Sujet Précédent Sujet Suivant

Sécurity suite

fp1231918123 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
J'ai le même problème que 2 d'entre vous avec le virus "windows security suite" et je n'arrive rien a faire.
Mon AVG est mis sur la touche, je ne peux y avoir accès !!!!!
Hijackthis m'avertis que il y a un problème de BHO's ; je colle donc un lien ZHP diag :
http://www.cijoint.fr/cjlink.php?file=cj200907/cijBTHi8Lr.txt

merci de m'aider car c'est très rare que je sois à ce point sans idée !!!!!

Cordialement,

FP

8 réponses

Réponse 1 / 8
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt je mets ici

Rapport de ZHPDiag v1.23.13 par Nicolas Coolman
Enregistré le 14/07/2009 22:38:10
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v7.0.5730.13

---\\ Processus lancés

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 206.53.61.77 google.com.jm
O1 - Hosts: 206.53.61.77 google.com.mx
O1 - Hosts: 206.53.61.77 google.com.my
O1 - Hosts: 206.53.61.77 google.com.na
O1 - Hosts: 206.53.61.77 google.com.nf
O1 - Hosts: 206.53.61.77 google.com.ng
O1 - Hosts: 206.53.61.77 google.ch
O1 - Hosts: 206.53.61.77 google.com.np
O1 - Hosts: 206.53.61.77 google.com.pr
O1 - Hosts: 206.53.61.77 google.com.qa
O1 - Hosts: 206.53.61.77 google.com.sg
O1 - Hosts: 206.53.61.77 google.com.tj
O1 - Hosts: 206.53.61.77 google.com.tw
O1 - Hosts: 206.53.61.77 google.dj
O1 - Hosts: 206.53.61.77 google.de
O1 - Hosts: 206.53.61.77 google.dk
O1 - Hosts: 206.53.61.77 google.dm
O1 - Hosts: 206.53.61.77 google.ee
O1 - Hosts: 206.53.61.77 google.fi
O1 - Hosts: 206.53.61.77 google.fm
O1 - Hosts: 206.53.61.77 google.fr
O1 - Hosts: 206.53.61.77 google.ge
O1 - Hosts: 206.53.61.77 google.gg
O1 - Hosts: 206.53.61.77 google.gm
O1 - Hosts: 206.53.61.77 google.gr
O1 - Hosts: 206.53.61.77 google.ht
O1 - Hosts: 206.53.61.77 google.ie
O1 - Hosts: 206.53.61.77 google.im
O1 - Hosts: 206.53.61.77 google.in
O1 - Hosts: 206.53.61.77 google.it
O1 - Hosts: 206.53.61.77 google.ki
O1 - Hosts: 206.53.61.77 google.la
O1 - Hosts: 206.53.61.77 google.li
O1 - Hosts: 206.53.61.77 google.lv
O1 - Hosts: 206.53.61.77 google.ma
O1 - Hosts: 206.53.61.77 google.ms
O1 - Hosts: 206.53.61.77 google.mu
O1 - Hosts: 206.53.61.77 google.mw
O1 - Hosts: 206.53.61.77 google.nl
O1 - Hosts: 206.53.61.77 google.no
O1 - Hosts: 206.53.61.77 google.nr
O1 - Hosts: 206.53.61.77 google.nu
O1 - Hosts: 206.53.61.77 google.pl
O1 - Hosts: 206.53.61.77 google.pn
O1 - Hosts: 206.53.61.77 google.pt
O1 - Hosts: 206.53.61.77 google.ro
O1 - Hosts: 206.53.61.77 google.ru
O1 - Hosts: 206.53.61.77 google.rw
O1 - Hosts: 206.53.61.77 google.sc
O1 - Hosts: 206.53.61.77 google.se
O1 - Hosts: 206.53.61.77 google.sh
O1 - Hosts: 206.53.61.77 google.si
O1 - Hosts: 206.53.61.77 google.sm
O1 - Hosts: 206.53.61.77 google.sn
O1 - Hosts: 206.53.61.77 google.st
O1 - Hosts: 206.53.61.77 google.tl
O1 - Hosts: 206.53.61.77 google.tm
O1 - Hosts: 206.53.61.77 google.tt
O1 - Hosts: 206.53.61.77 google.us
O1 - Hosts: 206.53.61.77 google.vu
O1 - Hosts: 206.53.61.77 google.ws
O1 - Hosts: 206.53.61.77 google.co.ck
O1 - Hosts: 206.53.61.77 google.co.id
O1 - Hosts: 206.53.61.77 google.co.il
O1 - Hosts: 206.53.61.77 google.co.in
O1 - Hosts: 206.53.61.77 google.co.jp
O1 - Hosts: 206.53.61.77 google.co.kr
O1 - Hosts: 206.53.61.77 google.co.ls
O1 - Hosts: 206.53.61.77 google.co.ma
O1 - Hosts: 206.53.61.77 google.co.nz
O1 - Hosts: 206.53.61.77 google.co.tz
O1 - Hosts: 206.53.61.77 google.co.ug
O1 - Hosts: 206.53.61.77 google.co.uk
O1 - Hosts: 206.53.61.77 google.co.za
O1 - Hosts: 206.53.61.77 google.co.zm
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 google.com.af
O1 - Hosts: 206.53.61.77 google.com.ag
O1 - Hosts: 206.53.61.77 google.com.ar
O1 - Hosts: 206.53.61.77 google.com.au
O1 - Hosts: 206.53.61.77 google.com.bn
O1 - Hosts: 206.53.61.77 google.com.br
O1 - Hosts: 206.53.61.77 google.com.by
O1 - Hosts: 206.53.61.77 google.com.bz
O1 - Hosts: 206.53.61.77 google.com.cu
O1 - Hosts: 206.53.61.77 google.com.ec
O1 - Hosts: 206.53.61.77 google.com.fj
O1 - Hosts: 206.53.61.77 www.google.ae
O1 - Hosts: 206.53.61.77 www.google.as
O1 - Hosts: 206.53.61.77 www.google.at
O1 - Hosts: 206.53.61.77 www.google.az
O1 - Hosts: 206.53.61.77 www.google.ba
O1 - Hosts: 206.53.61.77 www.google.be
O1 - Hosts: 206.53.61.77 www.google.bg
O1 - Hosts: 206.53.61.77 www.google.bs
O1 - Hosts: 206.53.61.77 www.google.ca
O1 - Hosts: 206.53.61.77 www.google.cd
O1 - Hosts: 206.53.61.77 www.google.com.gh
O1 - Hosts: 206.53.61.77 www.google.com.hk
O1 - Hosts: 206.53.61.77 www.google.com.jm
O1 - Hosts: 206.53.61.77 www.google.com.mx
O1 - Hosts: 206.53.61.77 www.google.com.my
O1 - Hosts: 206.53.61.77 www.google.com.na
O1 - Hosts: 206.53.61.77 www.google.com.nf
O1 - Hosts: 206.53.61.77 www.google.com.ng
O1 - Hosts: 206.53.61.77 www.google.ch
O1 - Hosts: 206.53.61.77 www.google.com.np
O1 - Hosts: 206.53.61.77 www.google.com.pr
O1 - Hosts: 206.53.61.77 www.google.com.qa
O1 - Hosts: 206.53.61.77 www.google.com.sg
O1 - Hosts: 206.53.61.77 www.google.com.tj
O1 - Hosts: 206.53.61.77 www.google.com.tw
O1 - Hosts: 206.53.61.77 www.google.dj
O1 - Hosts: 206.53.61.77 www.google.de
O1 - Hosts: 206.53.61.77 www.google.dk
O1 - Hosts: 206.53.61.77 www.google.dm
O1 - Hosts: 206.53.61.77 www.google.ee
O1 - Hosts: 206.53.61.77 www.google.fi
O1 - Hosts: 206.53.61.77 www.google.fm
O1 - Hosts: 206.53.61.77 www.google.fr
O1 - Hosts: 206.53.61.77 www.google.ge
O1 - Hosts: 206.53.61.77 www.google.gg
O1 - Hosts: 206.53.61.77 www.google.gm
O1 - Hosts: 206.53.61.77 www.google.gr
O1 - Hosts: 206.53.61.77 www.google.ht
O1 - Hosts: 206.53.61.77 www.google.ie
O1 - Hosts: 206.53.61.77 www.google.im
O1 - Hosts: 206.53.61.77 www.google.in
O1 - Hosts: 206.53.61.77 www.google.it
O1 - Hosts: 206.53.61.77 www.google.ki
O1 - Hosts: 206.53.61.77 www.google.la
O1 - Hosts: 206.53.61.77 www.google.li
O1 - Hosts: 206.53.61.77 www.google.lv
O1 - Hosts: 206.53.61.77 www.google.ma
O1 - Hosts: 206.53.61.77 www.google.ms
O1 - Hosts: 206.53.61.77 www.google.mu
O1 - Hosts: 206.53.61.77 www.google.mw
O1 - Hosts: 206.53.61.77 www.google.nl
O1 - Hosts: 206.53.61.77 www.google.no
O1 - Hosts: 206.53.61.77 www.google.nr
O1 - Hosts: 206.53.61.77 www.google.nu
O1 - Hosts: 206.53.61.77 www.google.pl
O1 - Hosts: 206.53.61.77 www.google.pn
O1 - Hosts: 206.53.61.77 www.google.pt
O1 - Hosts: 206.53.61.77 www.google.ro
O1 - Hosts: 206.53.61.77 www.google.ru
O1 - Hosts: 206.53.61.77 www.google.rw
O1 - Hosts: 206.53.61.77 www.google.sc
O1 - Hosts: 206.53.61.77 www.google.se
O1 - Hosts: 206.53.61.77 www.google.sh
O1 - Hosts: 206.53.61.77 www.google.si
O1 - Hosts: 206.53.61.77 www.google.sm
O1 - Hosts: 206.53.61.77 www.google.sn
O1 - Hosts: 206.53.61.77 www.google.st
O1 - Hosts: 206.53.61.77 www.google.tl
O1 - Hosts: 206.53.61.77 www.google.tm
O1 - Hosts: 206.53.61.77 www.google.tt
O1 - Hosts: 206.53.61.77 www.google.us
O1 - Hosts: 206.53.61.77 www.google.vu
O1 - Hosts: 206.53.61.77 www.google.ws
O1 - Hosts: 206.53.61.77 www.google.co.ck
O1 - Hosts: 206.53.61.77 www.google.co.id
O1 - Hosts: 206.53.61.77 www.google.co.il
O1 - Hosts: 206.53.61.77 www.google.co.in
O1 - Hosts: 206.53.61.77 www.google.co.jp
O1 - Hosts: 206.53.61.77 www.google.co.kr
O1 - Hosts: 206.53.61.77 www.google.co.ls
O1 - Hosts: 206.53.61.77 www.google.co.ma
O1 - Hosts: 206.53.61.77 www.google.co.nz
O1 - Hosts: 206.53.61.77 www.google.co.tz
O1 - Hosts: 206.53.61.77 www.google.co.ug
O1 - Hosts: 206.53.61.77 www.google.co.uk
O1 - Hosts: 206.53.61.77 www.google.co.za
O1 - Hosts: 206.53.61.77 www.google.co.zm
O1 - Hosts: 206.53.61.77 www.google.com
O1 - Hosts: 206.53.61.77 www.google.com.af
O1 - Hosts: 206.53.61.77 www.google.com.ag
O1 - Hosts: 206.53.61.77 www.google.com.ar
O1 - Hosts: 206.53.61.77 www.google.com.au
O1 - Hosts: 206.53.61.77 www.google.com.bn
O1 - Hosts: 206.53.61.77 www.google.com.br
O1 - Hosts: 206.53.61.77 www.google.com.by
O1 - Hosts: 206.53.61.77 www.google.com.bz
O1 - Hosts: 206.53.61.77 www.google.com.cu
O1 - Hosts: 206.53.61.77 www.google.com.ec
O1 - Hosts: 206.53.61.77 www.google.com.fj
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 www.google.com
O1 - Hosts: 206.53.61.77 bing.com
O1 - Hosts: 206.53.61.77 www.bing.com
O1 - Hosts: 206.53.61.77 search.yahoo.com
O1 - Hosts: 206.53.61.77 www.search.yahoo.com
O1 - Hosts: 206.53.61.77 search.live.com
O1 - Hosts: 206.53.61.77 search.msn.com
O1 - Hosts: 206.53.61.77 googleads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 www.googleads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 pubads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 www.pubads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 partner.googleadservices.com
O1 - Hosts: 206.53.61.77 www.partner.googleadservices.com
O1 - Hosts: 206.53.61.77 www.partner.googleadservices.com

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

---\\ Processus lancés
---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 EPSON Stylus C62 Series /O6 USB001 /M Stylus C62
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: Process Monitor (LVPrcSrv) - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: Sygate Personal Firewall (SmcService) - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe

End of the scan: 326 lines
Rapport de ZHPDiag v1.23.13 par Nicolas Coolman
Enregistré le 14/07/2009 22:38:10
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v7.0.5730.13

---\\ Processus lancés

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 206.53.61.77 google.com.jm
O1 - Hosts: 206.53.61.77 google.com.mx
O1 - Hosts: 206.53.61.77 google.com.my
O1 - Hosts: 206.53.61.77 google.com.na
O1 - Hosts: 206.53.61.77 google.com.nf
O1 - Hosts: 206.53.61.77 google.com.ng
O1 - Hosts: 206.53.61.77 google.ch
O1 - Hosts: 206.53.61.77 google.com.np
O1 - Hosts: 206.53.61.77 google.com.pr
O1 - Hosts: 206.53.61.77 google.com.qa
O1 - Hosts: 206.53.61.77 google.com.sg
O1 - Hosts: 206.53.61.77 google.com.tj
O1 - Hosts: 206.53.61.77 google.com.tw
O1 - Hosts: 206.53.61.77 google.dj
O1 - Hosts: 206.53.61.77 google.de
O1 - Hosts: 206.53.61.77 google.dk
O1 - Hosts: 206.53.61.77 google.dm
O1 - Hosts: 206.53.61.77 google.ee
O1 - Hosts: 206.53.61.77 google.fi
O1 - Hosts: 206.53.61.77 google.fm
O1 - Hosts: 206.53.61.77 google.fr
O1 - Hosts: 206.53.61.77 google.ge
O1 - Hosts: 206.53.61.77 google.gg
O1 - Hosts: 206.53.61.77 google.gm
O1 - Hosts: 206.53.61.77 google.gr
O1 - Hosts: 206.53.61.77 google.ht
O1 - Hosts: 206.53.61.77 google.ie
O1 - Hosts: 206.53.61.77 google.im
O1 - Hosts: 206.53.61.77 google.in
O1 - Hosts: 206.53.61.77 google.it
O1 - Hosts: 206.53.61.77 google.ki
O1 - Hosts: 206.53.61.77 google.la
O1 - Hosts: 206.53.61.77 google.li
O1 - Hosts: 206.53.61.77 google.lv
O1 - Hosts: 206.53.61.77 google.ma
O1 - Hosts: 206.53.61.77 google.ms
O1 - Hosts: 206.53.61.77 google.mu
O1 - Hosts: 206.53.61.77 google.mw
O1 - Hosts: 206.53.61.77 google.nl
O1 - Hosts: 206.53.61.77 google.no
O1 - Hosts: 206.53.61.77 google.nr
O1 - Hosts: 206.53.61.77 google.nu
O1 - Hosts: 206.53.61.77 google.pl
O1 - Hosts: 206.53.61.77 google.pn
O1 - Hosts: 206.53.61.77 google.pt
O1 - Hosts: 206.53.61.77 google.ro
O1 - Hosts: 206.53.61.77 google.ru
O1 - Hosts: 206.53.61.77 google.rw
O1 - Hosts: 206.53.61.77 google.sc
O1 - Hosts: 206.53.61.77 google.se
O1 - Hosts: 206.53.61.77 google.sh
O1 - Hosts: 206.53.61.77 google.si
O1 - Hosts: 206.53.61.77 google.sm
O1 - Hosts: 206.53.61.77 google.sn
O1 - Hosts: 206.53.61.77 google.st
O1 - Hosts: 206.53.61.77 google.tl
O1 - Hosts: 206.53.61.77 google.tm
O1 - Hosts: 206.53.61.77 google.tt
O1 - Hosts: 206.53.61.77 google.us
O1 - Hosts: 206.53.61.77 google.vu
O1 - Hosts: 206.53.61.77 google.ws
O1 - Hosts: 206.53.61.77 google.co.ck
O1 - Hosts: 206.53.61.77 google.co.id
O1 - Hosts: 206.53.61.77 google.co.il
O1 - Hosts: 206.53.61.77 google.co.in
O1 - Hosts: 206.53.61.77 google.co.jp
O1 - Hosts: 206.53.61.77 google.co.kr
O1 - Hosts: 206.53.61.77 google.co.ls
O1 - Hosts: 206.53.61.77 google.co.ma
O1 - Hosts: 206.53.61.77 google.co.nz
O1 - Hosts: 206.53.61.77 google.co.tz
O1 - Hosts: 206.53.61.77 google.co.ug
O1 - Hosts: 206.53.61.77 google.co.uk
O1 - Hosts: 206.53.61.77 google.co.za
O1 - Hosts: 206.53.61.77 google.co.zm
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 google.com.af
O1 - Hosts: 206.53.61.77 google.com.ag
O1 - Hosts: 206.53.61.77 google.com.ar
O1 - Hosts: 206.53.61.77 google.com.au
O1 - Hosts: 206.53.61.77 google.com.bn
O1 - Hosts: 206.53.61.77 google.com.br
O1 - Hosts: 206.53.61.77 google.com.by
O1 - Hosts: 206.53.61.77 google.com.bz
O1 - Hosts: 206.53.61.77 google.com.cu
O1 - Hosts: 206.53.61.77 google.com.ec
O1 - Hosts: 206.53.61.77 google.com.fj
O1 - Hosts: 206.53.61.77 www.google.ae
O1 - Hosts: 206.53.61.77 www.google.as
O1 - Hosts: 206.53.61.77 www.google.at
O1 - Hosts: 206.53.61.77 www.google.az
O1 - Hosts: 206.53.61.77 www.google.ba
O1 - Hosts: 206.53.61.77 www.google.be
O1 - Hosts: 206.53.61.77 www.google.bg
O1 - Hosts: 206.53.61.77 www.google.bs
O1 - Hosts: 206.53.61.77 www.google.ca
O1 - Hosts: 206.53.61.77 www.google.cd
O1 - Hosts: 206.53.61.77 www.google.com.gh
O1 - Hosts: 206.53.61.77 www.google.com.hk
O1 - Hosts: 206.53.61.77 www.google.com.jm
O1 - Hosts: 206.53.61.77 www.google.com.mx
O1 - Hosts: 206.53.61.77 www.google.com.my
O1 - Hosts: 206.53.61.77 www.google.com.na
O1 - Hosts: 206.53.61.77 www.google.com.nf
O1 - Hosts: 206.53.61.77 www.google.com.ng
O1 - Hosts: 206.53.61.77 www.google.ch
O1 - Hosts: 206.53.61.77 www.google.com.np
O1 - Hosts: 206.53.61.77 www.google.com.pr
O1 - Hosts: 206.53.61.77 www.google.com.qa
O1 - Hosts: 206.53.61.77 www.google.com.sg
O1 - Hosts: 206.53.61.77 www.google.com.tj
O1 - Hosts: 206.53.61.77 www.google.com.tw
O1 - Hosts: 206.53.61.77 www.google.dj
O1 - Hosts: 206.53.61.77 www.google.de
O1 - Hosts: 206.53.61.77 www.google.dk
O1 - Hosts: 206.53.61.77 www.google.dm
O1 - Hosts: 206.53.61.77 www.google.ee
O1 - Hosts: 206.53.61.77 www.google.fi
O1 - Hosts: 206.53.61.77 www.google.fm
O1 - Hosts: 206.53.61.77 www.google.fr
O1 - Hosts: 206.53.61.77 www.google.ge
O1 - Hosts: 206.53.61.77 www.google.gg
O1 - Hosts: 206.53.61.77 www.google.gm
O1 - Hosts: 206.53.61.77 www.google.gr
O1 - Hosts: 206.53.61.77 www.google.ht
O1 - Hosts: 206.53.61.77 www.google.ie
O1 - Hosts: 206.53.61.77 www.google.im
O1 - Hosts: 206.53.61.77 www.google.in
O1 - Hosts: 206.53.61.77 www.google.it
O1 - Hosts: 206.53.61.77 www.google.ki
O1 - Hosts: 206.53.61.77 www.google.la
O1 - Hosts: 206.53.61.77 www.google.li
O1 - Hosts: 206.53.61.77 www.google.lv
O1 - Hosts: 206.53.61.77 www.google.ma
O1 - Hosts: 206.53.61.77 www.google.ms
O1 - Hosts: 206.53.61.77 www.google.mu
O1 - Hosts: 206.53.61.77 www.google.mw
O1 - Hosts: 206.53.61.77 www.google.nl
O1 - Hosts: 206.53.61.77 www.google.no
O1 - Hosts: 206.53.61.77 www.google.nr
O1 - Hosts: 206.53.61.77 www.google.nu
O1 - Hosts: 206.53.61.77 www.google.pl
O1 - Hosts: 206.53.61.77 www.google.pn
O1 - Hosts: 206.53.61.77 www.google.pt
O1 - Hosts: 206.53.61.77 www.google.ro
O1 - Hosts: 206.53.61.77 www.google.ru
O1 - Hosts: 206.53.61.77 www.google.rw
O1 - Hosts: 206.53.61.77 www.google.sc
O1 - Hosts: 206.53.61.77 www.google.se
O1 - Hosts: 206.53.61.77 www.google.sh
O1 - Hosts: 206.53.61.77 www.google.si
O1 - Hosts: 206.53.61.77 www.google.sm
O1 - Hosts: 206.53.61.77 www.google.sn
O1 - Hosts: 206.53.61.77 www.google.st
O1 - Hosts: 206.53.61.77 www.google.tl
O1 - Hosts: 206.53.61.77 www.google.tm
O1 - Hosts: 206.53.61.77 www.google.tt
O1 - Hosts: 206.53.61.77 www.google.us
O1 - Hosts: 206.53.61.77 www.google.vu
O1 - Hosts: 206.53.61.77 www.google.ws
O1 - Hosts: 206.53.61.77 www.google.co.ck
O1 - Hosts: 206.53.61.77 www.google.co.id
O1 - Hosts: 206.53.61.77 www.google.co.il
O1 - Hosts: 206.53.61.77 www.google.co.in
O1 - Hosts: 206.53.61.77 www.google.co.jp
O1 - Hosts: 206.53.61.77 www.google.co.kr
O1 - Hosts: 206.53.61.77 www.google.co.ls
O1 - Hosts: 206.53.61.77 www.google.co.ma
O1 - Hosts: 206.53.61.77 www.google.co.nz
O1 - Hosts: 206.53.61.77 www.google.co.tz
O1 - Hosts: 206.53.61.77 www.google.co.ug
O1 - Hosts: 206.53.61.77 www.google.co.uk
O1 - Hosts: 206.53.61.77 www.google.co.za
O1 - Hosts: 206.53.61.77 www.google.co.zm
O1 - Hosts: 206.53.61.77 www.google.com
O1 - Hosts: 206.53.61.77 www.google.com.af
O1 - Hosts: 206.53.61.77 www.google.com.ag
O1 - Hosts: 206.53.61.77 www.google.com.ar
O1 - Hosts: 206.53.61.77 www.google.com.au
O1 - Hosts: 206.53.61.77 www.google.com.bn
O1 - Hosts: 206.53.61.77 www.google.com.br
O1 - Hosts: 206.53.61.77 www.google.com.by
O1 - Hosts: 206.53.61.77 www.google.com.bz
O1 - Hosts: 206.53.61.77 www.google.com.cu
O1 - Hosts: 206.53.61.77 www.google.com.ec
O1 - Hosts: 206.53.61.77 www.google.com.fj
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 www.google.com
O1 - Hosts: 206.53.61.77 bing.com
O1 - Hosts: 206.53.61.77 www.bing.com
O1 - Hosts: 206.53.61.77 search.yahoo.com
O1 - Hosts: 206.53.61.77 www.search.yahoo.com
O1 - Hosts: 206.53.61.77 search.live.com
O1 - Hosts: 206.53.61.77 search.msn.com
O1 - Hosts: 206.53.61.77 googleads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 www.googleads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 pubads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 www.pubads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 partner.googleadservices.com
O1 - Hosts: 206.53.61.77 www.partner.googleadservices.com
O1 - Hosts: 206.53.61.77 www.partner.googleadservices.com

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

---\\ Processus lancés
---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 EPSON Stylus C62 Series /O6 USB001 /M Stylus C62
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: Process Monitor (LVPrcSrv) - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: Sygate Personal Firewall (SmcService) - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe

End of the scan: 326 lines
0
Réponse 2 / 8
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
reslt

fais ceci:

# télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip

# Dézipper le dossier sur le bureau.
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File

si impossible fais RHOST

http://siri.urz.free.fr/RHosts.php

_______________________

et

scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­­

_______________________

puis

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

kaspersky en ligne
https://www.informatruc.com
0
Réponse 3 / 8
fp1231918123
 
OK bon j'ai fait ce que vous m'avez dit : (entre temps j'avais fait un SCAN très approfondi mais pour être sur j'ai refait un SCAN rapide) donc rapport Malwarebytes :

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2433
Windows 5.1.2600 Service Pack 2

16/07/2009 17:33:28
mbam-log-2009-07-16 (17-33-28).txt

Type de recherche: Examen rapide
Eléments examinés: 83209
Temps écoulé: 3 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Par contre j'ai toujours mon problème de Hosts, je ne peux faire aucun restaurateur de Hosts d'origine même pas RHOST ???????
Mon antivirus refuse de se réenclencher donc, voila pour la première instance, j'attends vos propisitions eventuelles.......

merci

FP
0
Réponse 4 / 8
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
passe lop sd

tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

_________________________

smitfraud fix

smit fraud fix

http://telechargement.zebulon.fr/smitfraudfix.html

double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.et colle le rapport
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
fp1231918123
 
Bonsoir

Voici les 2 rapports. On observera la prrésence reconnue de Windows Security Suite dans le rapport de Lop SD alors que j'au réussi à remettre AVG free Edition 8.5 ???????????

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3100+ )
BIOS : Default System BIOS
USER : POILLOT françois ( Administrator )
BOOT : Normal boot
Antivirus : Windows Security Suite (Activated)
Firewall : Sygate Personal Firewall 4.6 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:94 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:94 Go (Free:28 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:233 Go (Free:8 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 16/07/2009|22:35 )

--------------------\\ Listing des dossiers dans APPLIC~1

[10/11/2008|03:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/08/2008|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[04/08/2008|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[16/07/2009|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[20/03/2009|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bags Plus Online Chin
[15/07/2009|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\f7ebc8e
[25/06/2008|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[21/06/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[21/06/2008|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[21/06/2008|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[07/03/2009|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[21/06/2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[15/07/2009|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[15/03/2009|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[21/06/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[27/03/2009|03:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[11/05/2009|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[21/06/2008|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[21/06/2008|02:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[16/07/2009|17:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[16/07/2009|17:50] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[20/11/2008|01:15] C:\DOCUME~1\POILLO~1\APPLIC~1\Adobe
[04/08/2008|16:16] C:\DOCUME~1\POILLO~1\APPLIC~1\Apple Computer
[21/06/2008|11:12] C:\DOCUME~1\POILLO~1\APPLIC~1\ATI
[12/07/2009|20:29] C:\DOCUME~1\POILLO~1\APPLIC~1\Desktopicon
[09/01/2009|00:47] C:\DOCUME~1\POILLO~1\APPLIC~1\DivX
[01/08/2008|22:34] C:\DOCUME~1\POILLO~1\APPLIC~1\Google
[04/07/2008|11:42] C:\DOCUME~1\POILLO~1\APPLIC~1\Help
[13/11/2008|03:20] C:\DOCUME~1\POILLO~1\APPLIC~1\HiYo
[24/06/2008|15:33] C:\DOCUME~1\POILLO~1\APPLIC~1\HP
[21/06/2008|02:49] C:\DOCUME~1\POILLO~1\APPLIC~1\Identities
[06/01/2009|21:44] C:\DOCUME~1\POILLO~1\APPLIC~1\InstallShield
[30/08/2008|13:29] C:\DOCUME~1\POILLO~1\APPLIC~1\Leadertech
[08/01/2009|16:39] C:\DOCUME~1\POILLO~1\APPLIC~1\LG Electronics
[20/11/2008|01:15] C:\DOCUME~1\POILLO~1\APPLIC~1\Macromedia
[15/07/2009|17:38] C:\DOCUME~1\POILLO~1\APPLIC~1\Malwarebytes
[23/06/2008|11:40] C:\DOCUME~1\POILLO~1\APPLIC~1\Media Player Classic
[16/07/2009|17:50] C:\DOCUME~1\POILLO~1\APPLIC~1\Microsoft
[29/06/2008|00:40] C:\DOCUME~1\POILLO~1\APPLIC~1\Real
[28/06/2008|01:39] C:\DOCUME~1\POILLO~1\APPLIC~1\Sun
[22/06/2008|00:42] C:\DOCUME~1\POILLO~1\APPLIC~1\vghd
[07/04/2009|15:09] C:\DOCUME~1\POILLO~1\APPLIC~1\XnView

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[11/07/2009 20:41][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[16/07/2009 17:25][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[10/11/2008|03:26] C:\Program Files\Adobe
[07/04/2009|15:13] C:\Program Files\AlexSoft
[21/06/2008|11:04] C:\Program Files\ALi
[04/08/2008|16:14] C:\Program Files\Apple Software Update
[21/06/2008|11:10] C:\Program Files\ATI Technologies
[21/06/2008|18:51] C:\Program Files\AVG
[22/06/2008|00:40] C:\Program Files\CCleaner
[21/06/2008|02:41] C:\Program Files\ComPlus Applications
[09/06/2009|18:59] C:\Program Files\DivX
[21/06/2008|12:02] C:\Program Files\EBP
[16/07/2009|21:31] C:\Program Files\eMule
[16/03/2009|18:40] C:\Program Files\Enigma Software Group
[21/06/2008|11:20] C:\Program Files\EPSON
[09/06/2009|18:58] C:\Program Files\Fichiers communs
[01/08/2008|22:33] C:\Program Files\Google
[21/06/2008|11:29] C:\Program Files\Hewlett-Packard
[21/06/2008|11:29] C:\Program Files\HP
[10/03/2009|16:08] C:\Program Files\IncrediMail
[06/01/2009|21:47] C:\Program Files\InstallShield Installation Information
[09/05/2009|03:08] C:\Program Files\Internet Explorer
[22/06/2008|00:36] C:\Program Files\IZArc
[27/03/2009|16:09] C:\Program Files\Java
[23/06/2008|11:38] C:\Program Files\K-Lite Codec Pack
[06/01/2009|21:47] C:\Program Files\LG Electronics
[08/01/2009|16:54] C:\Program Files\LG PC Suite II
[07/03/2009|12:28] C:\Program Files\Logitech
[15/07/2009|17:38] C:\Program Files\Malwarebytes' Anti-Malware
[02/07/2009|19:27] C:\Program Files\MediaCoder
[09/05/2009|03:09] C:\Program Files\Messenger
[15/03/2009|17:30] C:\Program Files\Microsoft
[22/06/2008|20:23] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/06/2008|02:44] C:\Program Files\microsoft frontpage
[21/06/2008|11:38] C:\Program Files\Microsoft Office
[28/03/2009|12:23] C:\Program Files\Microsoft Silverlight
[21/06/2008|13:44] C:\Program Files\Microsoft SQL Server Compact Edition
[15/03/2009|17:30] C:\Program Files\Microsoft Sync Framework
[21/06/2008|02:42] C:\Program Files\Movie Maker
[13/02/2009|19:19] C:\Program Files\Mozilla Firefox
[23/09/2008|21:22] C:\Program Files\MSN
[21/06/2008|02:40] C:\Program Files\MSN Gaming Zone
[18/03/2009|11:41] C:\Program Files\MSN Messenger
[21/06/2008|13:35] C:\Program Files\MSXML 4.0
[21/06/2008|02:42] C:\Program Files\NetMeeting
[21/06/2008|02:40] C:\Program Files\Online Services
[21/06/2008|11:59] C:\Program Files\Outlook Express
[14/07/2008|18:00] C:\Program Files\PDFCreator
[04/08/2008|16:14] C:\Program Files\QuickTime
[29/06/2008|00:37] C:\Program Files\Real
[03/07/2008|11:26] C:\Program Files\SAGEM
[21/06/2008|02:42] C:\Program Files\Services en ligne
[14/07/2009|19:41] C:\Program Files\Spybot - Search & Destroy
[25/06/2008|19:46] C:\Program Files\Sun
[16/07/2009|17:23] C:\Program Files\Sygate
[13/07/2008|17:34] C:\Program Files\Tunatic
[21/06/2008|02:49] C:\Program Files\Uninstall Information
[12/07/2009|16:18] C:\Program Files\VDOWNLOADER
[08/07/2009|19:02] C:\Program Files\vghd
[15/03/2009|17:30] C:\Program Files\Windows Live
[15/03/2009|17:22] C:\Program Files\Windows Live SkyDrive
[14/10/2008|10:36] C:\Program Files\Windows Media Player
[21/06/2008|02:40] C:\Program Files\Windows NT
[21/06/2008|02:43] C:\Program Files\WindowsUpdate
[21/06/2008|22:41] C:\Program Files\Winkaa 1.0
[21/06/2008|02:44] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[10/11/2008|03:25] C:\Program Files\Fichiers communs\Adobe
[21/06/2008|11:38] C:\Program Files\Fichiers communs\Designer
[09/06/2009|18:59] C:\Program Files\Fichiers communs\DivX Shared
[21/06/2008|11:20] C:\Program Files\Fichiers communs\EPSON
[21/06/2008|11:29] C:\Program Files\Fichiers communs\Hewlett-Packard
[21/06/2008|11:31] C:\Program Files\Fichiers communs\HP
[21/06/2008|11:41] C:\Program Files\Fichiers communs\InstallShield
[02/07/2008|14:58] C:\Program Files\Fichiers communs\Java
[07/03/2009|12:30] C:\Program Files\Fichiers communs\LogiShrd
[15/03/2009|17:22] C:\Program Files\Fichiers communs\Microsoft Shared
[21/06/2008|02:42] C:\Program Files\Fichiers communs\MSSoap
[21/06/2008|04:32] C:\Program Files\Fichiers communs\ODBC
[29/06/2008|00:37] C:\Program Files\Fichiers communs\Real
[21/06/2008|02:42] C:\Program Files\Fichiers communs\Services
[21/06/2008|11:32] C:\Program Files\Fichiers communs\Sonic Shared
[21/06/2008|04:32] C:\Program Files\Fichiers communs\SpeechEngines
[21/06/2008|11:52] C:\Program Files\Fichiers communs\System
[18/02/2009|14:03] C:\Program Files\Fichiers communs\Totem Shared
[15/03/2009|17:17] C:\Program Files\Fichiers communs\Windows Live
[21/06/2008|13:42] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[21/06/2008|18:18] C:\Program Files\Fichiers communs\Wise Installation Wizard
[29/06/2008|00:37] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 52 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bags Plus Online Chin

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 22:36:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:30][D:7]-> C:\DOCUME~1\POILLO~1\LOCALS~1\Temp
[F:46][D:0]-> C:\DOCUME~1\POILLO~1\Cookies
[F:1247][D:4]-> C:\DOCUME~1\POILLO~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 16/07/2009|22:37 - Option : [1]

--------------------\\ Fin du rapport a 22:37:4

ENSUITE :

SmitFraudFix v2.423

Rapport fait à 22:44:13,87, 16/07/2009
Executé à partir de C:\Documents and Settings\POILLOT fran‡ois\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\POILLOT fran‡ois

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\POILLO~1\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\POILLOT fran‡ois\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\POILLO~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\..\{91472AF6-8EEC-4BDE-B833-8B4929477A1E}: NameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{91472AF6-8EEC-4BDE-B833-8B4929477A1E}: NameServer=212.27.40.241 212.27.40.240

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 6 / 8
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
fais l'option 2 de lop sd et colle le rapport

pour les host c'est bon maintenant!

remets un ZHPDiag

et colle le rapport d'un des scan en lignes proposés
0
Réponse 7 / 8
fp1231918123
 
Bonsoir,

Pas trop de changements constatés je colle les 2 rapports : lop SD et ZHP mas ij'ai toujours le problème des Hosts et surtout quand j'ai voulu démarrer en mode sans échec il m'a demandé si je voulais être en administrateur ou en session normale et quand j'ai voulu cliquer sur administrateur il m'a demandé un mot de passe alors que j'en ai jamais créé ce qui me fait pensé qu'un type contrôle ma machine !!!!!!!!!!!!!!!!

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3100+ )
BIOS : Default System BIOS
USER : POILLOT françois ( Administrator )
BOOT : Normal boot
Antivirus : Windows Security Suite (Activated)
Firewall : Sygate Personal Firewall 4.6 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:94 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:94 Go (Free:28 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:233 Go (Free:8 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 16/07/2009|22:35 )

--------------------\\ Listing des dossiers dans APPLIC~1

[10/11/2008|03:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/08/2008|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[04/08/2008|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[16/07/2009|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[20/03/2009|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bags Plus Online Chin
[15/07/2009|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\f7ebc8e
[25/06/2008|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[21/06/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[21/06/2008|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[21/06/2008|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[07/03/2009|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[21/06/2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[15/07/2009|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[15/03/2009|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[21/06/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[27/03/2009|03:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[11/05/2009|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[21/06/2008|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[21/06/2008|02:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[16/07/2009|17:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[16/07/2009|17:50] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[20/11/2008|01:15] C:\DOCUME~1\POILLO~1\APPLIC~1\Adobe
[04/08/2008|16:16] C:\DOCUME~1\POILLO~1\APPLIC~1\Apple Computer
[21/06/2008|11:12] C:\DOCUME~1\POILLO~1\APPLIC~1\ATI
[12/07/2009|20:29] C:\DOCUME~1\POILLO~1\APPLIC~1\Desktopicon
[09/01/2009|00:47] C:\DOCUME~1\POILLO~1\APPLIC~1\DivX
[01/08/2008|22:34] C:\DOCUME~1\POILLO~1\APPLIC~1\Google
[04/07/2008|11:42] C:\DOCUME~1\POILLO~1\APPLIC~1\Help
[13/11/2008|03:20] C:\DOCUME~1\POILLO~1\APPLIC~1\HiYo
[24/06/2008|15:33] C:\DOCUME~1\POILLO~1\APPLIC~1\HP
[21/06/2008|02:49] C:\DOCUME~1\POILLO~1\APPLIC~1\Identities
[06/01/2009|21:44] C:\DOCUME~1\POILLO~1\APPLIC~1\InstallShield
[30/08/2008|13:29] C:\DOCUME~1\POILLO~1\APPLIC~1\Leadertech
[08/01/2009|16:39] C:\DOCUME~1\POILLO~1\APPLIC~1\LG Electronics
[20/11/2008|01:15] C:\DOCUME~1\POILLO~1\APPLIC~1\Macromedia
[15/07/2009|17:38] C:\DOCUME~1\POILLO~1\APPLIC~1\Malwarebytes
[23/06/2008|11:40] C:\DOCUME~1\POILLO~1\APPLIC~1\Media Player Classic
[16/07/2009|17:50] C:\DOCUME~1\POILLO~1\APPLIC~1\Microsoft
[29/06/2008|00:40] C:\DOCUME~1\POILLO~1\APPLIC~1\Real
[28/06/2008|01:39] C:\DOCUME~1\POILLO~1\APPLIC~1\Sun
[22/06/2008|00:42] C:\DOCUME~1\POILLO~1\APPLIC~1\vghd
[07/04/2009|15:09] C:\DOCUME~1\POILLO~1\APPLIC~1\XnView

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[11/07/2009 20:41][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[16/07/2009 17:25][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[10/11/2008|03:26] C:\Program Files\Adobe
[07/04/2009|15:13] C:\Program Files\AlexSoft
[21/06/2008|11:04] C:\Program Files\ALi
[04/08/2008|16:14] C:\Program Files\Apple Software Update
[21/06/2008|11:10] C:\Program Files\ATI Technologies
[21/06/2008|18:51] C:\Program Files\AVG
[22/06/2008|00:40] C:\Program Files\CCleaner
[21/06/2008|02:41] C:\Program Files\ComPlus Applications
[09/06/2009|18:59] C:\Program Files\DivX
[21/06/2008|12:02] C:\Program Files\EBP
[16/07/2009|21:31] C:\Program Files\eMule
[16/03/2009|18:40] C:\Program Files\Enigma Software Group
[21/06/2008|11:20] C:\Program Files\EPSON
[09/06/2009|18:58] C:\Program Files\Fichiers communs
[01/08/2008|22:33] C:\Program Files\Google
[21/06/2008|11:29] C:\Program Files\Hewlett-Packard
[21/06/2008|11:29] C:\Program Files\HP
[10/03/2009|16:08] C:\Program Files\IncrediMail
[06/01/2009|21:47] C:\Program Files\InstallShield Installation Information
[09/05/2009|03:08] C:\Program Files\Internet Explorer
[22/06/2008|00:36] C:\Program Files\IZArc
[27/03/2009|16:09] C:\Program Files\Java
[23/06/2008|11:38] C:\Program Files\K-Lite Codec Pack
[06/01/2009|21:47] C:\Program Files\LG Electronics
[08/01/2009|16:54] C:\Program Files\LG PC Suite II
[07/03/2009|12:28] C:\Program Files\Logitech
[15/07/2009|17:38] C:\Program Files\Malwarebytes' Anti-Malware
[02/07/2009|19:27] C:\Program Files\MediaCoder
[09/05/2009|03:09] C:\Program Files\Messenger
[15/03/2009|17:30] C:\Program Files\Microsoft
[22/06/2008|20:23] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/06/2008|02:44] C:\Program Files\microsoft frontpage
[21/06/2008|11:38] C:\Program Files\Microsoft Office
[28/03/2009|12:23] C:\Program Files\Microsoft Silverlight
[21/06/2008|13:44] C:\Program Files\Microsoft SQL Server Compact Edition
[15/03/2009|17:30] C:\Program Files\Microsoft Sync Framework
[21/06/2008|02:42] C:\Program Files\Movie Maker
[13/02/2009|19:19] C:\Program Files\Mozilla Firefox
[23/09/2008|21:22] C:\Program Files\MSN
[21/06/2008|02:40] C:\Program Files\MSN Gaming Zone
[18/03/2009|11:41] C:\Program Files\MSN Messenger
[21/06/2008|13:35] C:\Program Files\MSXML 4.0
[21/06/2008|02:42] C:\Program Files\NetMeeting
[21/06/2008|02:40] C:\Program Files\Online Services
[21/06/2008|11:59] C:\Program Files\Outlook Express
[14/07/2008|18:00] C:\Program Files\PDFCreator
[04/08/2008|16:14] C:\Program Files\QuickTime
[29/06/2008|00:37] C:\Program Files\Real
[03/07/2008|11:26] C:\Program Files\SAGEM
[21/06/2008|02:42] C:\Program Files\Services en ligne
[14/07/2009|19:41] C:\Program Files\Spybot - Search & Destroy
[25/06/2008|19:46] C:\Program Files\Sun
[16/07/2009|17:23] C:\Program Files\Sygate
[13/07/2008|17:34] C:\Program Files\Tunatic
[21/06/2008|02:49] C:\Program Files\Uninstall Information
[12/07/2009|16:18] C:\Program Files\VDOWNLOADER
[08/07/2009|19:02] C:\Program Files\vghd
[15/03/2009|17:30] C:\Program Files\Windows Live
[15/03/2009|17:22] C:\Program Files\Windows Live SkyDrive
[14/10/2008|10:36] C:\Program Files\Windows Media Player
[21/06/2008|02:40] C:\Program Files\Windows NT
[21/06/2008|02:43] C:\Program Files\WindowsUpdate
[21/06/2008|22:41] C:\Program Files\Winkaa 1.0
[21/06/2008|02:44] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[10/11/2008|03:25] C:\Program Files\Fichiers communs\Adobe
[21/06/2008|11:38] C:\Program Files\Fichiers communs\Designer
[09/06/2009|18:59] C:\Program Files\Fichiers communs\DivX Shared
[21/06/2008|11:20] C:\Program Files\Fichiers communs\EPSON
[21/06/2008|11:29] C:\Program Files\Fichiers communs\Hewlett-Packard
[21/06/2008|11:31] C:\Program Files\Fichiers communs\HP
[21/06/2008|11:41] C:\Program Files\Fichiers communs\InstallShield
[02/07/2008|14:58] C:\Program Files\Fichiers communs\Java
[07/03/2009|12:30] C:\Program Files\Fichiers communs\LogiShrd
[15/03/2009|17:22] C:\Program Files\Fichiers communs\Microsoft Shared
[21/06/2008|02:42] C:\Program Files\Fichiers communs\MSSoap
[21/06/2008|04:32] C:\Program Files\Fichiers communs\ODBC
[29/06/2008|00:37] C:\Program Files\Fichiers communs\Real
[21/06/2008|02:42] C:\Program Files\Fichiers communs\Services
[21/06/2008|11:32] C:\Program Files\Fichiers communs\Sonic Shared
[21/06/2008|04:32] C:\Program Files\Fichiers communs\SpeechEngines
[21/06/2008|11:52] C:\Program Files\Fichiers communs\System
[18/02/2009|14:03] C:\Program Files\Fichiers communs\Totem Shared
[15/03/2009|17:17] C:\Program Files\Fichiers communs\Windows Live
[21/06/2008|13:42] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[21/06/2008|18:18] C:\Program Files\Fichiers communs\Wise Installation Wizard
[29/06/2008|00:37] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 52 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bags Plus Online Chin

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 22:36:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:30][D:7]-> C:\DOCUME~1\POILLO~1\LOCALS~1\Temp
[F:46][D:0]-> C:\DOCUME~1\POILLO~1\Cookies
[F:1247][D:4]-> C:\DOCUME~1\POILLO~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 16/07/2009|22:37 - Option : [1]

--------------------\\ Fin du rapport a 22:37:49

et ENFIN :

Rapport de ZHPDiag v1.23.13 par Nicolas Coolman
Enregistré le 17/07/2009 20:58:29
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v7.0.5730.13

---\\ Processus lancés

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 206.53.61.77 google.com.jm
O1 - Hosts: 206.53.61.77 google.com.mx
O1 - Hosts: 206.53.61.77 google.com.my
O1 - Hosts: 206.53.61.77 google.com.na
O1 - Hosts: 206.53.61.77 google.com.nf
O1 - Hosts: 206.53.61.77 google.com.ng
O1 - Hosts: 206.53.61.77 google.ch
O1 - Hosts: 206.53.61.77 google.com.np
O1 - Hosts: 206.53.61.77 google.com.pr
O1 - Hosts: 206.53.61.77 google.com.qa
O1 - Hosts: 206.53.61.77 google.com.sg
O1 - Hosts: 206.53.61.77 google.com.tj
O1 - Hosts: 206.53.61.77 google.com.tw
O1 - Hosts: 206.53.61.77 google.dj
O1 - Hosts: 206.53.61.77 google.de
O1 - Hosts: 206.53.61.77 google.dk
O1 - Hosts: 206.53.61.77 google.dm
O1 - Hosts: 206.53.61.77 google.ee
O1 - Hosts: 206.53.61.77 google.fi
O1 - Hosts: 206.53.61.77 google.fm
O1 - Hosts: 206.53.61.77 google.fr
O1 - Hosts: 206.53.61.77 google.ge
O1 - Hosts: 206.53.61.77 google.gg
O1 - Hosts: 206.53.61.77 google.gm
O1 - Hosts: 206.53.61.77 google.gr
O1 - Hosts: 206.53.61.77 google.ht
O1 - Hosts: 206.53.61.77 google.ie
O1 - Hosts: 206.53.61.77 google.im
O1 - Hosts: 206.53.61.77 google.in
O1 - Hosts: 206.53.61.77 google.it
O1 - Hosts: 206.53.61.77 google.ki
O1 - Hosts: 206.53.61.77 google.la
O1 - Hosts: 206.53.61.77 google.li
O1 - Hosts: 206.53.61.77 google.lv
O1 - Hosts: 206.53.61.77 google.ma
O1 - Hosts: 206.53.61.77 google.ms
O1 - Hosts: 206.53.61.77 google.mu
O1 - Hosts: 206.53.61.77 google.mw
O1 - Hosts: 206.53.61.77 google.nl
O1 - Hosts: 206.53.61.77 google.no
O1 - Hosts: 206.53.61.77 google.nr
O1 - Hosts: 206.53.61.77 google.nu
O1 - Hosts: 206.53.61.77 google.pl
O1 - Hosts: 206.53.61.77 google.pn
O1 - Hosts: 206.53.61.77 google.pt
O1 - Hosts: 206.53.61.77 google.ro
O1 - Hosts: 206.53.61.77 google.ru
O1 - Hosts: 206.53.61.77 google.rw
O1 - Hosts: 206.53.61.77 google.sc
O1 - Hosts: 206.53.61.77 google.se
O1 - Hosts: 206.53.61.77 google.sh
O1 - Hosts: 206.53.61.77 google.si
O1 - Hosts: 206.53.61.77 google.sm
O1 - Hosts: 206.53.61.77 google.sn
O1 - Hosts: 206.53.61.77 google.st
O1 - Hosts: 206.53.61.77 google.tl
O1 - Hosts: 206.53.61.77 google.tm
O1 - Hosts: 206.53.61.77 google.tt
O1 - Hosts: 206.53.61.77 google.us
O1 - Hosts: 206.53.61.77 google.vu
O1 - Hosts: 206.53.61.77 google.ws
O1 - Hosts: 206.53.61.77 google.co.ck
O1 - Hosts: 206.53.61.77 google.co.id
O1 - Hosts: 206.53.61.77 google.co.il
O1 - Hosts: 206.53.61.77 google.co.in
O1 - Hosts: 206.53.61.77 google.co.jp
O1 - Hosts: 206.53.61.77 google.co.kr
O1 - Hosts: 206.53.61.77 google.co.ls
O1 - Hosts: 206.53.61.77 google.co.ma
O1 - Hosts: 206.53.61.77 google.co.nz
O1 - Hosts: 206.53.61.77 google.co.tz
O1 - Hosts: 206.53.61.77 google.co.ug
O1 - Hosts: 206.53.61.77 google.co.uk
O1 - Hosts: 206.53.61.77 google.co.za
O1 - Hosts: 206.53.61.77 google.co.zm
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 google.com.af
O1 - Hosts: 206.53.61.77 google.com.ag
O1 - Hosts: 206.53.61.77 google.com.ar
O1 - Hosts: 206.53.61.77 google.com.au
O1 - Hosts: 206.53.61.77 google.com.bn
O1 - Hosts: 206.53.61.77 google.com.br
O1 - Hosts: 206.53.61.77 google.com.by
O1 - Hosts: 206.53.61.77 google.com.bz
O1 - Hosts: 206.53.61.77 google.com.cu
O1 - Hosts: 206.53.61.77 google.com.ec
O1 - Hosts: 206.53.61.77 google.com.fj
O1 - Hosts: 206.53.61.77 www.google.ae
O1 - Hosts: 206.53.61.77 www.google.as
O1 - Hosts: 206.53.61.77 www.google.at
O1 - Hosts: 206.53.61.77 www.google.az
O1 - Hosts: 206.53.61.77 www.google.ba
O1 - Hosts: 206.53.61.77 www.google.be
O1 - Hosts: 206.53.61.77 www.google.bg
O1 - Hosts: 206.53.61.77 www.google.bs
O1 - Hosts: 206.53.61.77 www.google.ca
O1 - Hosts: 206.53.61.77 www.google.cd
O1 - Hosts: 206.53.61.77 www.google.com.gh
O1 - Hosts: 206.53.61.77 www.google.com.hk
O1 - Hosts: 206.53.61.77 www.google.com.jm
O1 - Hosts: 206.53.61.77 www.google.com.mx
O1 - Hosts: 206.53.61.77 www.google.com.my
O1 - Hosts: 206.53.61.77 www.google.com.na
O1 - Hosts: 206.53.61.77 www.google.com.nf
O1 - Hosts: 206.53.61.77 www.google.com.ng
O1 - Hosts: 206.53.61.77 www.google.ch
O1 - Hosts: 206.53.61.77 www.google.com.np
O1 - Hosts: 206.53.61.77 www.google.com.pr
O1 - Hosts: 206.53.61.77 www.google.com.qa
O1 - Hosts: 206.53.61.77 www.google.com.sg
O1 - Hosts: 206.53.61.77 www.google.com.tj
O1 - Hosts: 206.53.61.77 www.google.com.tw
O1 - Hosts: 206.53.61.77 www.google.dj
O1 - Hosts: 206.53.61.77 www.google.de
O1 - Hosts: 206.53.61.77 www.google.dk
O1 - Hosts: 206.53.61.77 www.google.dm
O1 - Hosts: 206.53.61.77 www.google.ee
O1 - Hosts: 206.53.61.77 www.google.fi
O1 - Hosts: 206.53.61.77 www.google.fm
O1 - Hosts: 206.53.61.77 www.google.fr
O1 - Hosts: 206.53.61.77 www.google.ge
O1 - Hosts: 206.53.61.77 www.google.gg
O1 - Hosts: 206.53.61.77 www.google.gm
O1 - Hosts: 206.53.61.77 www.google.gr
O1 - Hosts: 206.53.61.77 www.google.ht
O1 - Hosts: 206.53.61.77 www.google.ie
O1 - Hosts: 206.53.61.77 www.google.im
O1 - Hosts: 206.53.61.77 www.google.in
O1 - Hosts: 206.53.61.77 www.google.it
O1 - Hosts: 206.53.61.77 www.google.ki
O1 - Hosts: 206.53.61.77 www.google.la
O1 - Hosts: 206.53.61.77 www.google.li
O1 - Hosts: 206.53.61.77 www.google.lv
O1 - Hosts: 206.53.61.77 www.google.ma
O1 - Hosts: 206.53.61.77 www.google.ms
O1 - Hosts: 206.53.61.77 www.google.mu
O1 - Hosts: 206.53.61.77 www.google.mw
O1 - Hosts: 206.53.61.77 www.google.nl
O1 - Hosts: 206.53.61.77 www.google.no
O1 - Hosts: 206.53.61.77 www.google.nr
O1 - Hosts: 206.53.61.77 www.google.nu
O1 - Hosts: 206.53.61.77 www.google.pl
O1 - Hosts: 206.53.61.77 www.google.pn
O1 - Hosts: 206.53.61.77 www.google.pt
O1 - Hosts: 206.53.61.77 www.google.ro
O1 - Hosts: 206.53.61.77 www.google.ru
O1 - Hosts: 206.53.61.77 www.google.rw
O1 - Hosts: 206.53.61.77 www.google.sc
O1 - Hosts: 206.53.61.77 www.google.se
O1 - Hosts: 206.53.61.77 www.google.sh
O1 - Hosts: 206.53.61.77 www.google.si
O1 - Hosts: 206.53.61.77 www.google.sm
O1 - Hosts: 206.53.61.77 www.google.sn
O1 - Hosts: 206.53.61.77 www.google.st
O1 - Hosts: 206.53.61.77 www.google.tl
O1 - Hosts: 206.53.61.77 www.google.tm
O1 - Hosts: 206.53.61.77 www.google.tt
O1 - Hosts: 206.53.61.77 www.google.us
O1 - Hosts: 206.53.61.77 www.google.vu
O1 - Hosts: 206.53.61.77 www.google.ws
O1 - Hosts: 206.53.61.77 www.google.co.ck
O1 - Hosts: 206.53.61.77 www.google.co.id
O1 - Hosts: 206.53.61.77 www.google.co.il
O1 - Hosts: 206.53.61.77 www.google.co.in
O1 - Hosts: 206.53.61.77 www.google.co.jp
O1 - Hosts: 206.53.61.77 www.google.co.kr
O1 - Hosts: 206.53.61.77 www.google.co.ls
O1 - Hosts: 206.53.61.77 www.google.co.ma
O1 - Hosts: 206.53.61.77 www.google.co.nz
O1 - Hosts: 206.53.61.77 www.google.co.tz
O1 - Hosts: 206.53.61.77 www.google.co.ug
O1 - Hosts: 206.53.61.77 www.google.co.uk
O1 - Hosts: 206.53.61.77 www.google.co.za
O1 - Hosts: 206.53.61.77 www.google.co.zm
O1 - Hosts: 206.53.61.77 www.google.com
O1 - Hosts: 206.53.61.77 www.google.com.af
O1 - Hosts: 206.53.61.77 www.google.com.ag
O1 - Hosts: 206.53.61.77 www.google.com.ar
O1 - Hosts: 206.53.61.77 www.google.com.au
O1 - Hosts: 206.53.61.77 www.google.com.bn
O1 - Hosts: 206.53.61.77 www.google.com.br
O1 - Hosts: 206.53.61.77 www.google.com.by
O1 - Hosts: 206.53.61.77 www.google.com.bz
O1 - Hosts: 206.53.61.77 www.google.com.cu
O1 - Hosts: 206.53.61.77 www.google.com.ec
O1 - Hosts: 206.53.61.77 www.google.com.fj
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 www.google.com
O1 - Hosts: 206.53.61.77 bing.com
O1 - Hosts: 206.53.61.77 www.bing.com
O1 - Hosts: 206.53.61.77 search.yahoo.com
O1 - Hosts: 206.53.61.77 www.search.yahoo.com
O1 - Hosts: 206.53.61.77 search.live.com
O1 - Hosts: 206.53.61.77 search.msn.com
O1 - Hosts: 206.53.61.77 googleads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 www.googleads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 pubads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 www.pubads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 partner.googleadservices.com
O1 - Hosts: 206.53.61.77 www.partner.googleadservices.com
O1 - Hosts: 206.53.61.77 www.partner.googleadservices.com

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

---\\ Processus lancés
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 EPSON Stylus C62 Series /O6 USB001 /M Stylus C62
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{91472AF6-8EEC-4BDE-B833-8B4929477A1E}: NameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{91472AF6-8EEC-4BDE-B833-8B4929477A1E}: NameServer = 212.27.40.241 212.27.40.240

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\System32\avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: Process Monitor (LVPrcSrv) - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: Sygate Personal Firewall (SmcService) - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

End of the scan: 344 lines
Rapport de ZHPDiag v1.23.13 par Nicolas Coolman
Enregistré le 17/07/2009 20:58:29
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v7.0.5730.13

---\\ Processus lancés

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 206.53.61.77 google.com.jm
O1 - Hosts: 206.53.61.77 google.com.mx
O1 - Hosts: 206.53.61.77 google.com.my
O1 - Hosts: 206.53.61.77 google.com.na
O1 - Hosts: 206.53.61.77 google.com.nf
O1 - Hosts: 206.53.61.77 google.com.ng
O1 - Hosts: 206.53.61.77 google.ch
O1 - Hosts: 206.53.61.77 google.com.np
O1 - Hosts: 206.53.61.77 google.com.pr
O1 - Hosts: 206.53.61.77 google.com.qa
O1 - Hosts: 206.53.61.77 google.com.sg
O1 - Hosts: 206.53.61.77 google.com.tj
O1 - Hosts: 206.53.61.77 google.com.tw
O1 - Hosts: 206.53.61.77 google.dj
O1 - Hosts: 206.53.61.77 google.de
O1 - Hosts: 206.53.61.77 google.dk
O1 - Hosts: 206.53.61.77 google.dm
O1 - Hosts: 206.53.61.77 google.ee
O1 - Hosts: 206.53.61.77 google.fi
O1 - Hosts: 206.53.61.77 google.fm
O1 - Hosts: 206.53.61.77 google.fr
O1 - Hosts: 206.53.61.77 google.ge
O1 - Hosts: 206.53.61.77 google.gg
O1 - Hosts: 206.53.61.77 google.gm
O1 - Hosts: 206.53.61.77 google.gr
O1 - Hosts: 206.53.61.77 google.ht
O1 - Hosts: 206.53.61.77 google.ie
O1 - Hosts: 206.53.61.77 google.im
O1 - Hosts: 206.53.61.77 google.in
O1 - Hosts: 206.53.61.77 google.it
O1 - Hosts: 206.53.61.77 google.ki
O1 - Hosts: 206.53.61.77 google.la
O1 - Hosts: 206.53.61.77 google.li
O1 - Hosts: 206.53.61.77 google.lv
O1 - Hosts: 206.53.61.77 google.ma
O1 - Hosts: 206.53.61.77 google.ms
O1 - Hosts: 206.53.61.77 google.mu
O1 - Hosts: 206.53.61.77 google.mw
O1 - Hosts: 206.53.61.77 google.nl
O1 - Hosts: 206.53.61.77 google.no
O1 - Hosts: 206.53.61.77 google.nr
O1 - Hosts: 206.53.61.77 google.nu
O1 - Hosts: 206.53.61.77 google.pl
O1 - Hosts: 206.53.61.77 google.pn
O1 - Hosts: 206.53.61.77 google.pt
O1 - Hosts: 206.53.61.77 google.ro
O1 - Hosts: 206.53.61.77 google.ru
O1 - Hosts: 206.53.61.77 google.rw
O1 - Hosts: 206.53.61.77 google.sc
O1 - Hosts: 206.53.61.77 google.se
O1 - Hosts: 206.53.61.77 google.sh
O1 - Hosts: 206.53.61.77 google.si
O1 - Hosts: 206.53.61.77 google.sm
O1 - Hosts: 206.53.61.77 google.sn
O1 - Hosts: 206.53.61.77 google.st
O1 - Hosts: 206.53.61.77 google.tl
O1 - Hosts: 206.53.61.77 google.tm
O1 - Hosts: 206.53.61.77 google.tt
O1 - Hosts: 206.53.61.77 google.us
O1 - Hosts: 206.53.61.77 google.vu
O1 - Hosts: 206.53.61.77 google.ws
O1 - Hosts: 206.53.61.77 google.co.ck
O1 - Hosts: 206.53.61.77 google.co.id
O1 - Hosts: 206.53.61.77 google.co.il
O1 - Hosts: 206.53.61.77 google.co.in
O1 - Hosts: 206.53.61.77 google.co.jp
O1 - Hosts: 206.53.61.77 google.co.kr
O1 - Hosts: 206.53.61.77 google.co.ls
O1 - Hosts: 206.53.61.77 google.co.ma
O1 - Hosts: 206.53.61.77 google.co.nz
O1 - Hosts: 206.53.61.77 google.co.tz
O1 - Hosts: 206.53.61.77 google.co.ug
O1 - Hosts: 206.53.61.77 google.co.uk
O1 - Hosts: 206.53.61.77 google.co.za
O1 - Hosts: 206.53.61.77 google.co.zm
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 google.com.af
O1 - Hosts: 206.53.61.77 google.com.ag
O1 - Hosts: 206.53.61.77 google.com.ar
O1 - Hosts: 206.53.61.77 google.com.au
O1 - Hosts: 206.53.61.77 google.com.bn
O1 - Hosts: 206.53.61.77 google.com.br
O1 - Hosts: 206.53.61.77 google.com.by
O1 - Hosts: 206.53.61.77 google.com.bz
O1 - Hosts: 206.53.61.77 google.com.cu
O1 - Hosts: 206.53.61.77 google.com.ec
O1 - Hosts: 206.53.61.77 google.com.fj
O1 - Hosts: 206.53.61.77 www.google.ae
O1 - Hosts: 206.53.61.77 www.google.as
O1 - Hosts: 206.53.61.77 www.google.at
O1 - Hosts: 206.53.61.77 www.google.az
O1 - Hosts: 206.53.61.77 www.google.ba
O1 - Hosts: 206.53.61.77 www.google.be
O1 - Hosts: 206.53.61.77 www.google.bg
O1 - Hosts: 206.53.61.77 www.google.bs
O1 - Hosts: 206.53.61.77 www.google.ca
O1 - Hosts: 206.53.61.77 www.google.cd
O1 - Hosts: 206.53.61.77 www.google.com.gh
O1 - Hosts: 206.53.61.77 www.google.com.hk
O1 - Hosts: 206.53.61.77 www.google.com.jm
O1 - Hosts: 206.53.61.77 www.google.com.mx
O1 - Hosts: 206.53.61.77 www.google.com.my
O1 - Hosts: 206.53.61.77 www.google.com.na
O1 - Hosts: 206.53.61.77 www.google.com.nf
O1 - Hosts: 206.53.61.77 www.google.com.ng
O1 - Hosts: 206.53.61.77 www.google.ch
O1 - Hosts: 206.53.61.77 www.google.com.np
O1 - Hosts: 206.53.61.77 www.google.com.pr
O1 - Hosts: 206.53.61.77 www.google.com.qa
O1 - Hosts: 206.53.61.77 www.google.com.sg
O1 - Hosts: 206.53.61.77 www.google.com.tj
O1 - Hosts: 206.53.61.77 www.google.com.tw
O1 - Hosts: 206.53.61.77 www.google.dj
O1 - Hosts: 206.53.61.77 www.google.de
O1 - Hosts: 206.53.61.77 www.google.dk
O1 - Hosts: 206.53.61.77 www.google.dm
O1 - Hosts: 206.53.61.77 www.google.ee
O1 - Hosts: 206.53.61.77 www.google.fi
O1 - Hosts: 206.53.61.77 www.google.fm
O1 - Hosts: 206.53.61.77 www.google.fr
O1 - Hosts: 206.53.61.77 www.google.ge
O1 - Hosts: 206.53.61.77 www.google.gg
O1 - Hosts: 206.53.61.77 www.google.gm
O1 - Hosts: 206.53.61.77 www.google.gr
O1 - Hosts: 206.53.61.77 www.google.ht
O1 - Hosts: 206.53.61.77 www.google.ie
O1 - Hosts: 206.53.61.77 www.google.im
O1 - Hosts: 206.53.61.77 www.google.in
O1 - Hosts: 206.53.61.77 www.google.it
O1 - Hosts: 206.53.61.77 www.google.ki
O1 - Hosts: 206.53.61.77 www.google.la
O1 - Hosts: 206.53.61.77 www.google.li
O1 - Hosts: 206.53.61.77 www.google.lv
O1 - Hosts: 206.53.61.77 www.google.ma
O1 - Hosts: 206.53.61.77 www.google.ms
O1 - Hosts: 206.53.61.77 www.google.mu
O1 - Hosts: 206.53.61.77 www.google.mw
O1 - Hosts: 206.53.61.77 www.google.nl
O1 - Hosts: 206.53.61.77 www.google.no
O1 - Hosts: 206.53.61.77 www.google.nr
O1 - Hosts: 206.53.61.77 www.google.nu
O1 - Hosts: 206.53.61.77 www.google.pl
O1 - Hosts: 206.53.61.77 www.google.pn
O1 - Hosts: 206.53.61.77 www.google.pt
O1 - Hosts: 206.53.61.77 www.google.ro
O1 - Hosts: 206.53.61.77 www.google.ru
O1 - Hosts: 206.53.61.77 www.google.rw
O1 - Hosts: 206.53.61.77 www.google.sc
O1 - Hosts: 206.53.61.77 www.google.se
O1 - Hosts: 206.53.61.77 www.google.sh
O1 - Hosts: 206.53.61.77 www.google.si
O1 - Hosts: 206.53.61.77 www.google.sm
O1 - Hosts: 206.53.61.77 www.google.sn
O1 - Hosts: 206.53.61.77 www.google.st
O1 - Hosts: 206.53.61.77 www.google.tl
O1 - Hosts: 206.53.61.77 www.google.tm
O1 - Hosts: 206.53.61.77 www.google.tt
O1 - Hosts: 206.53.61.77 www.google.us
O1 - Hosts: 206.53.61.77 www.google.vu
O1 - Hosts: 206.53.61.77 www.google.ws
O1 - Hosts: 206.53.61.77 www.google.co.ck
O1 - Hosts: 206.53.61.77 www.google.co.id
O1 - Hosts: 206.53.61.77 www.google.co.il
O1 - Hosts: 206.53.61.77 www.google.co.in
O1 - Hosts: 206.53.61.77 www.google.co.jp
O1 - Hosts: 206.53.61.77 www.google.co.kr
O1 - Hosts: 206.53.61.77 www.google.co.ls
O1 - Hosts: 206.53.61.77 www.google.co.ma
O1 - Hosts: 206.53.61.77 www.google.co.nz
O1 - Hosts: 206.53.61.77 www.google.co.tz
O1 - Hosts: 206.53.61.77 www.google.co.ug
O1 - Hosts: 206.53.61.77 www.google.co.uk
O1 - Hosts: 206.53.61.77 www.google.co.za
O1 - Hosts: 206.53.61.77 www.google.co.zm
O1 - Hosts: 206.53.61.77 www.google.com
O1 - Hosts: 206.53.61.77 www.google.com.af
O1 - Hosts: 206.53.61.77 www.google.com.ag
O1 - Hosts: 206.53.61.77 www.google.com.ar
O1 - Hosts: 206.53.61.77 www.google.com.au
O1 - Hosts: 206.53.61.77 www.google.com.bn
O1 - Hosts: 206.53.61.77 www.google.com.br
O1 - Hosts: 206.53.61.77 www.google.com.by
O1 - Hosts: 206.53.61.77 www.google.com.bz
O1 - Hosts: 206.53.61.77 www.google.com.cu
O1 - Hosts: 206.53.61.77 www.google.com.ec
O1 - Hosts: 206.53.61.77 www.google.com.fj
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 www.google.com
O1 - Hosts: 206.53.61.77 bing.com
O1 - Hosts: 206.53.61.77 www.bing.com
O1 - Hosts: 206.53.61.77 search.yahoo.com
O1 - Hosts: 206.53.61.77 www.search.yahoo.com
O1 - Hosts: 206.53.61.77 search.live.com
O1 - Hosts: 206.53.61.77 search.msn.com
O1 - Hosts: 206.53.61.77 googleads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 www.googleads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 pubads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 www.pubads.g.doubleclick.net
O1 - Hosts: 206.53.61.77 partner.googleadservices.com
O1 - Hosts: 206.53.61.77 www.partner.googleadservices.com
O1 - Hosts: 206.53.61.77 www.partner.googleadservices.com

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

---\\ Processus lancés
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 EPSON Stylus C62 Series /O6 USB001 /M Stylus C62
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{91472AF6-8EEC-4BDE-B833-8B4929477A1E}: NameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{91472AF6-8EEC-4BDE-B833-8B4929477A1E}: NameServer = 212.27.40.241 212.27.40.240

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\System32\avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: Process Monitor (LVPrcSrv) - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: Sygate Personal Firewall (SmcService) - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

End of the scan: 344 lines
0
Réponse 8 / 8
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0

Discussions similaires

SecurityHealth est a désactiver ou pas au démarrage de W10 Pro 64 ?
Walti55 -
Walti55 -

2 réponses
Security boot fail lors du démarrage
Steu -
Thiecoss -

5 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse
Security Health Service qui pompe 25% de mon CPU
mimirte -
bazfile -

6 réponses
Antivirus system tray tool c'est quoi?
Aenarion -
dédétraqué -

3 réponses