Sujet Précédent Sujet Suivant

Cid virus aide urgent !!!!!!!!!!!!!!!!!!!!!!!

besoin d'aide -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
Voilà je possede un ordinateur dell sous vista et il y a deja 2mois j'ai telecharger messenger+ (je n'ai compris que lomgtemps que ca allez etre mon enfer ) , j'ai tous essayer pour l'enlever et j'ai deinstaller messenger + mais cela na rien done je recois encore et toujours de publicite intempestives sur le pocker avec des logiciels qui me propose de telecharger

Aidez moi svp jai tous essayer merci merci merci beaucoup davance
A voir également:

13 réponses

Réponse 1 / 13
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Salut,
A- Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :

Aller dans démarrer puis panneau de configuration
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs"
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ...

B -souligne>Télécharges et installes le logiciel HijackThis </souligne>:

ici :ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

1-Cliker sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'instalation .
A la fin tu doit avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .

Important :
Renommer le prg HijackThis :
Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

tuto pour l’utiliser
regarde ici c'est parfaitement expliqué en images
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

2-!!Déconnectes toi et fermes toute tes applications en cours !!

Click sur le raccourci du bureau,
Fais un scan monjack (ou HijackThis renommé) et postes le rapport généré pour analyse ...

0
Réponse 2 / 13
patrizia Messages postés 86 Statut Membre 38
 
ben fau reformater ton ordinateur... ou essay de mettre en quarantaine ton/tes virus en faisant un scan. soit en ligne (bitdefender.com) soit avec ton antivirus....
0
Réponse 3 / 13
Ryuuku
 
Bonjour, si tu veux te débarasser des pub utilise SpyBoot, c'est très efficace ! tu peux l'avoir sur 01.net
0
Réponse 4 / 13
Ryuuku
 
Avant d'utiliser les grand moyens (formatage^^) lance un scan avec ton anti-virus, utilise Spybot, utilise easyCleaner, puis si ça ne marche pas... dis-le !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
besoin d'aide
 
merci pour vos réponses voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:37, on 27/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Chin Dent] "C:\ProgramData\Boob About About.pr52o"
O4 - HKCU\..\Run: [Ford mpeg road draw] "C:\ProgramData\meal heart meet.bx4k39"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-4066924984-2636087290-2152835849-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'maman')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 6 / 13
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
bien ...

1-Vas dans panneau de config/ajout et suppression de prg .
regardes dans la listes si tu trouves un prg comme : " CID Help ", "Circle Developement" ou
"Adverts" --->si ils s'y trouvent , supprimes les .

2-Télécharges Lop S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double clik sur sur l'.exe que tu viens de télécharger pour lancer l'instale .

Une fois l'instalation faite, click droit sur le raccourci et choisis " exécuter entant qu' admin..." .

Là,laisses toi guider:
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Postes ce rapport dans ta prochaine réponse pour analyse .

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe
0
Réponse 7 / 13
besoin d'aide
 
-----------------------[ Lop S&D 4.2.1-8 XP/Vista ]---------------------

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : L‚o La‹chi ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 27/06/2008 | 15:30:25,69 ] [ PC : PC-DE-LOLAØCHI ]
[ MAJ : 24-06-2008 | 11:00 ]
[ UAC => 0 ]

-------------[ Listing des dossiers dans Roaming ]------------

[20/06/2008|17:41] C:\Users\LOLACH~1\AppData\Roaming\Adobe\Linguistics
[30/05/2008|07:24] C:\Users\LOLACH~1\AppData\Roaming\Adobe\Acrobat
[29/05/2008|20:14] C:\Users\LOLACH~1\AppData\Roaming\Adobe\Flash Player

[27/06/2008|15:09] C:\Users\LOLACH~1\AppData\Roaming\Apple Computer\iTunes

[29/05/2008|22:09] C:\Users\LOLACH~1\AppData\Roaming\Creative\DELL Webcam Center

[29/05/2008|20:58] C:\Users\LOLACH~1\AppData\Roaming\CyberLink\PowerDVD
[29/05/2008|20:56] C:\Users\LOLACH~1\AppData\Roaming\CyberLink\PowerCinema

[29/05/2008|20:00] C:\Users\LOLACH~1\AppData\Roaming\Dell\QuickSet

[21/06/2008|12:55] C:\Users\LOLACH~1\AppData\Roaming\Google\GoogleEarth
[31/05/2008|17:02] C:\Users\LOLACH~1\AppData\Roaming\Google\Local Search History

[29/05/2008|19:59] C:\Users\LOLACH~1\AppData\Roaming\Identities\{57B62543-30FB-44CC-9EB9-5ACE4A4DD5C2}

[30/05/2008|19:23] C:\Users\LOLACH~1\AppData\Roaming\InstallShield\UpdateService
[30/05/2008|19:22] C:\Users\LOLACH~1\AppData\Roaming\InstallShield\ISEngine12.0

[30/05/2008|07:01] C:\Users\LOLACH~1\AppData\Roaming\Intel\Wireless

[06/06/2008|17:32] C:\Users\LOLACH~1\AppData\Roaming\LimeWire\promotion
[30/05/2008|08:15] C:\Users\LOLACH~1\AppData\Roaming\LimeWire\xml
[30/05/2008|08:12] C:\Users\LOLACH~1\AppData\Roaming\LimeWire\certificate
[30/05/2008|08:09] C:\Users\LOLACH~1\AppData\Roaming\LimeWire\.AppSpecialShare
[30/05/2008|08:09] C:\Users\LOLACH~1\AppData\Roaming\LimeWire\themes

[29/05/2008|20:30] C:\Users\LOLACH~1\AppData\Roaming\Macromedia\Flash Player

[21/06/2008|21:41] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\MSN Messenger
[21/06/2008|11:27] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Internet Explorer
[13/06/2008|17:43] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\MMC
[09/06/2008|18:01] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Media Player
[03/06/2008|17:49] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Crypto
[31/05/2008|16:53] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\HTML Help
[31/05/2008|16:46] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Speech
[30/05/2008|15:50] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Windows
[30/05/2008|08:12] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\IdentityCRL
[30/05/2008|06:57] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\eHome
[29/05/2008|20:24] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\UProof
[29/05/2008|20:24] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Works
[29/05/2008|20:01] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\SystemCertificates
[29/05/2008|19:59] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Protect
[29/05/2008|19:59] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Credentials

[30/05/2008|15:59] C:\Users\LOLACH~1\AppData\Roaming\Mozilla\Firefox

[06/06/2008|18:54] C:\Users\LOLACH~1\AppData\Roaming\OpenOffice.org2\user

[01/06/2008|10:57] C:\Users\LOLACH~1\AppData\Roaming\Reallusion\CT4IM

[30/05/2008|08:10] C:\Users\LOLACH~1\AppData\Roaming\Roxio\MediaManager9
[30/05/2008|06:50] C:\Users\LOLACH~1\AppData\Roaming\Roxio\MyDVD9
[30/05/2008|06:50] C:\Users\LOLACH~1\AppData\Roaming\Roxio\VideoUI9
[30/05/2008|06:50] C:\Users\LOLACH~1\AppData\Roaming\Roxio\RoxioCentral

[30/05/2008|19:35] C:\Users\LOLACH~1\AppData\Roaming\SecuROM\UserData

[30/05/2008|19:36] C:\Users\LOLACH~1\AppData\Roaming\THQ\Juiced2

[31/05/2008|12:09] C:\Users\LOLACH~1\AppData\Roaming\vlc\cache

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

[27/06/2008 11:36][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{6B72E829-F1F6-4602-9B3C-861E21FAA7B4}.job
[27/06/2008 15:29][--ah-----] C:\Windows\tasks\SA.DAT
[27/06/2008 15:28][--a------] C:\Windows\tasks\SCHEDLGU.TXT

------[ Listing des dossiers dans C:\ProgramData ]------

[23/05/2008|17:51] C:\ProgramData\Adobe
[30/05/2008|15:37] C:\ProgramData\Apple
[30/05/2008|15:39] C:\ProgramData\Apple Computer
[29/05/2008|19:55] C:\ProgramData\Application Data
[21/06/2008|21:29] C:\ProgramData\Boob About About.l82wh
[21/06/2008|21:29] C:\ProgramData\Boob About About.pr52o
[29/05/2008|19:55] C:\ProgramData\Bureau
[29/05/2008|20:56] C:\ProgramData\CyberLink
[23/05/2008|17:55] C:\ProgramData\Dell
[29/05/2008|19:55] C:\ProgramData\Documents
[03/06/2008|21:33] C:\ProgramData\Downloaded Installations
[29/05/2008|19:55] C:\ProgramData\Favoris
[31/05/2008|17:02] C:\ProgramData\Google
[23/05/2008|17:47] C:\ProgramData\InstallShield
[23/05/2008|17:38] C:\ProgramData\Intel
[21/06/2008|21:30] C:\ProgramData\meal heart meet.bx4k39
[29/05/2008|19:55] C:\ProgramData\Menu D‚marrer
[27/06/2008|15:20] C:\ProgramData\Microsoft
[29/05/2008|19:55] C:\ProgramData\ModŠles
[11/06/2008|22:10] C:\ProgramData\NFS Underground
[08/06/2008|18:47] C:\ProgramData\NVIDIA
[21/06/2008|21:30] C:\ProgramData\OPTIONAUDIO
[23/05/2008|17:59] C:\ProgramData\Roxio
[23/05/2008|17:46] C:\ProgramData\Sonic
[27/06/2008|15:30] C:\ProgramData\Spybot - Search & Destroy
[23/05/2008|17:53] C:\ProgramData\SupportSoft
[21/06/2008|21:30] C:\ProgramData\way rdr ford mpeg
[29/05/2008|20:27] C:\ProgramData\WLInstaller
[21/06/2008|19:51] C:\ProgramData\ywasvxup.hvs

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[23/05/2008|17:51] C:\Program Files\Adobe
[05/06/2008|20:09] C:\Program Files\Apple Software Update
[30/05/2008|15:39] C:\Program Files\Bonjour
[23/05/2008|17:44] C:\Program Files\Broadcom
[30/05/2008|20:53] C:\Program Files\Common Files
[23/05/2008|17:24] C:\Program Files\CONEXANT
[04/06/2008|19:44] C:\Program Files\Creative
[23/05/2008|17:39] C:\Program Files\Creative Live! Cam
[23/05/2008|17:54] C:\Program Files\CyberLink
[23/05/2008|17:57] C:\Program Files\Dell
[23/05/2008|17:53] C:\Program Files\Dell Support Center
[24/05/2008|01:18] C:\Program Files\DellTPad
[08/06/2008|17:05] C:\Program Files\desktop.ini
[23/05/2008|17:42] C:\Program Files\Digital Line Detect
[05/06/2008|20:39] C:\Program Files\Digital Video
[30/05/2008|17:19] C:\Program Files\directx
[06/06/2008|17:47] C:\Program Files\DivX
[14/06/2008|21:42] C:\Program Files\EA GAMES
[06/06/2008|18:51] C:\Program Files\FBrowserAdvisor
[06/06/2008|18:51] C:\Program Files\FBrowsingAdvisor
[29/05/2008|19:55] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[01/06/2008|10:10] C:\Program Files\Futuroscope Experience ADF
[20/06/2008|17:45] C:\Program Files\Google
[13/06/2008|17:21] C:\Program Files\Gunner 2
[20/06/2008|17:46] C:\Program Files\InstallShield Installation Information
[23/05/2008|17:38] C:\Program Files\Intel
[23/05/2008|17:38] C:\Program Files\Intel, Inc
[08/06/2008|16:57] C:\Program Files\Internet Explorer
[30/05/2008|15:39] C:\Program Files\iPod
[30/05/2008|15:39] C:\Program Files\iTunes
[15/06/2008|13:13] C:\Program Files\iWizz
[31/05/2008|18:29] C:\Program Files\Java
[30/05/2008|08:09] C:\Program Files\LimeWire
[27/06/2008|09:28] C:\Program Files\Messenger Plus! Live
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[23/05/2008|17:55] C:\Program Files\Microsoft Office
[08/06/2008|16:06] C:\Program Files\Microsoft Silverlight
[23/05/2008|17:56] C:\Program Files\Microsoft Works
[23/05/2008|17:41] C:\Program Files\Modem Diagnostic Tool
[21/06/2008|19:50] C:\Program Files\Movavi Video Converter 6
[08/06/2008|16:57] C:\Program Files\Movie Maker
[31/05/2008|12:10] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[29/05/2008|20:25] C:\Program Files\MSXML 4.0
[23/05/2008|17:42] C:\Program Files\NetWaiting
[31/05/2008|18:30] C:\Program Files\OpenOffice.org 2.4
[21/06/2008|19:25] C:\Program Files\QuickMediaConverter
[30/05/2008|15:39] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[13/06/2008|17:04] C:\Program Files\ReflexiveArcade
[30/05/2008|17:17] C:\Program Files\Rockstar Games
[23/05/2008|17:49] C:\Program Files\Roxio
[23/05/2008|17:24] C:\Program Files\Sigmatel
[14/06/2008|21:42] C:\Program Files\Slickball
[23/05/2008|17:47] C:\Program Files\Sonic
[27/06/2008|15:07] C:\Program Files\Spybot - Search & Destroy
[31/05/2008|12:10] C:\Program Files\SurfingSoftware
[30/05/2008|19:24] C:\Program Files\THQ
[27/06/2008|14:40] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[31/05/2008|12:08] C:\Program Files\VideoLAN
[23/05/2008|17:44] C:\Program Files\WIDCOMM
[08/06/2008|16:57] C:\Program Files\Windows Calendar
[08/06/2008|16:57] C:\Program Files\Windows Collaboration
[08/06/2008|16:57] C:\Program Files\Windows Defender
[08/06/2008|16:57] C:\Program Files\Windows Journal
[30/05/2008|16:28] C:\Program Files\Windows Live
[15/06/2008|11:14] C:\Program Files\Windows Mail
[08/06/2008|16:57] C:\Program Files\Windows Media Player
[29/05/2008|19:55] C:\Program Files\Windows NT
[08/06/2008|16:57] C:\Program Files\Windows Photo Gallery
[08/06/2008|16:57] C:\Program Files\Windows Sidebar

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

[23/05/2008|17:51] C:\Program Files\Common Files\Adobe
[30/05/2008|15:37] C:\Program Files\Common Files\Apple
[23/05/2008|17:40] C:\Program Files\Common Files\Creative
[23/05/2008|17:48] C:\Program Files\Common Files\InstallShield
[23/05/2008|17:38] C:\Program Files\Common Files\Java
[06/06/2008|19:02] C:\Program Files\Common Files\Logitech
[01/06/2008|10:10] C:\Program Files\Common Files\microsoft shared
[23/05/2008|17:46] C:\Program Files\Common Files\PX Storage Engine
[23/05/2008|17:40] C:\Program Files\Common Files\Reallusion
[23/05/2008|17:46] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[23/05/2008|17:49] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[23/05/2008|17:53] C:\Program Files\Common Files\supportsoft
[23/05/2008|17:47] C:\Program Files\Common Files\SureThing Shared
[08/06/2008|16:57] C:\Program Files\Common Files\System
[29/05/2008|20:34] C:\Program Files\Common Files\WindowsLiveInstaller

---------------------------[ Process ]--------------------------

... 86

iexplore.exe ~ [2964]
iexplore.exe ~ [4456]

----------------------[ Recherche avec S_Lop ]---------------------

C:\ProgramData\Boob About About.l82wh
C:\ProgramData\Boob About About.pr52o
C:\ProgramData\meal heart meet.bx4k39
C:\ProgramData\Boob About About.l82wh
C:\ProgramData\Boob About About.pr52o
C:\Users\LOLACH~1\AppData\Local\Temp\bisB47E.exe

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\Users\LOLACH~1\AppData\Roaming\MICROS~1\Windows\Cookies\léo_laichi@www.adserver5[2].txt
C:\Users\LOLACH~1\AppData\Roaming\MICROS~1\Windows\Cookies\léo_laichi@adopt.euroclick[1].txt

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chin Dent"="\"C:\\ProgramData\\Boob About About.pr52o\""
"Ford mpeg road draw"="\"C:\\ProgramData\\meal heart meet.bx4k39\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 15:31:44
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

[F:829][D:58]-> C:\Users\LOLACH~1\AppData\Local\Temp
[F:339][D:1]-> C:\Users\LOLACH~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1501][D:4]-> C:\Users\LOLACH~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:5]-> C:\$Recycle.Bin

[ UAC => 1 ]

--------------------[ Fin du rapport a 15:36:44,97 ]----------------------
0
Réponse 8 / 13
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
bien ...

Relances Lop S&D et choisis l'option 3 ...
Postes moi le rapport obtenu accompagné d' un nouvel hijackthis pour analyse ...
0
Réponse 9 / 13
besoin d'aide
 
merci pour toute vos indications je vais l'optinon 3 mais après avoir untilisé spybot jai l'impression qu'il ni a plus de pub encore merci
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Elle von revenir si tu ne passe pas l'option 3 ... Spybot tu le passeras à la fin ^^ ( et mode sans échec , c'est mieux ).

j'attends donc les rapport demandés ...
0
Réponse 10 / 13
besoin d'aide
 
daccord voici l'option 3:

-----------------------[ Lop S&D 4.2.1-8 XP/Vista ]---------------------

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : L‚o La‹chi ] [ "C:\Lop SD" ] [ Selection : 3 ]
[ 27/06/2008 | 15:59:07,36 ] [ PC : PC-DE-LOLAØCHI ]
[ MAJ : 24-06-2008 | 11:00 ]
[ UAC => 0 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\ProgramData\Boob About About.l82wh
Supprime! - C:\ProgramData\Boob About About.pr52o
Supprime! - C:\ProgramData\meal heart meet.bx4k39
Supprime! - C:\Users\LOLACH~1\AppData\Local\Temp\bisB47E.exe

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des dossiers dans Roaming ]------------

[20/06/2008|17:41] C:\Users\LOLACH~1\AppData\Roaming\Adobe\Linguistics
[30/05/2008|07:24] C:\Users\LOLACH~1\AppData\Roaming\Adobe\Acrobat
[29/05/2008|20:14] C:\Users\LOLACH~1\AppData\Roaming\Adobe\Flash Player

[27/06/2008|15:09] C:\Users\LOLACH~1\AppData\Roaming\Apple Computer\iTunes

[29/05/2008|22:09] C:\Users\LOLACH~1\AppData\Roaming\Creative\DELL Webcam Center

[29/05/2008|20:58] C:\Users\LOLACH~1\AppData\Roaming\CyberLink\PowerDVD
[29/05/2008|20:56] C:\Users\LOLACH~1\AppData\Roaming\CyberLink\PowerCinema

[29/05/2008|20:00] C:\Users\LOLACH~1\AppData\Roaming\Dell\QuickSet

[21/06/2008|12:55] C:\Users\LOLACH~1\AppData\Roaming\Google\GoogleEarth
[31/05/2008|17:02] C:\Users\LOLACH~1\AppData\Roaming\Google\Local Search History

[29/05/2008|19:59] C:\Users\LOLACH~1\AppData\Roaming\Identities\{57B62543-30FB-44CC-9EB9-5ACE4A4DD5C2}

[30/05/2008|19:23] C:\Users\LOLACH~1\AppData\Roaming\InstallShield\UpdateService
[30/05/2008|19:22] C:\Users\LOLACH~1\AppData\Roaming\InstallShield\ISEngine12.0

[30/05/2008|07:01] C:\Users\LOLACH~1\AppData\Roaming\Intel\Wireless

[06/06/2008|17:32] C:\Users\LOLACH~1\AppData\Roaming\LimeWire\promotion
[30/05/2008|08:15] C:\Users\LOLACH~1\AppData\Roaming\LimeWire\xml
[30/05/2008|08:12] C:\Users\LOLACH~1\AppData\Roaming\LimeWire\certificate
[30/05/2008|08:09] C:\Users\LOLACH~1\AppData\Roaming\LimeWire\.AppSpecialShare
[30/05/2008|08:09] C:\Users\LOLACH~1\AppData\Roaming\LimeWire\themes

[29/05/2008|20:30] C:\Users\LOLACH~1\AppData\Roaming\Macromedia\Flash Player

[21/06/2008|21:41] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\MSN Messenger
[21/06/2008|11:27] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Internet Explorer
[13/06/2008|17:43] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\MMC
[09/06/2008|18:01] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Media Player
[03/06/2008|17:49] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Crypto
[31/05/2008|16:53] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\HTML Help
[31/05/2008|16:46] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Speech
[30/05/2008|15:50] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Windows
[30/05/2008|08:12] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\IdentityCRL
[30/05/2008|06:57] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\eHome
[29/05/2008|20:24] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\UProof
[29/05/2008|20:24] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Works
[29/05/2008|20:01] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\SystemCertificates
[29/05/2008|19:59] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Protect
[29/05/2008|19:59] C:\Users\LOLACH~1\AppData\Roaming\Microsoft\Credentials

[30/05/2008|15:59] C:\Users\LOLACH~1\AppData\Roaming\Mozilla\Firefox

[06/06/2008|18:54] C:\Users\LOLACH~1\AppData\Roaming\OpenOffice.org2\user

[01/06/2008|10:57] C:\Users\LOLACH~1\AppData\Roaming\Reallusion\CT4IM

[30/05/2008|08:10] C:\Users\LOLACH~1\AppData\Roaming\Roxio\MediaManager9
[30/05/2008|06:50] C:\Users\LOLACH~1\AppData\Roaming\Roxio\MyDVD9
[30/05/2008|06:50] C:\Users\LOLACH~1\AppData\Roaming\Roxio\VideoUI9
[30/05/2008|06:50] C:\Users\LOLACH~1\AppData\Roaming\Roxio\RoxioCentral

[30/05/2008|19:35] C:\Users\LOLACH~1\AppData\Roaming\SecuROM\UserData

[30/05/2008|19:36] C:\Users\LOLACH~1\AppData\Roaming\THQ\Juiced2

[31/05/2008|12:09] C:\Users\LOLACH~1\AppData\Roaming\vlc\cache

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

[27/06/2008 11:36][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{6B72E829-F1F6-4602-9B3C-861E21FAA7B4}.job
[27/06/2008 15:57][--ah-----] C:\Windows\tasks\SA.DAT
[27/06/2008 15:56][--a------] C:\Windows\tasks\SCHEDLGU.TXT

------[ Listing des dossiers dans C:\ProgramData ]------

[23/05/2008|17:51] C:\ProgramData\Adobe
[30/05/2008|15:37] C:\ProgramData\Apple
[30/05/2008|15:39] C:\ProgramData\Apple Computer
[29/05/2008|19:55] C:\ProgramData\Application Data
[29/05/2008|19:55] C:\ProgramData\Bureau
[29/05/2008|20:56] C:\ProgramData\CyberLink
[23/05/2008|17:55] C:\ProgramData\Dell
[29/05/2008|19:55] C:\ProgramData\Documents
[03/06/2008|21:33] C:\ProgramData\Downloaded Installations
[29/05/2008|19:55] C:\ProgramData\Favoris
[31/05/2008|17:02] C:\ProgramData\Google
[23/05/2008|17:47] C:\ProgramData\InstallShield
[23/05/2008|17:38] C:\ProgramData\Intel
[29/05/2008|19:55] C:\ProgramData\Menu D‚marrer
[27/06/2008|15:20] C:\ProgramData\Microsoft
[29/05/2008|19:55] C:\ProgramData\ModŠles
[11/06/2008|22:10] C:\ProgramData\NFS Underground
[08/06/2008|18:47] C:\ProgramData\NVIDIA
[21/06/2008|21:30] C:\ProgramData\OPTIONAUDIO
[23/05/2008|17:59] C:\ProgramData\Roxio
[23/05/2008|17:46] C:\ProgramData\Sonic
[27/06/2008|15:30] C:\ProgramData\Spybot - Search & Destroy
[23/05/2008|17:53] C:\ProgramData\SupportSoft
[21/06/2008|21:30] C:\ProgramData\way rdr ford mpeg
[29/05/2008|20:27] C:\ProgramData\WLInstaller
[21/06/2008|19:51] C:\ProgramData\ywasvxup.hvs

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[23/05/2008|17:51] C:\Program Files\Adobe
[05/06/2008|20:09] C:\Program Files\Apple Software Update
[30/05/2008|15:39] C:\Program Files\Bonjour
[23/05/2008|17:44] C:\Program Files\Broadcom
[30/05/2008|20:53] C:\Program Files\Common Files
[23/05/2008|17:24] C:\Program Files\CONEXANT
[04/06/2008|19:44] C:\Program Files\Creative
[23/05/2008|17:39] C:\Program Files\Creative Live! Cam
[23/05/2008|17:54] C:\Program Files\CyberLink
[23/05/2008|17:57] C:\Program Files\Dell
[23/05/2008|17:53] C:\Program Files\Dell Support Center
[24/05/2008|01:18] C:\Program Files\DellTPad
[08/06/2008|17:05] C:\Program Files\desktop.ini
[23/05/2008|17:42] C:\Program Files\Digital Line Detect
[05/06/2008|20:39] C:\Program Files\Digital Video
[30/05/2008|17:19] C:\Program Files\directx
[06/06/2008|17:47] C:\Program Files\DivX
[14/06/2008|21:42] C:\Program Files\EA GAMES
[06/06/2008|18:51] C:\Program Files\FBrowserAdvisor
[06/06/2008|18:51] C:\Program Files\FBrowsingAdvisor
[29/05/2008|19:55] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[01/06/2008|10:10] C:\Program Files\Futuroscope Experience ADF
[20/06/2008|17:45] C:\Program Files\Google
[13/06/2008|17:21] C:\Program Files\Gunner 2
[20/06/2008|17:46] C:\Program Files\InstallShield Installation Information
[23/05/2008|17:38] C:\Program Files\Intel
[23/05/2008|17:38] C:\Program Files\Intel, Inc
[08/06/2008|16:57] C:\Program Files\Internet Explorer
[30/05/2008|15:39] C:\Program Files\iPod
[30/05/2008|15:39] C:\Program Files\iTunes
[15/06/2008|13:13] C:\Program Files\iWizz
[31/05/2008|18:29] C:\Program Files\Java
[30/05/2008|08:09] C:\Program Files\LimeWire
[27/06/2008|09:28] C:\Program Files\Messenger Plus! Live
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[23/05/2008|17:55] C:\Program Files\Microsoft Office
[08/06/2008|16:06] C:\Program Files\Microsoft Silverlight
[23/05/2008|17:56] C:\Program Files\Microsoft Works
[23/05/2008|17:41] C:\Program Files\Modem Diagnostic Tool
[21/06/2008|19:50] C:\Program Files\Movavi Video Converter 6
[08/06/2008|16:57] C:\Program Files\Movie Maker
[31/05/2008|12:10] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[29/05/2008|20:25] C:\Program Files\MSXML 4.0
[23/05/2008|17:42] C:\Program Files\NetWaiting
[31/05/2008|18:30] C:\Program Files\OpenOffice.org 2.4
[21/06/2008|19:25] C:\Program Files\QuickMediaConverter
[30/05/2008|15:39] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[13/06/2008|17:04] C:\Program Files\ReflexiveArcade
[30/05/2008|17:17] C:\Program Files\Rockstar Games
[23/05/2008|17:49] C:\Program Files\Roxio
[23/05/2008|17:24] C:\Program Files\Sigmatel
[14/06/2008|21:42] C:\Program Files\Slickball
[23/05/2008|17:47] C:\Program Files\Sonic
[27/06/2008|15:07] C:\Program Files\Spybot - Search & Destroy
[31/05/2008|12:10] C:\Program Files\SurfingSoftware
[30/05/2008|19:24] C:\Program Files\THQ
[27/06/2008|14:40] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[31/05/2008|12:08] C:\Program Files\VideoLAN
[23/05/2008|17:44] C:\Program Files\WIDCOMM
[08/06/2008|16:57] C:\Program Files\Windows Calendar
[08/06/2008|16:57] C:\Program Files\Windows Collaboration
[08/06/2008|16:57] C:\Program Files\Windows Defender
[08/06/2008|16:57] C:\Program Files\Windows Journal
[30/05/2008|16:28] C:\Program Files\Windows Live
[15/06/2008|11:14] C:\Program Files\Windows Mail
[08/06/2008|16:57] C:\Program Files\Windows Media Player
[29/05/2008|19:55] C:\Program Files\Windows NT
[08/06/2008|16:57] C:\Program Files\Windows Photo Gallery
[08/06/2008|16:57] C:\Program Files\Windows Sidebar

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

[23/05/2008|17:51] C:\Program Files\Common Files\Adobe
[30/05/2008|15:37] C:\Program Files\Common Files\Apple
[23/05/2008|17:40] C:\Program Files\Common Files\Creative
[23/05/2008|17:48] C:\Program Files\Common Files\InstallShield
[23/05/2008|17:38] C:\Program Files\Common Files\Java
[06/06/2008|19:02] C:\Program Files\Common Files\Logitech
[01/06/2008|10:10] C:\Program Files\Common Files\microsoft shared
[23/05/2008|17:46] C:\Program Files\Common Files\PX Storage Engine
[23/05/2008|17:40] C:\Program Files\Common Files\Reallusion
[23/05/2008|17:46] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[23/05/2008|17:49] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[23/05/2008|17:53] C:\Program Files\Common Files\supportsoft
[23/05/2008|17:47] C:\Program Files\Common Files\SureThing Shared
[08/06/2008|16:57] C:\Program Files\Common Files\System
[29/05/2008|20:34] C:\Program Files\Common Files\WindowsLiveInstaller

---------------------------[ Process ]--------------------------

... 86

iexplore.exe ~ [5652]

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\Users\LOLACH~1\AppData\Roaming\MICROS~1\Windows\Cookies\léo_laichi@www.adserver5[2].txt
C:\Users\LOLACH~1\AppData\Roaming\MICROS~1\Windows\Cookies\léo_laichi@adopt.euroclick[1].txt

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 16:00:54
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

[F:830][D:58]-> C:\Users\LOLACH~1\AppData\Local\Temp
[F:353][D:1]-> C:\Users\LOLACH~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1874][D:4]-> C:\Users\LOLACH~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:5]-> C:\$Recycle.Bin

[ UAC => 1 ]

--------------------[ Fin du rapport a 16:05:42,77 ]----------------------

j'ajoute le rapport hijackthis:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:20, on 27/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-4066924984-2636087290-2152835849-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'maman')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 11 / 13
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Impec ...

1-Fermes toutes tes applications et déconnectes toi .

Relance Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas clické sur les carré des lignes suivantes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Tu cliques en bas sur le bouton FIX CHECKED et valides .

2-Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

Utilisation:
vas dans "nettoyeur" : fait analyse puis nettoyage
et vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

3- Ensuite tu peux passer Spybot :
mets le à jour et lances "la vaccination"--->vaccines tant que le compteur "Non protégé" n'arrive
pas à 0.

Aide pour utilisation Spybot ici (merci Balltrap ;) ) : http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

Lances une "recherche" :
une fois le scan terminé, vérifies que tout ce qu'il a trouvé (surtout ce qui est en rouge) soit valider puis fait "corriger les prb" .
PS : dans certains cas, il te sera demander de planifier la suite des "corrections" au redémarrage du PC , acceptes .

Voilà ... si après cela , tu as encore des soucis , fais moi le savoir ^^

Sinon je te dis bonne continuation à toi et A+ ...
0
Réponse 12 / 13
YalTa
 
salut,
je ne veux pas deranger mais: non,ce n'est pas impec, le rapport lops&d montre encore:
[21/06/2008|21:30] C:\ProgramData\way rdr ford mpeg
[21/06/2008|19:51] C:\ProgramData\ywasvxup.hvs
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
effectivement , mais il y a autre chose encore que je n'avais point vue :-/


Fais ce-ci une fois le scan avec Spybot terminé :

Télécharge DiagHelp.zip sur ton bureau :

http://www.malekal.com/download/DiagHelp.zip

!! déconnectes toi et fermes toutes tes applications en cours !!

Fais un clic droit sur le fichier et extraire tout .

--> Un nouveau dossier va être créé : "DiagHelp"
Ouvres le et double-clic sur go.cmd et pas sur autre chose ! (le .cmd peut ne pas apparaître )

--> Une fenêtre va s'ouvrir, choisis l'option 1
L'analyse va commencer, ce-ci peut durer quelques minutes, laisses faire et appuies sur une touche quand on te le demandera :
une page IE va s'ouvrir , fermes la .
Re-appuis sur une touche, le bloc-note s'ouvre :
Sauvegardes ce rapport de façon à le retrouver et postes tout son contenu dans ta prochaine réponse ...
0
Réponse 13 / 13
besoin d'aide
 
alors la vraiment incroyable ca marche carémaent encore un grand grand merci c'est génial mais une dernière question esque c vraiment untile dutiliser spybot merci et a bientot
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Site pour regarder animé sans virus
ShaylahScarlet -
bendrop -

1 réponse