Files\Microsoft Office
[27/02/2009|12:34] C:\Program Files\Microsoft Silverlight
[20/07/2008|09:48] C:\Program Files\Microsoft SQL Server Compact Edition
[26/12/2008|19:09] C:\Program Files\Microsoft Sync Framework
[20/01/2008|14:54] C:\Program Files\Microsoft Works
[24/01/2009|18:38] C:\Program Files\MINDSCAPE
[05/06/2007|11:51] C:\Program Files\Mio Technology
[28/07/2008|14:58] C:\Program Files\MiTAC Research (Shanghai) Ltd
[15/06/2008|19:15] C:\Program Files\MOINS par MOINS
[30/09/2008|05:12] C:\Program Files\Movie Maker
[14/03/2009|18:02] C:\Program Files\Mozilla Firefox
[28/06/2007|15:52] C:\Program Files\MSECache
[22/07/2008|12:48] C:\Program Files\MSN
[06/10/2006|23:19] C:\Program Files\MSN Gaming Zone
[20/07/2008|19:21] C:\Program Files\MSN Messenger
[21/08/2007|15:30] C:\Program Files\MSXML 4.0
[30/09/2008|05:09] C:\Program Files\NetMeeting
[06/10/2006|23:19] C:\Program Files\NewTech Infosystems
[05/01/2009|10:01] C:\Program Files\NOS
[18/09/2007|16:26] C:\Program Files\Novosoft International
[06/10/2006|23:19] C:\Program Files\Oca History Tool
[06/10/2006|23:19] C:\Program Files\Online Services
[04/08/2008|19:47] C:\Program Files\OpenOffice.org 2.4
[30/09/2008|05:09] C:\Program Files\Outlook Express
[15/08/2007|17:51] C:\Program Files\Pinnacle
[10/11/2008|18:56] C:\Program Files\QuickTime
[06/10/2006|23:19] C:\Program Files\Realtek
[24/07/2008|12:26] C:\Program Files\SDLL
[05/03/2009|14:44] C:\Program Files\SeekeenSrch
[06/10/2006|23:19] C:\Program Files\Services en ligne
[21/12/2008|18:00] C:\Program Files\SFR
[28/12/2008|17:14] C:\Program Files\SFR ADSL
[24/03/2007|13:39] C:\Program Files\Sony Ericsson
[02/03/2009|10:26] C:\Program Files\SweetIM
[03/02/2007|14:43] C:\Program Files\System
[17/12/2007|15:46] C:\Program Files\THQ
[05/06/2007|06:50] C:\Program Files\TomTom DesktopSuite
[21/08/2007|18:48] C:\Program Files\TomTom HOME
[24/01/2009|18:35] C:\Program Files\Ubisoft
[15/08/2007|18:01] C:\Program Files\Ulead Systems
[03/02/2007|14:12] C:\Program Files\Uninstall Information
[06/09/2007|19:05] C:\Program Files\ValuSoft
[12/06/2007|11:44] C:\Program Files\VideoLAN
[16/02/2007|11:26] C:\Program Files\Viewpoint
[22/11/2008|17:08] C:\Program Files\Web Hottest Videos Personal Player
[20/02/2009|07:58] C:\Program Files\Windows Live
[26/12/2008|19:07] C:\Program Files\Windows Live SkyDrive
[26/12/2008|19:09] C:\Program Files\Windows Live Toolbar
[15/08/2007|18:02] C:\Program Files\Windows Media Components
[18/08/2008|16:22] C:\Program Files\Windows Media Connect 2
[18/08/2008|16:22] C:\Program Files\Windows Media Player
[30/09/2008|05:09] C:\Program Files\Windows NT
[15/11/2007|17:08] C:\Program Files\WinRAR
[06/10/2006|23:19] C:\Program Files\xerox
[08/11/2006|17:35] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[04/01/2009|09:41] C:\Program Files\Fichiers communs\Adobe
[21/12/2008|18:20] C:\Program Files\Fichiers communs\AOL
[16/02/2007|11:27] C:\Program Files\Fichiers communs\aolback
[10/11/2008|18:55] C:\Program Files\Fichiers communs\Apple
[23/05/2007|09:06] C:\Program Files\Fichiers communs\ArcSoft
[15/11/2007|17:08] C:\Program Files\Fichiers communs\AVSMedia
[12/11/2006|18:05] C:\Program Files\Fichiers communs\Hewlett-Packard
[29/10/2008|13:34] C:\Program Files\Fichiers communs\HP
[17/12/2007|15:32] C:\Program Files\Fichiers communs\InstallShield
[08/11/2006|17:28] C:\Program Files\Fichiers communs\Java
[06/10/2006|23:19] C:\Program Files\Fichiers communs\LightScribe
[20/02/2009|07:55] C:\Program Files\Fichiers communs\Microsoft Shared
[06/10/2006|23:19] C:\Program Files\Fichiers communs\MSSoap
[06/10/2006|23:19] C:\Program Files\Fichiers communs\muvee Technologies
[06/10/2006|23:19] C:\Program Files\Fichiers communs\NewTech Infosystems
[16/02/2007|11:26] C:\Program Files\Fichiers communs\Nullsoft
[06/06/2007|09:31] C:\Program Files\Fichiers communs\ODBC
[22/11/2008|14:10] C:\Program Files\Fichiers communs\Panda Software
[16/02/2007|11:29] C:\Program Files\Fichiers communs\Real
[06/10/2006|23:19] C:\Program Files\Fichiers communs\Services
[29/10/2008|13:34] C:\Program Files\Fichiers communs\Sonic Shared
[06/10/2006|23:19] C:\Program Files\Fichiers communs\SpeechEngines
[23/02/2007|15:29] C:\Program Files\Fichiers communs\Symantec Shared
[30/09/2008|05:09] C:\Program Files\Fichiers communs\System
[24/03/2007|13:39] C:\Program Files\Fichiers communs\Teleca Shared
[26/12/2008|18:47] C:\Program Files\Fichiers communs\Windows Live
[20/07/2008|09:35] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 64 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\confo\LOCALS~1\Temp\nse2D5.tmp
C:\DOCUME~1\confo\LOCALS~1\Temp\nsf200.tmp
C:\DOCUME~1\confo\LOCALS~1\Temp\nsh209.tmp
C:\DOCUME~1\confo\Cookies\confo@advertising[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 18:06:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 5

--------------------\\ Recherche d'autres infections

C:\WINDOWS\Pack.epk
[b]==> EGDACCESS <==/b



[F:4717][D:291]-> C:\DOCUME~1\confo\LOCALS~1\Temp
[F:129][D:0]-> C:\DOCUME~1\confo\Cookies
[F:62675][D:35]-> C:\DOCUME~1\confo\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 14/03/2009|18:09 - Option : [1]

--------------------\\ Fin du rapport a 18:09:55
0
Réponse 20 / 35
Utilisateur anonyme
14 mars 2009 à 18:15
Relance Lop S&D


Choisis cette fois-ci l'option 2 (Suppression)


Ne ferme pas la fenêtre lors de la suppression !


Poste le rapport généré (C:\lopR.txt)


* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
0