Sujet Précédent Sujet Suivant

Rapport hijackthis

Bluegex Messages postés 90 Statut Membre -  
Bluegex Messages postés 90 Statut Membre -
Bonjour,
Merci de m'aider à trouver ce qui cloche et pourriez vous m'expliquer comment vous voyez quelles lignes doivent être enlevées ?

Voilà mon rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:42, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\vtUlLBqP.dll (file missing)
O2 - BHO: (no name) - {655BB307-5C5A-485C-AB20-F655EC88301F} - C:\WINDOWS\system32\jkkHBrSj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ball that ford software] C:\Documents and Settings\All Users\Application Data\Comp Jugs Ball That\USER PING.exe
O4 - HKLM\..\Run: [BM13560bfc] Rundll32.exe "C:\WINDOWS\system32\uqoxjjjx.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Htm Blue] C:\DOCUME~1\aa\APPLIC~1\EGGSMA~1\Support platform.exe
O4 - HKCU\..\Run: [A00F12DC115.exe] C:\DOCUME~1\aa\LOCALS~1\Temp\_A00F12DC115.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: vtUlLBqP - vtUlLBqP.dll (file missing)
O20 - Winlogon Notify: __c005A889 - C:\WINDOWS\system32\__c005A889.dat (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

---> Désactive l'antivirus
---> Télécharge Lop S&D sur ton Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
---> Double-clique dessus pour lancer l'installation
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
---> Patiente jusqu'à la fin du scan
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
0
Réponse 2 / 21
Bluegex Messages postés 90 Statut Membre
 
Voilà le rapport demandé :

-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : aa ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 15/07/2008 | 10:04:45,31 ] [ PC : D7CVK72J ]
[ MAJ : 09-07-2008 | 21:02 ]

-------------[ Listing des dossiers dans Application Data ]------------

[28/03/2008|15:05] C:\DOCUME~1\aa\APPLIC~1\aa
[21/02/2008|15:18] C:\DOCUME~1\aa\APPLIC~1\Adobe
[17/10/2006|21:44] C:\DOCUME~1\aa\APPLIC~1\AdobeUM
[16/09/2006|15:38] C:\DOCUME~1\aa\APPLIC~1\ArcSoft
[29/06/2006|18:35] C:\DOCUME~1\aa\APPLIC~1\CyberLink
[19/08/2004|14:10] C:\DOCUME~1\aa\APPLIC~1\desktop.ini
[17/04/2008|15:19] C:\DOCUME~1\aa\APPLIC~1\Documents and Settings
[23/06/2008|22:51] C:\DOCUME~1\aa\APPLIC~1\eggsmailmeow
[23/11/2006|20:36] C:\DOCUME~1\aa\APPLIC~1\EPSON
[08/01/2007|19:34] C:\DOCUME~1\aa\APPLIC~1\Google
[10/03/2008|12:05] C:\DOCUME~1\aa\APPLIC~1\gtk-2.0
[23/02/2008|14:01] C:\DOCUME~1\aa\APPLIC~1\Help
[19/08/2004|14:24] C:\DOCUME~1\aa\APPLIC~1\Identities
[25/10/2006|13:04] C:\DOCUME~1\aa\APPLIC~1\InterTrust
[19/08/2006|23:40] C:\DOCUME~1\aa\APPLIC~1\InterVideo
[15/09/2006|19:58] C:\DOCUME~1\aa\APPLIC~1\Lavasoft
[09/01/2008|15:50] C:\DOCUME~1\aa\APPLIC~1\Macromedia
[20/05/2008|14:27] C:\DOCUME~1\aa\APPLIC~1\Microsoft
[21/02/2008|14:47] C:\DOCUME~1\aa\APPLIC~1\Mozilla
[15/09/2006|19:05] C:\DOCUME~1\aa\APPLIC~1\MSNInstaller
[13/01/2007|14:05] C:\DOCUME~1\aa\APPLIC~1\OfficeUpdate12
[21/02/2008|14:49] C:\DOCUME~1\aa\APPLIC~1\PC Tools
[26/04/2006|10:58] C:\DOCUME~1\aa\APPLIC~1\Sun
[21/02/2008|14:48] C:\DOCUME~1\aa\APPLIC~1\Talkback
[20/05/2008|22:29] C:\DOCUME~1\aa\APPLIC~1\v3.0
[27/02/2007|19:00] C:\DOCUME~1\aa\APPLIC~1\vlc

[19/08/2004|14:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[19/08/2004|14:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[19/08/2004|14:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[26/04/2006|10:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun

[21/02/2008|14:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[13/11/2006|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[23/06/2008|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comp Jugs Ball That
[19/08/2004|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[07/01/2007|14:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[14/07/2008|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[18/11/2006|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[18/10/2007|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[19/08/2004|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[28/03/2008|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[17/08/2006|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[15/09/2006|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[19/08/2004|14:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[19/08/2004|14:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[19/08/2004|14:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/04/2006|10:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[19/08/2004|14:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[12/07/2007|00:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[15/07/2008 01:00][--ah-----] C:\WINDOWS\tasks\ABEB8AA791880027.job
[15/07/2008 10:01][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

ABEB8AA791880027.job <--> c:\docume~1\aa\applic~1\eggsma~1\IdleInsideReal.exe

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[12/07/2008|11:46] C:\Program Files\Adobe
[28/06/2006|07:43] C:\Program Files\Ahead
[15/09/2006|19:19] C:\Program Files\Alwil Software
[26/04/2006|10:47] C:\Program Files\Analog Devices
[08/07/2008|12:19] C:\Program Files\Aquatica Waterworlds
[17/08/2006|16:38] C:\Program Files\ArcSoft
[26/04/2006|10:59] C:\Program Files\Broadcom
[19/08/2004|14:15] C:\Program Files\ComPlus Applications
[26/04/2006|10:59] C:\Program Files\CyberLink
[28/06/2006|07:58] C:\Program Files\DivX
[23/06/2008|22:49] C:\Program Files\eggsmailmeow
[19/06/2008|23:03] C:\Program Files\epson
[28/12/2007|16:03] C:\Program Files\Fichiers communs
[05/02/2008|15:18] C:\Program Files\GIMP-2.0
[23/06/2008|15:36] C:\Program Files\Google
[19/06/2008|23:03] C:\Program Files\InstallShield Installation Information
[09/04/2008|08:10] C:\Program Files\Internet Explorer
[28/06/2006|07:40] C:\Program Files\InterVideo
[26/12/2007|23:08] C:\Program Files\Java
[15/09/2006|19:58] C:\Program Files\Lavasoft
[25/12/2007|01:03] C:\Program Files\LimeWire
[19/08/2004|14:18] C:\Program Files\microsoft frontpage
[28/06/2006|07:32] C:\Program Files\Microsoft Office
[19/08/2004|14:16] C:\Program Files\Movie Maker
[14/07/2008|23:01] C:\Program Files\Mozilla Firefox
[15/09/2006|19:05] C:\Program Files\MSN
[06/10/2007|12:59] C:\Program Files\MSN Apps
[19/08/2004|14:14] C:\Program Files\MSN Gaming Zone
[19/08/2004|14:16] C:\Program Files\NetMeeting
[04/04/2008|22:44] C:\Program Files\Norton Security Scan
[07/07/2006|18:31] C:\Program Files\OLITEC
[13/06/2007|23:24] C:\Program Files\Outlook Express
[28/03/2008|22:54] C:\Program Files\Picasa2
[18/11/2006|15:00] C:\Program Files\Samsung
[19/08/2004|14:16] C:\Program Files\Services en ligne
[28/03/2008|22:57] C:\Program Files\Spyware Doctor
[12/07/2008|11:49] C:\Program Files\Trend Micro
[19/08/2004|14:24] C:\Program Files\Uninstall Information
[19/06/2008|23:13] C:\Program Files\VideoLAN
[13/01/2007|14:18] C:\Program Files\Windows Media Connect 2
[13/01/2007|14:18] C:\Program Files\Windows Media Player
[19/08/2004|14:14] C:\Program Files\Windows NT
[19/08/2004|14:16] C:\Program Files\WindowsUpdate
[08/07/2008|12:25] C:\Program Files\WinRAR
[19/08/2004|14:18] C:\Program Files\xerox
[26/04/2006|10:59] C:\Program Files\Your Company Name

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[21/02/2008|14:53] C:\Program Files\Fichiers communs\Adobe
[28/06/2006|07:46] C:\Program Files\Fichiers communs\Ahead
[13/11/2006|21:24] C:\Program Files\Fichiers communs\BOONTY Shared
[28/06/2006|07:33] C:\Program Files\Fichiers communs\Designer
[25/12/2007|11:54] C:\Program Files\Fichiers communs\DirectX
[17/11/2006|22:21] C:\Program Files\Fichiers communs\EPSON
[17/08/2006|16:42] C:\Program Files\Fichiers communs\InstallShield
[26/04/2006|10:57] C:\Program Files\Fichiers communs\Java
[19/06/2008|23:15] C:\Program Files\Fichiers communs\Microsoft Shared
[19/08/2004|14:16] C:\Program Files\Fichiers communs\MSSoap
[19/08/2004|14:10] C:\Program Files\Fichiers communs\ODBC
[19/08/2004|14:16] C:\Program Files\Fichiers communs\Services
[19/08/2004|14:10] C:\Program Files\Fichiers communs\SpeechEngines
[09/03/2008|00:27] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|23:24] C:\Program Files\Fichiers communs\System

---------------------------[ Process ]--------------------------

... 34

iexplore.exe ~ [2012]
iexplore.exe ~ [120]

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\aa\LOCALS~1\Temp\bis2.exe

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comp Jugs Ball That
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comp Jugs Ball That\USER PING.exe
C:\DOCUME~1\aa\APPLIC~1\eggsma~1
C:\DOCUME~1\aa\APPLIC~1\eggsma~1\cfhbenrz.exe
C:\DOCUME~1\aa\APPLIC~1\eggsma~1\dtyvkjhs.exe
C:\DOCUME~1\aa\APPLIC~1\eggsma~1\Flap Software Proxy Dale.exe
C:\DOCUME~1\aa\APPLIC~1\eggsma~1\htrxcsop.exe
C:\DOCUME~1\aa\APPLIC~1\eggsma~1\Idle Inside Real.exe
C:\DOCUME~1\aa\APPLIC~1\eggsma~1\kaobufad.exe
C:\DOCUME~1\aa\APPLIC~1\eggsma~1\nefsyfdf.exe
C:\DOCUME~1\aa\APPLIC~1\eggsma~1\Support platform.exe
C:\Program Files\eggsma~1
C:\WINDOWS\Prefetch\USER PING.EXE-2A745D80.pf
C:\WINDOWS\Prefetch\IDLE INSIDE REAL.EXE-1D141747.pf
C:\WINDOWS\Prefetch\NEFSYFDF.EXE-0C55AE57.pf
C:\DOCUME~1\aa\Cookies\aa@www.adserver5[1].txt
C:\DOCUME~1\aa\Cookies\aa@adin.bigpoint[1].txt
C:\DOCUME~1\aa\Cookies\aa@bigpoint[2].txt
C:\DOCUME~1\aa\Cookies\aa@es.bigpoint[2].txt
C:\DOCUME~1\aa\Cookies\aa@es.bigpoint[3].txt
C:\DOCUME~1\aa\Cookies\aa@es.bigpoint[4].txt
C:\DOCUME~1\aa\Cookies\aa@es.bigpoint[5].txt
C:\DOCUME~1\aa\Cookies\aa@fr.bigpoint[2].txt
C:\DOCUME~1\aa\Cookies\aa@fr1.darkorbit.bigpoint[2].txt
C:\DOCUME~1\aa\Cookies\aa@fr1.darkorbit.bigpoint[3].txt
C:\DOCUME~1\aa\Cookies\aa@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\aa\Cookies\aa@www.bigpoint[1].txt
C:\DOCUME~1\aa\Cookies\aa@banner.casinoking[2].txt
C:\DOCUME~1\aa\Cookies\aa@casinoking[1].txt
C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[1].txt
C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[2].txt
C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[3].txt
C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[4].txt
C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[5].txt
C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[6].txt
C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[7].txt
C:\DOCUME~1\aa\Cookies\aa@adopt.euroclick[2].txt
C:\DOCUME~1\aa\Cookies\aa@pacificpoker[2].txt
C:\DOCUME~1\aa\Cookies\aa@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\aa\Cookies\aa@32vegas[10].txt
C:\DOCUME~1\aa\Cookies\aa@32vegas[1].txt
C:\DOCUME~1\aa\Cookies\aa@32vegas[2].txt
C:\DOCUME~1\aa\Cookies\aa@32vegas[3].txt
C:\DOCUME~1\aa\Cookies\aa@32vegas[4].txt
C:\DOCUME~1\aa\Cookies\aa@32vegas[5].txt
C:\DOCUME~1\aa\Cookies\aa@32vegas[6].txt
C:\DOCUME~1\aa\Cookies\aa@32vegas[8].txt
C:\DOCUME~1\aa\Cookies\aa@32vegas[9].txt
C:\DOCUME~1\aa\Cookies\aa@banner.32vegas[2].txt
C:\DOCUME~1\aa\Cookies\aa@cachewww.32vegas[2].txt
C:\DOCUME~1\aa\Cookies\aa@vegas-millions[1].txt
C:\DOCUME~1\aa\Cookies\aa@www.vegas-millions[2].txt
C:\DOCUME~1\aa\Cookies\aa@www.vegasaffiliates[1].txt
C:\DOCUME~1\aa\Cookies\aa@2xmoinscher[2].txt
C:\DOCUME~1\aa\Cookies\aa@cc.2xmoinscher[1].txt
C:\DOCUME~1\aa\Cookies\aa@www.2xmoinscher[1].txt
C:\DOCUME~1\aa\Cookies\aa@banner.casinoking[2].txt
C:\DOCUME~1\aa\Cookies\aa@www.agence.francetelecom[2].txt
C:\DOCUME~1\aa\Cookies\aa@888[1].txt
C:\DOCUME~1\aa\Cookies\aa@www.888[1].txt
C:\WINDOWS\Tasks\ABEB8AA791880027.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Htm Blue"="C:\\DOCUME~1\\aa\\APPLIC~1\\EGGSMA~1\\Support platform.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ball that ford software"="C:\\Documents and Settings\\All Users\\Application Data\\Comp Jugs Ball That\\USER PING.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 72 ( 70 ## added by CiD )

/!\ 1 Not 127.0.0.1 !!

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 10:05:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\system32\jSrBHkkj.ini2
C:\WINDOWS\system32\jSrBHkkj.ini
C:\WINDOWS\system32\Llmpqqru.ini2
C:\WINDOWS\system32\Llmpqqru.ini
[b]! VUNDO Possible !/b

[F:2149][D:42]-> C:\DOCUME~1\aa\LOCALS~1\Temp
[F:3289][D:0]-> C:\DOCUME~1\aa\Cookies
[F:10398][D:48]-> C:\DOCUME~1\aa\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 10:07:47,12 ]----------------------
0
Réponse 3 / 21
Bluegex Messages postés 90 Statut Membre
 
UP svp un ptit coup de main.
0
Réponse 4 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance Lop S&D
---> Choisis cette fois-ci l'option 2 (Suppression)
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
Bluegex Messages postés 90 Statut Membre
 
Merci je poste le rapport jeudi.
0
Réponse 6 / 21
Bluegex Messages postés 90 Statut Membre
 
Voilà le rapport :

-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : aa ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 17/07/2008 | 10:02:39,45 ] [ PC : D7CVK72J ]
[ MAJ : 09-07-2008 | 21:02 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comp Jugs Ball That\USER PING.exe
Supprime! - C:\DOCUME~1\aa\APPLIC~1\eggsma~1\cfhbenrz.exe
Supprime! - C:\DOCUME~1\aa\APPLIC~1\eggsma~1\dtyvkjhs.exe
Supprime! - C:\DOCUME~1\aa\APPLIC~1\eggsma~1\Flap Software Proxy Dale.exe
Supprime! - C:\DOCUME~1\aa\APPLIC~1\eggsma~1\htrxcsop.exe
Supprime! - C:\DOCUME~1\aa\APPLIC~1\eggsma~1\kaobufad.exe
Supprime! - C:\DOCUME~1\aa\APPLIC~1\eggsma~1\nefsyfdf.exe
Supprime! - C:\DOCUME~1\aa\APPLIC~1\eggsma~1\Support platform.exe
Supprime! - C:\WINDOWS\Prefetch\IDLE INSIDE REAL.EXE-1D141747.pf
Supprime! - C:\DOCUME~1\aa\Cookies\aa@www.adserver5[1].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@adin.bigpoint[1].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@bigpoint[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@es.bigpoint[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@es.bigpoint[3].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@es.bigpoint[4].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@es.bigpoint[5].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@fr.bigpoint[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@fr1.darkorbit.bigpoint[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@fr1.darkorbit.bigpoint[3].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@fr1.seafight.bigpoint[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@www.bigpoint[1].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@banner.casinoking[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@casinoking[1].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[3].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[4].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[5].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[6].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@cotedazurpalace[7].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@pacificpoker[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@32vegas[10].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@32vegas[1].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@32vegas[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@32vegas[3].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@32vegas[4].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@32vegas[5].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@32vegas[6].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@32vegas[8].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@32vegas[9].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@banner.32vegas[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@cachewww.32vegas[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@vegas-millions[1].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@www.vegas-millions[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@www.vegasaffiliates[1].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@2xmoinscher[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@cc.2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@www.2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@www.agence.francetelecom[2].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@888[1].txt
Supprime! - C:\DOCUME~1\aa\Cookies\aa@www.888[1].txt
Supprime! - C:\DOCUME~1\aa\LOCALS~1\Temp\bis2.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comp Jugs Ball That
Supprime! - C:\DOCUME~1\aa\APPLIC~1\eggsma~1
Supprime! - C:\Program Files\eggsma~1
RestaurÚ! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des dossiers dans Application Data ]------------

[28/03/2008|15:05] C:\DOCUME~1\aa\APPLIC~1\aa
[21/02/2008|15:18] C:\DOCUME~1\aa\APPLIC~1\Adobe
[17/10/2006|21:44] C:\DOCUME~1\aa\APPLIC~1\AdobeUM
[16/09/2006|15:38] C:\DOCUME~1\aa\APPLIC~1\ArcSoft
[29/06/2006|18:35] C:\DOCUME~1\aa\APPLIC~1\CyberLink
[19/08/2004|14:10] C:\DOCUME~1\aa\APPLIC~1\desktop.ini
[17/04/2008|15:19] C:\DOCUME~1\aa\APPLIC~1\Documents and Settings
[23/11/2006|20:36] C:\DOCUME~1\aa\APPLIC~1\EPSON
[08/01/2007|19:34] C:\DOCUME~1\aa\APPLIC~1\Google
[10/03/2008|12:05] C:\DOCUME~1\aa\APPLIC~1\gtk-2.0
[23/02/2008|14:01] C:\DOCUME~1\aa\APPLIC~1\Help
[19/08/2004|14:24] C:\DOCUME~1\aa\APPLIC~1\Identities
[25/10/2006|13:04] C:\DOCUME~1\aa\APPLIC~1\InterTrust
[19/08/2006|23:40] C:\DOCUME~1\aa\APPLIC~1\InterVideo
[15/09/2006|19:58] C:\DOCUME~1\aa\APPLIC~1\Lavasoft
[09/01/2008|15:50] C:\DOCUME~1\aa\APPLIC~1\Macromedia
[20/05/2008|14:27] C:\DOCUME~1\aa\APPLIC~1\Microsoft
[21/02/2008|14:47] C:\DOCUME~1\aa\APPLIC~1\Mozilla
[15/09/2006|19:05] C:\DOCUME~1\aa\APPLIC~1\MSNInstaller
[13/01/2007|14:05] C:\DOCUME~1\aa\APPLIC~1\OfficeUpdate12
[21/02/2008|14:49] C:\DOCUME~1\aa\APPLIC~1\PC Tools
[26/04/2006|10:58] C:\DOCUME~1\aa\APPLIC~1\Sun
[21/02/2008|14:48] C:\DOCUME~1\aa\APPLIC~1\Talkback
[20/05/2008|22:29] C:\DOCUME~1\aa\APPLIC~1\v3.0
[27/02/2007|19:00] C:\DOCUME~1\aa\APPLIC~1\vlc

[19/08/2004|14:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[19/08/2004|14:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[19/08/2004|14:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[26/04/2006|10:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun

[21/02/2008|14:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[13/11/2006|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[19/08/2004|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[07/01/2007|14:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[16/07/2008|22:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[18/11/2006|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[18/10/2007|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[19/08/2004|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[15/07/2008|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[17/08/2006|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[15/09/2006|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[19/08/2004|14:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[19/08/2004|14:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[19/08/2004|14:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/04/2006|10:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[19/08/2004|14:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[12/07/2007|00:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[17/07/2008 06:22][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[12/07/2008|11:46] C:\Program Files\Adobe
[28/06/2006|07:43] C:\Program Files\Ahead
[15/09/2006|19:19] C:\Program Files\Alwil Software
[26/04/2006|10:47] C:\Program Files\Analog Devices
[08/07/2008|12:19] C:\Program Files\Aquatica Waterworlds
[17/08/2006|16:38] C:\Program Files\ArcSoft
[26/04/2006|10:59] C:\Program Files\Broadcom
[19/08/2004|14:15] C:\Program Files\ComPlus Applications
[26/04/2006|10:59] C:\Program Files\CyberLink
[28/06/2006|07:58] C:\Program Files\DivX
[19/06/2008|23:03] C:\Program Files\epson
[28/12/2007|16:03] C:\Program Files\Fichiers communs
[05/02/2008|15:18] C:\Program Files\GIMP-2.0
[23/06/2008|15:36] C:\Program Files\Google
[19/06/2008|23:03] C:\Program Files\InstallShield Installation Information
[09/04/2008|08:10] C:\Program Files\Internet Explorer
[28/06/2006|07:40] C:\Program Files\InterVideo
[26/12/2007|23:08] C:\Program Files\Java
[15/09/2006|19:58] C:\Program Files\Lavasoft
[25/12/2007|01:03] C:\Program Files\LimeWire
[19/08/2004|14:18] C:\Program Files\microsoft frontpage
[28/06/2006|07:32] C:\Program Files\Microsoft Office
[19/08/2004|14:16] C:\Program Files\Movie Maker
[17/07/2008|07:58] C:\Program Files\Mozilla Firefox
[15/09/2006|19:05] C:\Program Files\MSN
[06/10/2007|12:59] C:\Program Files\MSN Apps
[19/08/2004|14:14] C:\Program Files\MSN Gaming Zone
[19/08/2004|14:16] C:\Program Files\NetMeeting
[04/04/2008|22:44] C:\Program Files\Norton Security Scan
[07/07/2006|18:31] C:\Program Files\OLITEC
[13/06/2007|23:24] C:\Program Files\Outlook Express
[28/03/2008|22:54] C:\Program Files\Picasa2
[18/11/2006|15:00] C:\Program Files\Samsung
[19/08/2004|14:16] C:\Program Files\Services en ligne
[28/03/2008|22:57] C:\Program Files\Spyware Doctor
[12/07/2008|11:49] C:\Program Files\Trend Micro
[19/08/2004|14:24] C:\Program Files\Uninstall Information
[19/06/2008|23:13] C:\Program Files\VideoLAN
[13/01/2007|14:18] C:\Program Files\Windows Media Connect 2
[13/01/2007|14:18] C:\Program Files\Windows Media Player
[19/08/2004|14:14] C:\Program Files\Windows NT
[19/08/2004|14:16] C:\Program Files\WindowsUpdate
[08/07/2008|12:25] C:\Program Files\WinRAR
[19/08/2004|14:18] C:\Program Files\xerox
[26/04/2006|10:59] C:\Program Files\Your Company Name

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[21/02/2008|14:53] C:\Program Files\Fichiers communs\Adobe
[28/06/2006|07:46] C:\Program Files\Fichiers communs\Ahead
[13/11/2006|21:24] C:\Program Files\Fichiers communs\BOONTY Shared
[28/06/2006|07:33] C:\Program Files\Fichiers communs\Designer
[25/12/2007|11:54] C:\Program Files\Fichiers communs\DirectX
[17/11/2006|22:21] C:\Program Files\Fichiers communs\EPSON
[17/08/2006|16:42] C:\Program Files\Fichiers communs\InstallShield
[26/04/2006|10:57] C:\Program Files\Fichiers communs\Java
[19/06/2008|23:15] C:\Program Files\Fichiers communs\Microsoft Shared
[19/08/2004|14:16] C:\Program Files\Fichiers communs\MSSoap
[19/08/2004|14:10] C:\Program Files\Fichiers communs\ODBC
[19/08/2004|14:16] C:\Program Files\Fichiers communs\Services
[19/08/2004|14:10] C:\Program Files\Fichiers communs\SpeechEngines
[09/03/2008|00:27] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|23:24] C:\Program Files\Fichiers communs\System

---------------------------[ Process ]--------------------------

... 32

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 10:04:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\system32\jSrBHkkj.ini2
C:\WINDOWS\system32\jSrBHkkj.ini
C:\WINDOWS\system32\Llmpqqru.ini2
C:\WINDOWS\system32\Llmpqqru.ini
[b]! VUNDO Possible !/b

[F:2151][D:42]-> C:\DOCUME~1\aa\LOCALS~1\Temp
[F:3246][D:0]-> C:\DOCUME~1\aa\Cookies
[F:10398][D:48]-> C:\DOCUME~1\aa\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 10:05:38,50 ]----------------------
0
Réponse 7 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 8 / 21
Bluegex Messages postés 90 Statut Membre
 
Je poste le rapport samedi et je serais curieux curieux que tu m'explique très grossièrement comment tu sais ce que je dois faire d'après les rapports que je te post.

Merci.
0
Réponse 9 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
C:\WINDOWS\system32\jSrBHkkj.ini2
C:\WINDOWS\system32\jSrBHkkj.ini
C:\WINDOWS\system32\Llmpqqru.ini2
C:\WINDOWS\system32\Llmpqqru.ini
[b]! VUNDO Possible !/b

---> ComboFix est efficace contre l'infection Vundo.
0
Réponse 10 / 21
Bluegex Messages postés 90 Statut Membre
 
Le rapport :

ComboFix 08-07-17.4 - aa 2008-07-19 10:02:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.258 [GMT 2:00]
Endroit: E:\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aoxuvswj.ini
C:\WINDOWS\system32\avsxyidx.dll
C:\WINDOWS\system32\bbudhhwd.ini
C:\WINDOWS\system32\bghrjcwg.dll
C:\WINDOWS\system32\cfmeiyts.ini
C:\WINDOWS\system32\ehvftbfa.dll
C:\WINDOWS\system32\elmyxxsa.ini
C:\WINDOWS\system32\gqrtmyri.ini
C:\WINDOWS\system32\hbunlslh.ini
C:\WINDOWS\system32\hgmouxuo.dll
C:\WINDOWS\system32\iysfndfs.ini
C:\WINDOWS\system32\jSrBHkkj.ini
C:\WINDOWS\system32\jSrBHkkj.ini2
C:\WINDOWS\system32\knymdxli.ini
C:\WINDOWS\system32\kxmojtkt.ini
C:\WINDOWS\system32\lalojt.dll
C:\WINDOWS\system32\Llmpqqru.ini
C:\WINDOWS\system32\Llmpqqru.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\menfdgma.ini
C:\WINDOWS\system32\moariuqw.ini
C:\WINDOWS\system32\nbqlqyrg.ini
C:\WINDOWS\system32\nibdihjs.ini
C:\WINDOWS\system32\npskdjnb.ini
C:\WINDOWS\system32\ojdgkvxv.ini
C:\WINDOWS\system32\qcyjveyw.ini
C:\WINDOWS\system32\qhswphnb.dll
C:\WINDOWS\system32\raelnfwl.ini
C:\WINDOWS\system32\rhrscnch.ini
C:\WINDOWS\system32\rpqtrlyp.ini
C:\WINDOWS\system32\shnwaven.ini
C:\WINDOWS\system32\swtaeaip.dll
C:\WINDOWS\system32\udijplro.ini
C:\WINDOWS\system32\utqnbtej.ini
C:\WINDOWS\system32\vpjgjw.dll
C:\WINDOWS\system32\vyorvhko.ini
C:\WINDOWS\system32\xlrdxxar.ini
C:\WINDOWS\system32\xsdmavbo.ini
C:\WINDOWS\system32\xxbbmgwe.ini
C:\WINDOWS\system32\youadliw.ini
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))))))))
.

2008-07-15 10:04 . 2008-07-17 10:05 <REP> d-------- C:\Lop SD
2008-07-12 11:49 . 2008-07-12 11:49 <REP> d-------- C:\Program Files\Trend Micro
2008-07-08 11:40 . 2008-07-08 11:40 1,160 --a------ C:\WINDOWS\mozver.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-15 14:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-08 10:19 --------- d-----w C:\Program Files\Aquatica Waterworlds
2008-06-23 13:36 --------- d-----w C:\Program Files\Google
2008-06-19 21:13 --------- d-----w C:\Program Files\VideoLAN
2008-06-19 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-19 21:03 --------- d-----w C:\Program Files\epson
2008-05-20 20:29 --------- d-----w C:\Documents and Settings\aa\Application Data\v3.0
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 09:16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 06:00 98304]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 06:03 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-11-13 21:24]
.
- - - - ORPHANS REMOVED - - - -

BHO-{655BB307-5C5A-485C-AB20-F655EC88301F} - C:\WINDOWS\system32\jkkHBrSj.dll
HKLM-Run-BM13560bfc - C:\WINDOWS\system32\uqoxjjjx.dll
Notify-__c005A889 - C:\WINDOWS\system32\__c005A889.dat
Notify-vtUlLBqP - vtUlLBqP.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 10:08:07
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-19 10:12:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-19 08:12:15

Pre-Run: 59,235,299,328 octets libres
Post-Run: 59,663,687,680 octets libres

135 --- E O F --- 2008-05-28 21:38:39

Autre chose Avast ne se lance plus dans la zone de notification, une idée ??
Je vais sans doute tenter une réinstall.

Merci de ton aide.
0
Réponse 11 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ok, poste un rapport HijackThis.
0
Réponse 12 / 21
Bluegex Messages postés 90 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:45, on 22/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 13 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Poste un nouveau rapport HijackThis
0
Réponse 14 / 21
Bluegex Messages postés 90 Statut Membre
 
Je fais cela jeudi et je peux te demander comment tu arrives à me dire de faire telle ou telle action simplement en lisant les rapports HijackThis ?

Merci
0
Réponse 15 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ça ne s'explique pas comme ça.
0
Réponse 16 / 21
Bluegex Messages postés 90 Statut Membre
 
Bon kk en tout cas merci je te tiens informé de la suite.
0
Réponse 17 / 21
Bluegex Messages postés 90 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:38, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 18 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 19 / 21
Bluegex Messages postés 90 Statut Membre
 
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 993
Windows 5.1.2600 Service Pack 2

11:41:22 26/07/2008
mbam-log-7-26-2008 (11-41-22).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 101726
Temps écoulé: 55 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\avsxyidx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ehvftbfa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP720\A0059987.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066506.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066878.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066884.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066888.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066890.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066894.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066902.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066909.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066910.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066911.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066912.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP730\A0066913.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP742\A0067498.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP742\A0067500.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\BM13560bfc.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM13560bfc.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Réponse 20 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Et pour finir :

---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp

---> Pour supprimer les tools utilisés et leurs quarantaines :
Télécharge Tools Cleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter pour obtenir le rapport.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Il est nécessaire de désactiver puis réactiver la restauration système, fais-le :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php

---> Je te conseille de remplacer Avast par Antivir et de faire un scan complet.

---> Si tu veux un parefeu, prends Comodo ou Online Armor.

Des problèmes ?
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses