pc lent alertes virus help lecture hijack ?Résolu/Fermé

Question

Bonjour à tous, j'écris depuis le Mexique où j'utilise une clé 3G, depuis qq temps PC lent à l'allumage, alerte sur ANTIVIR, et clé USB qui semble avoir récolté de mauvais trucs dans les cybers. Le lecteur CD ne se lance plus, des fichiers d'execution ont été endommagés. Plus rien ne s'ouvre automatiquement. J'ai fait un hijack et surprise des liens sur des banques mexicaines...que je n'ai jamais consulté. Hum hum
Quelqu'un peut m'aider en m'autorisant à publier mes rapports Hijack, Malware?
Merci

nico987 · Answer

mais poste tes rapports...

stevolucho · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:45, on 21/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\IUSACELL\CDU680DORA\BIN\RDVCHG.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\borella\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\borella\LOCALS~1\Temp\IE8-Setup-Full-XP.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\borella\LOCALS~1\Temp\IXP000.TMP\IE-REDIST.EXE
d:\7d02dbe55f79690d581c01bd6c3f\update\iesetup.exe
C:\WINDOWS\ie8\spuninst\spuninst.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.gdark.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.gdark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.gdark.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O1 - Hosts: 148.244.43.5 bancomer.com
O1 - Hosts: 148.244.43.5 bancomer.com.mx
O1 - Hosts: 148.244.43.5 www.bancomer.com
O1 - Hosts: 148.244.43.5 www.bancomer.com.mx
O1 - Hosts: 192.193.230.100 banamex.com
O1 - Hosts: 192.193.230.100 www.banamex.com
O1 - Hosts: 192.193.230.100 banamex.com.mx
O1 - Hosts: 192.193.230.100 www.banamex.com.mx
O1 - Hosts: 69.64.58.135 www.scotiabank.com.mx
O1 - Hosts: 69.64.58.135 www.scotiabank.com
O1 - Hosts: 69.64.58.135 scotiabank.com.mx
O1 - Hosts: 69.64.58.135 scotiabank.com
O1 - Hosts: 200.76.36.117 www.bb.com.mx
O1 - Hosts: 200.76.36.117 bb.com.mx
O1 - Hosts: 208.98.22.225 www.bancofrances.com.ar
O1 - Hosts: 208.98.22.225 https://www.bancofrances.com.ar
O1 - Hosts: 208.98.22.225 www.bancofrances.com
O1 - Hosts: 208.98.22.225 https://www.bancofrances.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IUSACELL_CDU680] C:\Program Files\IUSACELL\CDU680DORA\BIN\RDVCHG.EXE
O4 - HKLM\..\Run: [MicroNAC] c:\NTDR.exe
O4 - HKLM\..\Run: [Scheluder] c:\NTRD.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\borella\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\borella\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Ced_King · Answer

Salut,

edit : je laisse la main nico987

nico987 · Answer

Télécharge : 

Toolbar-S&D  https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3 (Team IDN) sur ton Bureau

 Lance Toolbar-S&D situé sur le Bureau. Tape sur "1" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

stevolucho · Answer

rapport malware, je moccupe de toolbar S D merci


Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2036
Windows 5.1.2600 Service Pack 3

21/09/2009 17:26:14
mbam-log-2009-09-21 (17-26-14).txt

Type de recherche: Examen rapide
Eléments examinés: 77234
Temps écoulé: 4 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon	askman (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

stevolucho · Answer

du coup jai laissé tomber le truc à faire sur random's system information tool, proposé par lautre utilisateur et voici le rapport toolbar SD


 -----------\  ToolBar S&D 1.2.9   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :         Intel(R) Pentium(R) M processor 1.73GHz )
   BIOS : Phoenix NoteBIOS 4.0 Release 6.1     
   USER : borella ( Administrator )
   BOOT : Normal boot
   Antivirus : iolo AntiVirus® 1.1 (Activated)
   C:\ (Local Disk) - FAT32 - Total:54 Go (Free:4 Go)
   D:\ (Local Disk) - FAT32 - Total:19 Go (Free:4 Go)
   E:\ (CD or DVD)
   F:\ (USB) - FAT32 - Total:65 Mo (Free:0 Go)

   "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
   Option : [1] ( 21/09/2009|17:28 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
   C:\DOCUME~1\borella\APPLIC~1\Search Settings
   C:\DOCUME~1\borella\APPLIC~1\Search Settings\kb128
   C:\DOCUME~1\borella\APPLIC~1\Search Settings\kb128	emp
   C:\DOCUME~1\borella\APPLIC~1\Search Settings\kb128	emp\ws-14505.log
   C:\DOCUME~1\borella\APPLIC~1\Search Settings\kb128	emp\ws-14506.log
   C:\DOCUME~1\borella\APPLIC~1\Search Settings\kb128	emp\ws-14507.log
   C:\DOCUME~1\borella\APPLIC~1\Search Settings\kb128	emp\ws-14508.log
   C:\Program Files\Search Settings
   C:\Program Files\Search Settings\kb128
   C:\Program Files\Search Settings\SearchSettings.exe
   C:\Program Files\Search Settings\kb128es
   C:\Program Files\Search Settings\kb128	emp
   C:\Program Files\Search Settings\kb128\SearchSettings.dll
   C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll

   -----------\  Extensions

   (borella) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
   (borella) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "SearchMigratedDefaultURL"="http://fr.gdark.com/...{searchTerms}"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Url"="http://www.microsoft.com/athome/community/rss.xml"
   "Url"="http://www.microsoft.com/atwork/community/rss.xml"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 21/09/2009|17:29 - Option : [1]

   -----------\  Fin du rapport a 17:29:50,46

nico987 · Answer

ok tu fais pareil mais avec l'option 2 et poste le rapport.

stevolucho · Answer

voila avec l'option 2



   -----------\  ToolBar S&D 1.2.9   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :         Intel(R) Pentium(R) M processor 1.73GHz )
   BIOS : Phoenix NoteBIOS 4.0 Release 6.1     
   USER : borella ( Administrator )
   BOOT : Normal boot
   Antivirus : iolo AntiVirus® 1.1 (Activated)
   C:\ (Local Disk) - FAT32 - Total:54 Go (Free:4 Go)
   D:\ (Local Disk) - FAT32 - Total:19 Go (Free:4 Go)
   E:\ (CD or DVD)
   F:\ (USB) - FAT32 - Total:65 Mo (Free:0 Go)

   "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
   Option : [2] ( 21/09/2009|17:32 )

   -----------\ SUPPRESSION

   Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
   Supprime! - C:\DOCUME~1\borella\APPLIC~1\Search Settings\kb128
   Supprime! - C:\Program Files\Search Settings\kb128
   Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
   Supprime! - C:\DOCUME~1\borella\APPLIC~1\Search Settings
   Supprime! - C:\Program Files\Search Settings

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  Extensions

   (borella) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
   (borella) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "SearchMigratedDefaultURL"="http://fr.gdark.com/...{searchTerms}"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Url"="http://www.microsoft.com/athome/community/rss.xml"
   "Url"="http://www.microsoft.com/atwork/community/rss.xml"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.msn.com/fr-fr/"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 21/09/2009|17:29 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 21/09/2009|17:33 - Option : [2]

   -----------\  Fin du rapport a 17:33:49,32

nico987 · Answer

ok télécharge lop s&d sur ton bureau ici : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

et tu fais l'option 1

stevolucho · Answer

--------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :         Intel(R) Pentium(R) M processor 1.73GHz )
   BIOS : Phoenix NoteBIOS 4.0 Release 6.1     
   USER : borella ( Administrator )
   BOOT : Normal boot
   Antivirus : iolo AntiVirus® 1.1 (Activated)
   C:\ (Local Disk) - FAT32 - Total:54 Go (Free:4 Go)
   D:\ (Local Disk) - FAT32 - Total:19 Go (Free:4 Go)
   E:\ (CD or DVD)
   F:\ (USB) - FAT32 - Total:65 Mo (Free:0 Go)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 21/09/2009|17:41 )
 
   --------------------\  Listing des dossiers dans APPLIC~1

   [30/03/2005|23:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [20/02/2007|13:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
   [30/03/2005|23:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [21/08/2009|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
   [13/09/2007|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [07/05/2008|13:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [20/02/2007|02:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [14/07/2009|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [16/08/2009|01:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
   [27/02/2007|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [26/06/2009|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [06/08/2007|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
   [20/02/2007|13:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
   [28/03/2007|02:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
   [24/04/2009|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [30/03/2005|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [20/02/2007|02:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
   [24/04/2009|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
   [13/07/2007|13:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [10/07/2009|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Temp
   [06/08/2007|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
   [17/04/2007|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [02/03/2007|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
   [03/04/2008|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

   [20/02/2007|13:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
   [30/03/2005|23:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [20/02/2007|13:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
   [28/03/2007|03:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\iolo
   [30/03/2005|23:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [20/02/2007|23:00] C:\DOCUME~1\borella\APPLIC~1\Adobe
   [20/02/2007|23:00] C:\DOCUME~1\borella\APPLIC~1\AdobeUM
   [20/02/2007|02:21] C:\DOCUME~1\borella\APPLIC~1\Apple Computer
   [14/09/2009|00:24] C:\DOCUME~1\borella\APPLIC~1\Corel
   [22/05/2007|19:13] C:\DOCUME~1\borella\APPLIC~1\Creative
   [01/03/2007|22:30] C:\DOCUME~1\borella\APPLIC~1\CyberLink
   [25/02/2007|00:09] C:\DOCUME~1\borella\APPLIC~1\dvdcss
   [16/08/2009|01:31] C:\DOCUME~1\borella\APPLIC~1\Google
   [27/05/2007|23:07] C:\DOCUME~1\borella\APPLIC~1\Help
   [06/08/2007|15:58] C:\DOCUME~1\borella\APPLIC~1\HP
   [30/03/2005|23:44] C:\DOCUME~1\borella\APPLIC~1\Identities
   [07/08/2007|12:03] C:\DOCUME~1\borella\APPLIC~1\Image Zone Express
   [20/02/2007|13:08] C:\DOCUME~1\borella\APPLIC~1\Intel
   [28/03/2007|02:56] C:\DOCUME~1\borella\APPLIC~1\iolo
   [19/10/2007|22:28] C:\DOCUME~1\borella\APPLIC~1\Leadertech
   [02/03/2007|11:19] C:\DOCUME~1\borella\APPLIC~1\Macromedia
   [24/04/2009|09:23] C:\DOCUME~1\borella\APPLIC~1\Malwarebytes
   [30/03/2005|23:29] C:\DOCUME~1\borella\APPLIC~1\Microsoft
   [20/02/2007|11:45] C:\DOCUME~1\borella\APPLIC~1\Mozilla
   [16/08/2009|01:30] C:\DOCUME~1\borella\APPLIC~1\Real
   [14/09/2007|20:00] C:\DOCUME~1\borella\APPLIC~1\Samsung
   [13/07/2007|13:47] C:\DOCUME~1\borella\APPLIC~1\Skype
   [27/04/2009|18:49] C:\DOCUME~1\borella\APPLIC~1\skypePM
   [15/03/2007|17:38] C:\DOCUME~1\borella\APPLIC~1\Sony Corporation
   [08/04/2007|16:42] C:\DOCUME~1\borella\APPLIC~1\Sun
   [20/09/2009|22:51] C:\DOCUME~1\borella\APPLIC~1\Todae
   [04/04/2007|00:56] C:\DOCUME~1\borella\APPLIC~1\U3
   [21/02/2007|22:23] C:\DOCUME~1\borella\APPLIC~1\vlc
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [14/07/2009 16:43][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [21/09/2009 16:03][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 05:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [20/02/2007|02:17] C:\Program Files\acer
   [30/03/2005|23:57] C:\Program Files\Acer Inc
   [30/03/2005|23:59] C:\Program Files\Adobe
   [07/12/2008|19:48] C:\Program Files\Alcohol Soft
   [27/02/2007|18:33] C:\Program Files\Alwil Software
   [27/01/2009|23:33] C:\Program Files\Apple Software Update
   [31/03/2005|00:00] C:\Program Files\Arcade
   [20/02/2007|02:13] C:\Program Files\ATI Technologies
   [15/12/2008|22:12] C:\Program Files\Audacity
   [14/07/2009|16:15] C:\Program Files\Avira
   [30/03/2005|23:35] C:\Program Files\ComPlus Applications
   [30/03/2005|23:52] C:\Program Files\CONEXANT
   [16/08/2009|01:28] C:\Program Files\Corel
   [19/05/2007|20:18] C:\Program Files\Creative
   [31/03/2005|00:01] C:\Program Files\CyberLink
   [18/06/2007|12:35] C:\Program Files\DivX
   [17/10/2007|21:17] C:\Program Files\eMule
   [15/08/2009|17:32] C:\Program Files\Everest Poker
   [30/03/2005|23:29] C:\Program Files\Fichiers communs
   [26/06/2009|23:32] C:\Program Files\FP
   [22/06/2009|00:03] C:\Program Files\Google
   [06/08/2007|16:12] C:\Program Files\HP
   [30/03/2005|23:44] C:\Program Files\InstallShield Installation Information
   [30/03/2005|23:45] C:\Program Files\Intel
   [01/03/2007|22:24] C:\Program Files\InterActual
   [30/03/2005|23:35] C:\Program Files\Internet Explorer
   [16/08/2009|01:28] C:\Program Files\InterVideo
   [28/03/2007|02:59] C:\Program Files\iolo
   [21/08/2009|15:56] C:\Program Files\iPod
   [21/08/2009|15:56] C:\Program Files\iTunes
   [15/09/2009|03:35] C:\Program Files\IUSACELL
   [10/04/2007|20:29] C:\Program Files\Java
   [20/02/2007|02:17] C:\Program Files\Launch Manager
   [06/03/2007|01:31] C:\Program Files\Logitech
   [24/04/2009|09:23] C:\Program Files\Malwarebytes' Anti-Malware
   [07/08/2007|22:55] C:\Program Files\Micro Application
   [15/04/2009|08:56] C:\Program Files\Microsoft
   [10/05/2007|15:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [30/03/2005|23:38] C:\Program Files\microsoft frontpage
   [20/02/2007|02:25] C:\Program Files\Microsoft Office
   [15/04/2009|09:03] C:\Program Files\Microsoft Office Outlook Connector
   [15/04/2009|09:03] C:\Program Files\Microsoft Silverlight
   [15/04/2009|08:58] C:\Program Files\Microsoft SQL Server Compact Edition
   [15/04/2009|08:59] C:\Program Files\Microsoft Sync Framework
   [20/02/2007|02:29] C:\Program Files\Microsoft Visual Studio
   [20/02/2007|02:29] C:\Program Files\Microsoft Works
   [30/03/2005|23:36] C:\Program Files\Movie Maker
   [20/02/2007|02:20] C:\Program Files\Mozilla Firefox
   [20/02/2007|02:29] C:\Program Files\MSBuild
   [30/03/2005|23:34] C:\Program Files\MSN
   [30/03/2005|23:34] C:\Program Files\MSN Gaming Zone
   [07/03/2007|15:43] C:\Program Files\MSXML 4.0
   [30/03/2005|23:36] C:\Program Files\NetMeeting
   [31/03/2005|00:06] C:\Program Files\NewTech Infosystems
   [24/04/2009|16:11] C:\Program Files\NOS
   [27/02/2007|18:32] C:\Program Files\Ontrack
   [30/03/2005|23:36] C:\Program Files\Outlook Express
   [10/12/2008|17:26] C:\Program Files\PhotoFiltre
   [30/01/2009|14:15] C:\Program Files\QuickTime
   [16/08/2009|01:30] C:\Program Files\Real
   [21/08/2009|23:31] C:\Program Files\Reference Assemblies
   [26/04/2009|12:58] C:\Program Files\RegCleaner
   [14/09/2007|19:43] C:\Program Files\Samsung
   [30/03/2005|23:36] C:\Program Files\Services en ligne
   [24/04/2009|16:44] C:\Program Files\Skype
   [08/03/2007|11:36] C:\Program Files\Softwin
   [30/03/2005|23:54] C:\Program Files\Synaptics
   [24/04/2009|11:15] C:\Program Files\Trend Micro
   [30/03/2005|23:44] C:\Program Files\Uninstall Information
   [21/02/2007|22:23] C:\Program Files\VideoLAN
   [15/09/2009|17:43] C:\Program Files\Web
   [03/04/2008|13:37] C:\Program Files\Windows Live
   [15/04/2009|08:56] C:\Program Files\Windows Live SkyDrive
   [04/06/2008|20:31] C:\Program Files\Windows Media Connect 2
   [30/03/2005|23:34] C:\Program Files\Windows Media Player
   [30/03/2005|23:34] C:\Program Files\Windows NT
   [30/03/2005|23:36] C:\Program Files\WindowsUpdate
   [20/02/2007|02:14] C:\Program Files\WinPCap
   [20/02/2007|23:21] C:\Program Files\WinRAR
   [30/03/2005|23:38] C:\Program Files\xerox

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [20/02/2007|23:00] C:\Program Files\Fichiers communs\Adobe
   [07/05/2008|13:07] C:\Program Files\Fichiers communs\Apple
   [10/07/2009|17:38] C:\Program Files\Fichiers communs\CyberLink
   [20/02/2007|02:29] C:\Program Files\Fichiers communs\DESIGNER
   [06/08/2007|16:14] C:\Program Files\Fichiers communs\Hewlett-Packard
   [06/08/2007|16:17] C:\Program Files\Fichiers communs\HP
   [30/03/2005|23:44] C:\Program Files\Fichiers communs\InstallShield
   [16/08/2009|01:28] C:\Program Files\Fichiers communs\InterVideo
   [10/04/2007|20:25] C:\Program Files\Fichiers communs\Java
   [06/03/2007|01:32] C:\Program Files\Fichiers communs\Logitech
   [30/03/2005|23:29] C:\Program Files\Fichiers communs\Microsoft Shared
   [30/03/2005|23:36] C:\Program Files\Fichiers communs\MSSoap
   [31/03/2005|00:06] C:\Program Files\Fichiers communs\muvee Technologies
   [30/03/2005|23:29] C:\Program Files\Fichiers communs\ODBC
   [16/08/2009|01:28] C:\Program Files\Fichiers communs\Protexis
   [16/08/2009|01:30] C:\Program Files\Fichiers communs\Real
   [30/03/2005|23:36] C:\Program Files\Fichiers communs\Services
   [24/04/2009|16:44] C:\Program Files\Fichiers communs\Skype
   [05/03/2007|19:08] C:\Program Files\Fichiers communs\Softwin
   [30/03/2005|23:29] C:\Program Files\Fichiers communs\SpeechEngines
   [30/03/2005|23:35] C:\Program Files\Fichiers communs\System
   [15/04/2009|08:49] C:\Program Files\Fichiers communs\Windows Live
   [03/04/2008|13:37] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [16/08/2009|01:30] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 54 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-09-21 17:43:16
   Windows 5.1.2600 Service Pack 3 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:757][D:62]-> C:\DOCUME~1\borella\LOCALS~1\Temp
   [F:2][D:0]-> C:\DOCUME~1\borella\Cookies
   [F:18][D:6]-> C:\DOCUME~1\borella\LOCALS~1\TEMPOR~1\content.IE5
   [F:2][D:0]-> C:\Recycled

   1 - "C:\Lop SD\LopR_1.txt" - 21/09/2009|17:43 - Option : [1]

   --------------------\  Fin du rapport a 17:43:50

stevolucho · Answer

dois-je faire l'option 2?

nico987 · Answer

bon refais un scan hijack mais seulement un scan pas de rapport, tu coches ces lignes : 
O1 - Hosts: 148.244.43.5 bancomer.com
O1 - Hosts: 148.244.43.5 bancomer.com.mx
O1 - Hosts: 148.244.43.5 www.bancomer.com
O1 - Hosts: 148.244.43.5 www.bancomer.com.mx
O1 - Hosts: 192.193.230.100 banamex.com
O1 - Hosts: 192.193.230.100 www.banamex.com
O1 - Hosts: 192.193.230.100 banamex.com.mx
O1 - Hosts: 69.64.58.135 www.scotiabank.com.mx
O1 - Hosts: 69.64.58.135 www.scotiabank.com
O1 - Hosts: 69.64.58.135 scotiabank.com.mx
O1 - Hosts: 69.64.58.135 scotiabank.com
O1 - Hosts: 200.76.36.117 www.bb.com.mx
O1 - Hosts: 200.76.36.117 bb.com.mx
O1 - Hosts: 208.98.22.225 www.bancofrances.com.ar
O1 - Hosts: 208.98.22.225 https://www.bancofrances.com.ar
O1 - Hosts: 208.98.22.225 www.bancofrances.com
O1 - Hosts: 208.98.22.225 https://www.bancofrances.com

Tu les coches puis clique sur fix checked et tu réponds oui.

stevolucho · Answer

effectué

nico987 · Answer

c'est bon ?
Refais moi un rapport hijackthis.

stevolucho · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:43, on 21/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IUSACELL\CDU680DORA\BIN\RDVCHG.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IUSACELL\CDU680DORA\Bin\CDU680.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.gdark.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IUSACELL_CDU680] C:\Program Files\IUSACELL\CDU680DORA\BIN\RDVCHG.EXE
O4 - HKLM\..\Run: [MicroNAC] c:\NTDR.exe
O4 - HKLM\..\Run: [Scheluder] c:\NTRD.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B4CD772-6098-4EF0-8D50-228DC3BED0B3}: NameServer = 207.83.200.200 200.38.100.210
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

nico987 · Answer

maintenant Télécharge usbfix :  http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
branche toutes tes clés, diques durs...
 Tu le lances et tu fais f puis enter. Puis 1 puis enter. 
Poste le rapport.

tuto ici : https://www.malekal.com/usbfix-supprimer-virus-usb/

stevolucho · Answer

############################## | UsbFix V6.036 |

User : borella (Administrateurs) # ACER-19B694409A
Update on 21/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 18:13:08 | 21/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

        Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
AV : iolo AntiVirus® 1.1 [ Enabled | Updated ]

C:\ -> Disque fixe local # 54,9 Go (4,57 Go free) [ACER] # FAT32
D:\ -> Disque fixe local # 19,6 Go (4,74 Go free) [CHLOE] # FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 979,05 Mo (330,8 Mo free) # FAT32
G:\ -> Disque fixe local # 335,27 Go (25,2 Go free) [IOMEGA_HDD] # FAT32
H:\ -> Disque amovible # 65,47 Mo (51 Mo free) [CDU680_UMSD] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IUSACELL\CDU680DORA\BIN\RDVCHG.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IUSACELL\CDU680DORA\Bin\CDU680.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

C:\WINDOWS\antiv.exe  
F:\autorun.inf -> fichier appelé : "F:\AUTORUN\setup.exe" ( Absent ! )  
F:\autorun.inf  
G:\autorun.inf -> fichier appelé : "G:\AUTORUN\setup.exe" ( Présent ! )  
G:\autorun.inf  
H:\autorun.inf -> fichier appelé : "H:\AUTORUN\setup.exe" ( Présent ! )  
H:\autorun.inf  

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{0041b86f-9a90-11de-9ac9-00c09fa36ae7}
shell\AutoRun\command =G:\AUTORUN\setup.exe 
shell\open\command =G:\AUTORUN\setup.exe 

HKCU\..\..\Explorer\MountPoints2\{1e36813c-0c45-11dc-9653-00c09fa36ae7}
Shell\Auto\command =F:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{2c5197d9-06fb-11dc-963d-00c09fa36ae7}
Shell\Auto\command =sxs.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

HKCU\..\..\Explorer\MountPoints2\{35288c40-c29f-11db-9572-00c09fa36ae7}
Shell\Auto\command =sxs.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

HKCU\..\..\Explorer\MountPoints2\{3912bbbc-c080-11db-9567-00c09fa36ae7}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{3912bbbd-c080-11db-9567-00c09fa36ae7}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{4c2b94ae-d7e5-11db-95b7-00805a4d9672}
Shell\Auto\command =F:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{5690e9fa-16c6-11dd-98a6-00c09fa36ae7}
shell\AutoRun\command =I:\AUTORUN\setup.exe 
shell\open\command =I:\AUTORUN\setup.exe 

HKCU\..\..\Explorer\MountPoints2\{569a8608-0a0c-11dc-964c-00805a4d9672}
Shell\Auto\command =F:\sxs.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

HKCU\..\..\Explorer\MountPoints2\{59800efe-8d57-11dd-9946-00c09fa36ae7}
Shell\AutoRun\command =H:\WDSetup.exe 

HKCU\..\..\Explorer\MountPoints2\{5ce32c96-9f28-11de-9ad3-00c09fa36ae7}
shell\AutoRun\command =G:\AUTORUN\setup.exe 
shell\open\command =G:\AUTORUN\setup.exe 

HKCU\..\..\Explorer\MountPoints2\{93c42764-2f1e-11dc-96a9-00805a4d9672}
Shell\AutoRun\command =fooool.exe 
Shell\explore\Command =fooool.exe 
Shell\open\Command =fooool.exe 

HKCU\..\..\Explorer\MountPoints2\{aa228efe-a197-11de-9ad8-00c09fa36ae7}
shell\AutoRun\command =F:\AUTORUN\setup.exe 
shell\open\command =F:\AUTORUN\setup.exe 

HKCU\..\..\Explorer\MountPoints2\{aa228eff-a197-11de-9ad8-00c09fa36ae7}
shell\AutoRun\command =H:\AUTORUN\setup.exe 
shell\open\command =H:\AUTORUN\setup.exe 

HKCU\..\..\Explorer\MountPoints2\{ab4cc27e-d613-11db-95b1-00805a4d9672}
Shell\Auto\command =fun.xls.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

HKCU\..\..\Explorer\MountPoints2\{c9f19b7e-a207-11de-9adc-00c09fa36ae7}
shell\AutoRun\command =F:\AUTORUN\setup.exe 
shell\open\command =F:\AUTORUN\setup.exe 

HKCU\..\..\Explorer\MountPoints2\{c9f19b7f-a207-11de-9adc-00c09fa36ae7}
shell\AutoRun\command =F:\AUTORUN\setup.exe 
shell\open\command =F:\AUTORUN\setup.exe 

HKCU\..\..\Explorer\MountPoints2\{ca98eb30-7ff4-11dd-9935-00c09fa36ae7}
shell\AutoRun\command =G:\AUTORUN\setup.exe 
shell\open\command =G:\AUTORUN\setup.exe 

HKCU\..\..\Explorer\MountPoints2\{e85a26cc-298b-11dc-96a0-00c09fa36ae7}
shell\AutoRun\command =AUTORUN\setup.exe 
shell\open\command =AUTORUN\setup.exe 

HKCU\..\..\Explorer\MountPoints2\{f46141e4-1455-11dc-966b-00805a4d9672}
Shell\AutoRun\command =22wcb21o.exe 
Shell\explore\Command =22wcb21o.exe 
Shell\open\Command =22wcb21o.exe 

HKCU\..\..\Explorer\MountPoints2\{fe30cdd8-14d8-11dc-966c-00805a4d9672}
Shell\AutoRun\command =22wcb21o.exe 
Shell\explore\Command =22wcb21o.exe 
Shell\open\Command =22wcb21o.exe 

################## | ! Fin du rapport # UsbFix V6.036 ! |

nico987 · Answer

tu fais pareil mais avec l'option 2 maintenant.
Ne t'inquiète pas le bureau va disparaître l'ordi va redémarrer.
Laisse le travailler, poste le rapport qui va s'ouvrir quand l'ordi redamarre.
Ne touche à rien surtout, et ferme tpus les programmes avant.

stevolucho · Answer

############################## | UsbFix V6.036 |

User : borella (Administrateurs) # ACER-19B694409A
Update on 21/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 18:23:23 | 21/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

        Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
AV : iolo AntiVirus® 1.1 [ Enabled | Updated ]

C:\ -> Disque fixe local # 54,9 Go (4,38 Go free) [ACER] # FAT32
D:\ -> Disque fixe local # 19,6 Go (4,74 Go free) [CHLOE] # FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 65,47 Mo (51 Mo free) [CDU680_UMSD] # FAT32
G:\ -> Disque amovible # 979,05 Mo (330,8 Mo free) # FAT32
H:\ -> Disque fixe local # 335,27 Go (25,2 Go free) [IOMEGA_HDD] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\WINDOWS\ANTIV.EXE  
F:\autorun.inf -> fichier appelé : "F:\AUTORUN\setup.exe" ( Présent ! )  
Supprimé ! F:\AUTORUN\setup.exe 
Supprimé ! F:\autorun.inf 
G:\autorun.inf -> fichier appelé : "G:\AUTORUN\setup.exe" ( Absent ! )  
Supprimé ! G:\autorun.inf 
H:\autorun.inf -> fichier appelé : "H:\AUTORUN\setup.exe" ( Présent ! )  
Supprimé ! H:\AUTORUN\setup.exe 
Supprimé ! H:\autorun.inf 

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{0041b86f-9a90-11de-9ac9-00c09fa36ae7}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{1e36813c-0c45-11dc-9653-00c09fa36ae7}\Shell\Auto\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{2c5197d9-06fb-11dc-963d-00c09fa36ae7}\Shell\Auto\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{35288c40-c29f-11db-9572-00c09fa36ae7}\Shell\Auto\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{3912bbbc-c080-11db-9567-00c09fa36ae7}\Shell\Auto\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{3912bbbd-c080-11db-9567-00c09fa36ae7}\Shell\Auto\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{4c2b94ae-d7e5-11db-95b7-00805a4d9672}\Shell\Auto\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{5690e9fa-16c6-11dd-98a6-00c09fa36ae7}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{569a8608-0a0c-11dc-964c-00805a4d9672}\Shell\Auto\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{59800efe-8d57-11dd-9946-00c09fa36ae7}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{5ce32c96-9f28-11de-9ad3-00c09fa36ae7}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{93c42764-2f1e-11dc-96a9-00805a4d9672}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{aa228eff-a197-11de-9ad8-00c09fa36ae7}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{ab4cc27e-d613-11db-95b1-00805a4d9672}\Shell\Auto\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{c9f19b7e-a207-11de-9adc-00c09fa36ae7}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{c9f19b7f-a207-11de-9adc-00c09fa36ae7}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{f46141e4-1455-11dc-966b-00805a4d9672}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{fe30cdd8-14d8-11dc-966c-00805a4d9672}\Shell\AutoRun\Command  

################## | Listing des fichiers présent |

[31/03/2005 10:31|-rahs----|75] C:\PRELOAD.AAA 
[05/08/2004 05:00|-rahs----|4952] C:\Bootfont.bin 
[18/09/2008 00:10|-rahs----|252240] C:
tldr 
[05/08/2004 05:00|-rahs----|47564] C:\NTDETECT.COM 
[24/04/2009 17:40|-rahs----|216] C:\boot.ini 
[30/03/2005 23:38|--a------|0] C:\CONFIG.SYS 
[31/03/2005 00:06|--a------|50] C:\AUTOEXEC.BAT 
[30/03/2005 23:38|-rahs----|0] C:\IO.SYS 
[30/03/2005 23:38|-rahs----|0] C:\MSDOS.SYS 
[?|?|?] C:\pagefile.sys 
[24/04/2009 13:39|--a------|3806] C:apport.txt 
[?|?|?] C:\hiberfil.sys 
[14/09/2007 20:00|--a------|74] C:\CMLoader.log 
[31/08/2008 16:43|--a------|159] C:\Setup.log 
[04/10/2008 16:36|--a------|37677] C:\xHOUNGI.JPG 
[04/10/2008 16:35|--a------|72678] C:
823423703_423508_8604.jpg 
[04/10/2008 16:36|--a------|37677] C:
823423703_423512_9659.jpg 
[04/10/2008 16:36|--a------|65876] C:
749090662_1647481_8671[1].jpg 
[04/10/2008 16:36|--a------|57697] C:
749090662_1647388_7634[1].jpg 
[04/10/2008 16:36|--a------|78853] C:
749090662_1647378_4464[1].jpg 
[04/10/2008 16:36|--a------|57877] C:
714505882_1735884_1416[1].jpg 
[04/10/2008 16:37|--a------|50052] C:
714505882_1735883_604[1].jpg 
[04/10/2008 16:37|--a------|51858] C:
714505882_1735881_8715[1].jpg 
[04/10/2008 16:37|--a------|60680] C:
585216863_882073_6580[1].jpg 
[04/10/2008 16:37|--a------|57779] C:
585216863_881924_9861[1].jpg 
[04/10/2008 16:37|--a------|71582] C:
585216863_881923_8926[1].jpg 
[04/10/2008 16:37|--a------|71226] C:
585216863_881909_9610[1].jpg 
[04/10/2008 16:38|--a------|47564] C:
585216863_881908_8832[1].jpg 
[29/02/2004 17:44|--a------|52576] C:\orange.bmp 
[16/08/2009 01:27|--a------|488380] C:\vcredist_x86.log 
[21/09/2009 17:33|--a------|2561] C:\TB.txt 
[21/09/2009 17:43|--a------|11775] C:\lopR.txt 
[21/09/2009 18:27|--a------|6572] C:\UsbFix.txt 
[20/02/2007 13:37|--a------|4311] C:\WirelessDiagLog.csv 
[20/02/2008 19:49|--ah-----|244] C:\sqmnoopt00.sqm 
[20/02/2008 19:49|--ah-----|232] C:\sqmdata00.sqm 
[25/07/2007 19:09|--ah-----|244] C:\sqmnoopt01.sqm 
[25/07/2007 19:09|--ah-----|268] C:\sqmdata01.sqm 
[20/02/2008 20:59|--ah-----|244] C:\sqmnoopt02.sqm 
[20/02/2008 20:59|--ah-----|232] C:\sqmdata02.sqm 
[20/02/2008 21:36|--ah-----|244] C:\sqmnoopt03.sqm 
[20/02/2008 21:36|--ah-----|232] C:\sqmdata03.sqm 
[09/08/2007 20:38|--ah-----|244] C:\sqmnoopt04.sqm 
[09/08/2007 20:38|--ah-----|268] C:\sqmdata04.sqm 
[10/08/2007 00:01|--ah-----|244] C:\sqmnoopt05.sqm 
[10/08/2007 00:01|--ah-----|268] C:\sqmdata05.sqm 
[10/08/2007 09:27|--ah-----|244] C:\sqmnoopt06.sqm 
[10/08/2007 09:27|--ah-----|268] C:\sqmdata06.sqm 
[10/08/2007 23:31|--ah-----|244] C:\sqmnoopt07.sqm 
[10/08/2007 23:31|--ah-----|268] C:\sqmdata07.sqm 
[12/08/2007 00:36|--ah-----|244] C:\sqmnoopt08.sqm 
[12/08/2007 00:36|--ah-----|268] C:\sqmdata08.sqm 
[27/08/2007 21:08|--ah-----|244] C:\sqmnoopt09.sqm 
[27/08/2007 21:08|--ah-----|268] C:\sqmdata09.sqm 
[24/05/2001 12:59|--a------|162304] C:\UNWISE.EXE 
[27/02/2007 01:23|--a------|1119] C:\INSTALL.LOG 
[28/08/2007 23:04|--ah-----|244] C:\sqmnoopt10.sqm 
[28/08/2007 23:04|--ah-----|268] C:\sqmdata10.sqm 
[29/08/2007 20:16|--ah-----|244] C:\sqmnoopt11.sqm 
[29/08/2007 20:16|--ah-----|268] C:\sqmdata11.sqm 
[30/08/2007 23:04|--ah-----|244] C:\sqmnoopt12.sqm 
[30/08/2007 23:04|--ah-----|268] C:\sqmdata12.sqm 
[06/03/2007 01:31|--a------|183] C:\LogiSetup.log 
[31/08/2007 18:03|--ah-----|244] C:\sqmnoopt13.sqm 
[31/08/2007 18:03|--ah-----|268] C:\sqmdata13.sqm 
[01/09/2007 02:43|--ah-----|244] C:\sqmnoopt14.sqm 
[01/09/2007 02:43|--ah-----|268] C:\sqmdata14.sqm 
[01/09/2007 15:39|--ah-----|244] C:\sqmnoopt15.sqm 
[01/09/2007 15:39|--ah-----|268] C:\sqmdata15.sqm 
[01/09/2007 22:13|--ah-----|244] C:\sqmnoopt16.sqm 
[01/09/2007 22:13|--ah-----|268] C:\sqmdata16.sqm 
[02/09/2007 17:28|--ah-----|244] C:\sqmnoopt17.sqm 
[02/09/2007 17:28|--ah-----|268] C:\sqmdata17.sqm 
[01/10/2007 10:30|--ah-----|244] C:\sqmnoopt18.sqm 
[01/10/2007 10:30|--ah-----|268] C:\sqmdata18.sqm 
[01/10/2007 22:56|--ah-----|244] C:\sqmnoopt19.sqm 
[01/10/2007 22:56|--ah-----|268] C:\sqmdata19.sqm 
[19/02/2007 21:32|--ahs----|89600] D:\Thumbs.db 
[15/09/2009 21:52|--ah-----|4096] F:\._.Trashes 
[21/09/2009 07:26|--ah-----|4096] F:\._.metadata_never_index 
[21/09/2009 07:26|--ah-----|0] F:\.metadata_never_index 
[18/09/2009 11:17|--a------|296] F:\WMPInfo.xml 
[18/09/2009 13:06|--a------|1618] F:\BOOTEX.LOG 
[13/09/2009 17:27|--a------|70656] G:\parigi.doc 
[21/09/2009 01:16|--a------|43008] G:\Le pass‚ compos‚.doc 
[20/09/2009 22:15|--a------|48640] G:\clo.doc 
[28/08/2009 03:35|--ah-----|4096] G:\._Programme cours tapachula basico 3.doc 
[28/08/2009 03:35|--ah-----|4096] G:\._Programme cours tapachula elemental 1.doc 
[12/04/2009 15:30|--ah-----|4096] G:\._.Trashes 
[29/08/2009 02:47|--ah-----|522617] G:\._Programme de cours … valider et finaliser alias 
[08/07/2008 21:56|--a------|664877056] G:\Gad Elmaleh - La Vie Normale.avi 
[12/04/2009 16:08|--ah-----|4096] G:\._.TemporaryItems 
[12/04/2009 15:33|--ah-----|4096] G:\._analyse_manuel_Doganova.doc 
[12/04/2009 15:34|--ah-----|4096] G:\._4parties_last-last-version.doc 
[12/04/2009 16:08|--ah-----|4096] G:\._Je t es envoye dans les deux  mails precedant l analyse de godard et notre presentation avec borge.doc 
[27/02/2009 21:11|--ah-----|4096] H:\._.Trashes 
[27/02/2009 21:54|--ah-----|6148] H:\.DS_Store 
[13/09/2009 04:38|--ahs----|105472] H:\Thumbs.db 
[22/03/2009 01:10|--a------|1221199872] H:\Gran Torino (vost).avi 
[01/05/2009 05:39|--a------|739702784] H:\Be Kind Rewind (vost).avi 
[31/08/2008 06:49|--a------|734347264] H:\Alpha Dog (vf).avi 
[05/02/2009 04:38|--a------|730050560] H:\Eden Lake (vost).avi 
[24/02/2009 13:27|--a------|741454784] H:\Je Suis Une L‚gende (vf).avi 
[12/01/2009 00:16|--a------|717612958] H:\Le Prix de la Loyaut‚ (vf).avi 
[31/03/2009 00:07|--a------|732028928] H:\Entre Les Murs.avi 
[02/06/2008 19:54|--a------|736571392] H:\Angles d'attaque.avi 
[24/01/2005 05:36|--a------|733710336] H:\Cellular.AVI 
[27/05/2008 17:35|--a------|733511680] H:\Cleaner.avi 
[07/01/2008 12:49|--a------|734048256] H:\Gone Baby Gone.avi 
[05/10/2008 01:01|--a------|734384128] H:\J'ai toujours rˆv‚ d'ˆtre un gangster.avi 
[15/04/2007 18:09|--a------|735143936] H:\Je Vais Bien Ne t'en Fais Pas.avi 
[14/07/2008 10:51|--a------|735080448] H:\La Clef.avi 
[06/02/2009 01:59|--a------|734083072] H:\La Fille de Monaco.avi 
[26/06/2008 13:59|--a------|732710912] H:\La Vie Des Autres.avi 
[05/01/2008 14:35|--a------|734140416] H:\Le Dernier Roi d'Ecosse.avi 
[27/02/2008 20:29|--a------|731445248] H:\Le Labyrinthe de Pan.avi 
[26/02/2008 11:56|--a------|730107904] H:\Le Scaphandre et le Papillon.avi 
[09/09/2008 05:41|--a------|736030410] H:\Les Liens du Sang.avi 
[09/09/2008 04:33|--a------|733937664] H:\Sweeney Todd.avi 

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.  
# D:\autorun.inf -> Folder created by UsbFix.  
# F:\autorun.inf -> Folder created by UsbFix.  
# G:\autorun.inf -> Folder created by UsbFix.  
# H:\autorun.inf -> Folder created by UsbFix.  

################## | Upload | 

Veuillez envoyer le fichier : C:\DOCUME~1\borella\Bureau\UsbFix_Upload_Me_ACER-19B694409A.zip : https://www.androidworld.fr/ 
Merci pour votre contribution .  

################## | ! Fin du rapport # UsbFix V6.036 ! |

nico987 · Answer

voilà, comment va l'ordi, ça va mieux ?

Poste un rapport hijack stp.

stevolucho · Answer

Ok pour usb fix, durant le truc j'ai juste eu une alerte virus ki s'est declenchée : F:/AUTORUN  qqch comme ça, j'ai ignoré

nico987 · Answer

d'accord, poste un rapport hijack.

stevolucho · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:33, on 21/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\IUSACELL\CDU680DORA\Bin\CDU680.EXE
C:\Program Files\IUSACELL\CDU680DORA\Bin\RDVCHG.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.gdark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IUSACELL_CDU680] C:\Program Files\IUSACELL\CDU680DORA\BIN\RDVCHG.EXE
O4 - HKLM\..\Run: [MicroNAC] c:\NTDR.exe
O4 - HKLM\..\Run: [Scheluder] c:\NTRD.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B4CD772-6098-4EF0-8D50-228DC3BED0B3}: NameServer = 207.83.200.200 200.38.100.210
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

nico987 · Answer

encore des problèmes ?

stevolucho · Answer

en fait, je n'arrive plus à réilnstaller ni lancer internet explorer, la je passe par firefox
je vais tester la clé usb et le DD externe par curiosité car ça ne marchait plus au demarrage

nico987 · Answer

internet ne se lance plus ?

stevolucho · Answer

point extra positif : la clé usb mon disque D et le DD externe fonctionnent à merveille 
pour internet explorer, je lai desinstallé hier, je vais tenter de le reinstaller maintenant ke vous m'avez aidé

nico987 · Answer

oui et les messages de l'antivirus, les ralentissements, tout va bien ?

stevolucho · Answer

oui, je n'ai plus de message d'alertes et le PC semble fonctionner à une allure normale!!.
je vais redemarrer une fois internet explorer reinstallé (s'il se réinstalle) pour voir si le demarrage est lent, mais soyons optimiste et considerons ce probleme comme RESOLU

cependant, Je viens de tester le lecteur CD et cela ne se lance toujours pas, cela me dit cd vierge à graver pour tous types de cd insérés mais ça je crois ke cela n'a rien à voir avec ce que nous étions en train de voir

nico987 · Answer

coche résolu alors.

stevolucho · Answer

internet explorer 8 ne veut toujours pas sinstaller, cela me met : impossible de supprimer les logiciels malveillants, puis echec installation
je pense ke les operations precedentes ont resolu les problemes sur les ports usb DD etc mais là je vois pas du tout comment faire

nico987 · Answer

ben j'ai supprimer les infections, mais là je vois pas.
Poste un nouveau sujet pour installer internet au pire...

stevolucho · Answer

Ok je vais faire ça,merci mille fois deja pour tout le reste, je coche resolu pour le premier sujet

Pc lent alertes virus help lecture hijack ?

33 réponses

Newsletters