Analyse Hijacj this

Résolu
Lucioole Messages postés 50 Statut Membre -  
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
Bonjour, mon ordi est très très lent j'ai fait un scan hijack this voici le rapport.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:27, on 2010-04-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\TabQuery\tabquery129.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TabQuery\tabquery.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Web__Rebates\webrebatesv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Claudia Lévesque\Application Data\WhereSphere\wheresphere.exe
C:\Documents and Settings\Claudia Lévesque\Application Data\Microsoft\Windows\oulwsv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\TRENDnet\TEW-623PI\WlanCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Web__Rebates\to.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Mirar - {40B54DBD-B90D-4EDE-857A-EF46C0223278} - C:\WINDOWS\system32\5a78.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Mirar - {40B54DBC-B90D-4EDE-857A-EF46C0223278} - C:\WINDOWS\system32\5a78.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [toprm] "C:\Program Files\Web__Rebates\webrebatesv.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WhereSphere] C:\Documents and Settings\Claudia Lévesque\Application Data\WhereSphere\wheresphere.exe
O4 - HKCU\..\Run: [SfKg6wIPuS] C:\Documents and Settings\Claudia Lévesque\Application Data\Microsoft\Windows\oulwsv.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-623PI\WlanCU.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Documents and Settings\Claudia Lévesque\Application Data\Web__Rebates\toprt\toprC5.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://clody2103.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: TabQuery Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\TabQuery\tabquery129.exe

--
End of file - 8750 bytes

Lucioole

16 réponses

  1. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut Lucioole

    Le PC est beaucoup infecté

    On va faire un diagnostique plus complet, télécharge RSIT (de random/random) sur le bureau ici :
    http://images.malwareremoval.com/random/RSIT.exe

    - Double clique sur RSIT.exe qui est sur le bureau
    - Clique sur Continue dans la fenêtre
    - RSIT téléchargera HijackThis si il n'est pas présent où détecté, alors il faudra accepter la licence
    - Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l'analyse

    Utilise cjoint.com pour poster en lien tes rapports :
    https://www.cjoint.com/

    - Clique sur Parcourir pour aller chercher le rapport C:\rsit\log.txt
    - Clique sur Ouvrir ensuite sur Créer le lien Cjoint

    - Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.

    Et fais la même chose avec l'autre rapport C:\rsit\info.txt

    @++ :)
    1
  2. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut Lucioole

    Double clique sur le raccourci d'HijackThis sur ton Bureau, clique sur Do a scan system only coche la case devant la(les) ligne(s) suivante(s) si présente(s)
    Si pas de raccourci sur le bureau, il ce trouve ici :
    C:\Program Files\Trend Micro\HijackThis\Claudia Lévesque.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O2 - BHO: Mirar - {40B54DBD-B90D-4EDE-857A-EF46C0223278} - C:\WINDOWS\system32\5a78.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
    O3 - Toolbar: Mirar - {40B54DBC-B90D-4EDE-857A-EF46C0223278} - C:\WINDOWS\system32\5a78.dll (file missing)
    O4 - HKLM\..\Run: [toprm] "C:\Program Files\Web__Rebates\webrebatesv.exe"
    O4 - HKCU\..\Run: [WhereSphere] C:\Documents and Settings\Claudia Lévesque\Application Data\WhereSphere\wheresphere.exe
    O4 - HKCU\..\Run: [SfKg6wIPuS] C:\Documents and Settings\Claudia Lévesque\Application Data\Microsoft\Windows\oulwsv.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O8 - Extra context menu item: Web Rebates - file://C:\Documents and Settings\Claudia Lévesque\Application Data\Web__Rebates\toprt\toprC5.htm


    - Ferme les fenêtres en cours sauf HijackThis, clique sur Fix checked

    - Quitte HijackThis

    -----

    Télécharge OTM (de Old_Timer) sur le bureau :

    http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

    Double-clique sur OTM.exe sur le bureau

    - Copie le texte qui se trouve en gras ci-dessous et colle le dans le cadre de gauche de OTM nommé Paste Instructions for Items to be Moved

    :processes

    :services
    Boonty Games
    TabQuery Service

    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toprm]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopSearch]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSearch]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claudia Lévesque^Menu Démarrer^Programmes^Démarrage^iWin Desktop Alerts.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claudia Lévesque^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\WebRebates\WebRebates.exe"=-

    :files
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Documents and Settings\All Users\Application Data\TabQuery
    C:\Program Files\Web__Rebates
    C:\Documents and Settings\Claudia Lévesque\Application Data\Microsoft\Windows\oulwsv.exe
    C:\Program Files\Ask.com
    C:\Documents and Settings\Claudia Lévesque\Application Data\Web__Rebates
    C:\Program Files\Screensavers.com
    C:\Documents and Settings\Claudia Lévesque\Application Data\WhereSphere
    C:\Program Files\TabQuery

    :commands
    [purity]
    [emptytemp]
    [reboot]


    - Clique sur MoveIt! pour lancer la suppression.
    - Ferme OTM

    Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

    Poste le rapport de OTMoveIt qui se trouve dans C:\_OTM\MovedFiles.

    @++ :)
    0
  3. Lucioole Messages postés 50 Statut Membre
     
    voici le rapport :

    All processes killed
    ========== PROCESSES ==========
    ========== SERVICES/DRIVERS ==========
    Service Boonty Games stopped successfully!
    Service Boonty Games deleted successfully!
    Service TabQuery Service stopped successfully!
    Service TabQuery Service deleted successfully!
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toprm\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopSearch\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSearch\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claudia Lévesque^Menu Démarrer^Programmes^Démarrage^iWin Desktop Alerts.lnk\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claudia Lévesque^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\WebRebates\WebRebates.exe deleted successfully.
    ========== FILES ==========
    C:\Program Files\Fichiers communs\BOONTY Shared\Service folder moved successfully.
    C:\Program Files\Fichiers communs\BOONTY Shared folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\TabQuery folder moved successfully.
    C:\Program Files\Web__Rebates\toprs folder moved successfully.
    C:\Program Files\Web__Rebates\toprh folder moved successfully.
    C:\Program Files\Web__Rebates\topra folder moved successfully.
    C:\Program Files\Web__Rebates\images folder moved successfully.
    C:\Program Files\Web__Rebates folder moved successfully.
    C:\Documents and Settings\Claudia Lévesque\Application Data\Microsoft\Windows\oulwsv.exe moved successfully.
    C:\Program Files\Ask.com folder moved successfully.
    C:\Documents and Settings\Claudia Lévesque\Application Data\Web__Rebates\toprt folder moved successfully.
    C:\Documents and Settings\Claudia Lévesque\Application Data\Web__Rebates\toprd folder moved successfully.
    C:\Documents and Settings\Claudia Lévesque\Application Data\Web__Rebates folder moved successfully.
    C:\Program Files\Screensavers.com\Wallpaper folder moved successfully.
    C:\Program Files\Screensavers.com folder moved successfully.
    C:\Documents and Settings\Claudia Lévesque\Application Data\WhereSphere folder moved successfully.
    C:\Program Files\TabQuery folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Claudia Lévesque
    ->Flash cache emptied: 2687456 bytes

    User: Claudia Lévesque
    ->Temp folder emptied: 539624801 bytes
    ->Temporary Internet Files folder emptied: 579084976 bytes
    ->Java cache emptied: 76781399 bytes
    ->FireFox cache emptied: 90151033 bytes
    ->Flash cache emptied: 63223 bytes

    User: Claudia L'vesque
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Claudia L?sque
    ->Flash cache emptied: 56 bytes

    User: Claudia L?vesque

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 5911854 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 368105 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2114937 bytes
    %systemroot%\System32 .tmp files removed: 723968 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 125877234 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23964454 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 33103139 bytes

    Total Files Cleaned = 1 412,00 mb

    OTM by OldTimer - Version 3.1.10.2 log created on 04202010_231238

    Files moved on Reboot...

    Registry entries deleted on Reboot...
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut Lucioole

    -Télécharge et installe MalwareByte's Anti-Malware
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    - Mets le à jour

    ---

    - Redémarre en mode sans échec :

    Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

    ---

    - Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
    - Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
    - clique sur Rechercher

    - Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur OK

    - Si MalwareByte's n'a rien détecté, clique sur OK Un rapport va apparaître ferme-le.

    - Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    - Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur OK

    Tutoriel pour MalwareByte's ici :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Refais un scan avec RSIT et poste le contenu du rapport log.txt à la fin de l'analyse

    Le rapport est dans le dossier ici C:\rsit

    @++ :)
    0
  6. Lucioole Messages postés 50 Statut Membre
     
    Voici le rapport de malaware

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Version de la base de données: 4019

    Windows 5.1.2600 Service Pack 2 (Safe Mode)
    Internet Explorer 6.0.2900.2180

    2010-04-21 20:39:14
    mbam-log-2010-04-21 (20-39-14).txt

    Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
    Elément(s) analysé(s): 172354
    Temps écoulé: 1 heure(s), 16 minute(s), 2 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 31
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 12
    Fichier(s) infecté(s): 18

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{364b6276-c6c1-40b6-a6d7-6c48871fd707} (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f80c1d93-0d22-436e-963e-9d3156997a4e} (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{21f022c8-c045-4555-8a90-651e6a3dc6c6} (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952} (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{944864a5-3916-46e2-96a9-a2e84f3f1208} (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864a5-3916-46e2-96a9-a2e84f3f1208} (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWay (Adware.MyWaySearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\abar.abarband (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\abar.abarband.1 (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asearchassist.adefaultsearch (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asearchassist.adefaultsearch.1 (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Accoona (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\untopr5 (Adware.WebRebates) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\All Users\Application Data\Web__Rebates (Adware.WebRebates) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Web__Rebates\toprd (Adware.WebRebates) -> Quarantined and deleted successfully.
    C:\Program Files\Accoona (Adware.Accoona) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWay\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\whInstall (Adware.WebHancer) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Mozilla Firefox\components\wsff.dll (Adware.WhereSphere) -> Quarantined and deleted successfully.
    C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4D796D61-5A19-48DC-A305-46C8C5915061}\RP826\A0072757.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4D796D61-5A19-48DC-A305-46C8C5915061}\RP826\A0073746.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4D796D61-5A19-48DC-A305-46C8C5915061}\RP826\A0073752.exe (Adware.Mirar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4D796D61-5A19-48DC-A305-46C8C5915061}\RP836\A0073923.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4D796D61-5A19-48DC-A305-46C8C5915061}\RP850\A0074438.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4D796D61-5A19-48DC-A305-46C8C5915061}\RP887\A0078746.dll (Adware.Mirar) -> Quarantined and deleted successfully.
    C:\_OTM\MovedFiles\04202010_231238\C_Documents and Settings\Claudia Lévesque\Application Data\WhereSphere\wheresphere.exe (Adware.WhereSphere) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Web__Rebates\toprd\q4681494e7f6c.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Web__Rebates\toprd\u468149322d06.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Web__Rebates\toprd\y468149347494.dat (Adware.WebRebates) -> Quarantined and deleted successfully.
    C:\Program Files\Accoona\tbquiesce.exe (Adware.Accoona) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\01BB42EA.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\whInstall\whAgent.inf (Adware.WebHancer) -> Quarantined and deleted successfully.
    C:\Program Files\whInstall\whInstaller.ini (Adware.WebHancer) -> Quarantined and deleted successfully.
    0
  7. Lucioole Messages postés 50 Statut Membre
     
    Voici le rapport RSIT

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Claudia Lévesque at 2010-04-21 20:48:24
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 119 GB (79%) free of 151 GB
    Total RAM: 447 MB (29% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:48:30, on 2010-04-21
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\TRENDnet\TEW-623PI\WlanCU.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Documents and Settings\Claudia Lévesque\Mes documents\Téléchargements\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Claudia Lévesque.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-623PI\WlanCU.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://clody2103.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    0
  8. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut Lucioole

    Refais un scan avec RSIT et poste le contenu du rapport log.txt à la fin de l'analyse

    Le rapport est dans le dossier ici C:\rsit

    @++ :)
    0
  9. Lucioole Messages postés 50 Statut Membre
     
    Voici le rapport RSIT

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Claudia Lévesque at 2010-04-21 21:24:16
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 119 GB (79%) free of 151 GB
    Total RAM: 447 MB (49% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:24:22, on 2010-04-21
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\TRENDnet\TEW-623PI\WlanCU.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Documents and Settings\Claudia Lévesque\Mes documents\Téléchargements\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Claudia Lévesque.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-623PI\WlanCU.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://clody2103.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    0
  10. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut Lucioole

    Télécharge et installe UsbFix par El Desaparecido , C_XX & Chimay8
    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir.

    * Double clic sur le raccourci UsbFix présent sur ton bureau .

    * Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    * Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

    * Laisse travailler l'outil.

    * Ensuite poste le rapport UsbFix.txt qui apparaitra.

    Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note2 : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    * Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

    @++ :)
    0
  11. Lucioole Messages postés 50 Statut Membre
     
    Voici le rapport USBFIX

    à noter que je n'ai pas de clé USB

    ############################## | UsbFix V6.107 |

    User : Claudia Lévesque (Administrateurs) # CLAUDIA
    Update on 21/04/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 22:57:24 | 2010-04-22
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    AMD Athlon(tm) 64 Processor 3200+
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    C:\ -> Disque fixe local # 147,13 Go (115,75 Go free) # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible

    ################## | Elements infectieux |

    C:\install1.log

    ################## | Registre |

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\K
    Shell\AutoRun\command =K:\Info.exe folder.htt 480 480

    HKCU\..\..\Explorer\MountPoints2\Z
    Shell\AutoRun\command =Z:\Info.exe folder.htt 480 480

    HKCU\..\..\Explorer\MountPoints2\{0a452044-debf-11d9-afae-00112fef74b1}
    Shell\AutoRun\command =D:\Info.exe folder.htt 480 480

    HKCU\..\..\Explorer\MountPoints2\{0a452045-debf-11d9-afae-00112fef74b1}
    Shell\AutoRun\command =D:\Info.exe folder.htt 480 480

    HKCU\..\..\Explorer\MountPoints2\{4cd46722-debe-11d9-afad-806d6172696f}
    Shell\AutoRun\command =D:\Info.exe folder.htt 480 480

    HKCU\..\..\Explorer\MountPoints2\{8abd78d2-debc-11d9-a857-00112fef74b1}
    Shell\AutoRun\command =D:\Info.exe folder.htt 480 480

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné !

    ################## | ! Fin du rapport # UsbFix V6.107 ! |
    0
  12. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut Lucioole

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, caméra, Carte SD, etc...) susceptible d avoir été infectés sans les ouvrir

    * Double clic sur le raccourci UsbFix présent sur ton bureau

    * Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    * Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

    * Ton bureau disparaîtra et le pc redémarrera.

    * Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

    * Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau.

    * Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    -----

    Faire un scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :

    https://www.eset.com/int/home/online-scanner/

    (coche toutes les cases à chaque fois, sauf les deux dernières a la fin du scan, sinon le rapport est supprimer)
    A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

    @++ :)
    0
  13. Lucioole Messages postés 50 Statut Membre
     
    Voici le rapport Usbfix

    ############################## | UsbFix V6.107 |

    User : Claudia Lévesque (Administrateurs) # CLAUDIA
    Update on 21/04/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 23:53:48 | 2010-04-22
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    AMD Athlon(tm) 64 Processor 3200+
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    C:\ -> Disque fixe local # 147,13 Go (115,7 Go free) # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible

    ################## | Elements infectieux |

    Supprimé ! C:\install1.log
    Supprimé ! C:\Recycler\S-1-5-21-304909072-2293785291-2774816572-1005

    ################## | Registre |

    ################## | Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\K\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\Z\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{0a452044-debf-11d9-afae-00112fef74b1}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{0a452045-debf-11d9-afae-00112fef74b1}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{4cd46722-debe-11d9-afad-806d6172696f}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{8abd78d2-debc-11d9-a857-00112fef74b1}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [2005-06-17 10:50|--a------|0] C:\AUTOEXEC.BAT
    [2005-11-06 01:18|--a------|0] C:\BHO.log
    [2009-01-15 02:09|-rahs----|216] C:\boot.ini
    [2005-09-04 11:48|--a------|103] C:\BootErr.log
    [2004-08-05 15:00|-rahs----|4952] C:\Bootfont.bin
    [2005-06-17 10:50|--a------|0] C:\CONFIG.SYS
    [2005-06-17 10:50|-rahs----|0] C:\IO.SYS
    [2008-01-24 19:24|--a------|125] C:\ioSpecial.ini
    [2009-10-15 12:16|--a------|100] C:\lxbt.log
    [2005-06-17 10:50|-rahs----|0] C:\MSDOS.SYS
    [2004-08-05 15:00|-rahs----|47564] C:\NTDETECT.COM
    [2004-08-05 15:00|-rahs----|251712] C:\ntldr
    [?|?|?] C:\pagefile.sys
    [2007-05-25 17:58|--a------|73312] C:\playground.log
    [2010-04-22 23:57|--a------|2210] C:\UsbFix.txt

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

    ################## | Upload |

    Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_CLAUDIA.zip : https://www.ionos.fr/?affiliate_id=77097
    Merci pour votre contribution .

    ################## | ! Fin du rapport # UsbFix V6.107 ! |
    0
  14. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut Lucioole

    OK faire la suite avec le scan en ligne

    @++ :)
    0
  15. Lucioole Messages postés 50 Statut Membre
     
    Salut Dédétraqué,

    J'ai un petit probleme, il n'y a pas de rapport qui s'enregistre dans mon ordi. J'ai fait le scan 3 fois.

    Lucioole
    0
  16. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut Lucioole

    Après trois scan il ne devais plus rien détecté, as-tu d'autre souci?

    @++ :)
    0