Sujet Précédent Sujet Suivant

Resultats Hijackthis ?

Tanou -  
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,
j'ai effectué un scan Hijackthis mais je ne sais pas comment l' interpréter,
Merci d'avances pour vos réponses

voici le rapport en question:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:40, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\tanou\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60308
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60308
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.193.44.190:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SBD.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Long User.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DefaultFace] C:\DOCUME~1\tanou\APPLIC~1\BUILDE~1\defy each.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0F6A904-44F1-4165-925E-13941DD09276}: NameServer = 212.27.54.252,212.27.39.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: hellenophile - {6f396a67-f473-48c9-9950-636ce17e584e} - C:\WINDOWS\system32\yesgnhr.dll (file missing)
O22 - SharedTaskScheduler: adirondack - {547aaa89-7e6b-42b4-b112-a64955f86a2a} - C:\WINDOWS\system32\zpuwriz.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
A voir également:

9 réponses

Réponse 1 / 9
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Salut,

Tu dois avoir des pubs CID.

---> Désactive l'antivirus
---> Télécharge Lop S&D sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
---> Double-clique dessus pour lancer l'installation
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
---> Patiente jusqu'à la fin du scan
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
0
Réponse 2 / 9
Tanou
 
Merci de ta réponse,
voici le second rapport:

-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : tanou ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 12/07/2008 | 20:41:52,42 ] [ PC : STAN ]
[ MAJ : 09-07-2008 | 21:02 ]

-------------[ Listing des dossiers dans Application Data ]------------

[30/07/2007|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/06/2006|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[22/08/2007|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[03/10/2006|23:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[18/02/2008|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[22/08/2007|21:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\blue shim axis memo
[20/07/2006|02:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[21/05/2005|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[24/09/2006|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[18/02/2008|21:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[01/04/2008|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[18/02/2008|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative
[03/01/2002|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[16/10/2005|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/07/2007|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pige
[27/08/2005|06:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[23/08/2007|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[08/06/2005|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[18/02/2008|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[02/04/2007|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[25/08/2006|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/03/2008|20:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[23/10/2007|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xnwfyhdk.mld

[21/05/2005|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[21/05/2005|14:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[18/02/2008|21:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[18/02/2008|22:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[18/02/2008|22:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[10/01/2007|21:11] C:\DOCUME~1\tanou\APPLIC~1\Adobe
[08/10/2007|19:00] C:\DOCUME~1\tanou\APPLIC~1\AdobeUM
[23/05/2006|15:13] C:\DOCUME~1\tanou\APPLIC~1\Ahead
[09/04/2008|22:17] C:\DOCUME~1\tanou\APPLIC~1\Apple Computer
[18/02/2008|22:10] C:\DOCUME~1\tanou\APPLIC~1\AVG7
[17/02/2008|12:34] C:\DOCUME~1\tanou\APPLIC~1\BitTorrent
[18/02/2008|22:19] C:\DOCUME~1\tanou\APPLIC~1\buildextradent
[22/06/2005|13:41] C:\DOCUME~1\tanou\APPLIC~1\CyberLink
[21/05/2005|14:48] C:\DOCUME~1\tanou\APPLIC~1\desktop.ini
[31/08/2006|00:10] C:\DOCUME~1\tanou\APPLIC~1\dvdcss
[29/07/2007|12:39] C:\DOCUME~1\tanou\APPLIC~1\EPSON
[19/06/2007|12:18] C:\DOCUME~1\tanou\APPLIC~1\GetRightToGo
[26/10/2006|17:08] C:\DOCUME~1\tanou\APPLIC~1\Google
[09/07/2005|20:43] C:\DOCUME~1\tanou\APPLIC~1\Help
[21/05/2005|14:34] C:\DOCUME~1\tanou\APPLIC~1\Identities
[01/04/2008|22:19] C:\DOCUME~1\tanou\APPLIC~1\InterVideo
[19/07/2006|23:23] C:\DOCUME~1\tanou\APPLIC~1\Kazaa Lite
[05/11/2006|13:55] C:\DOCUME~1\tanou\APPLIC~1\Leadertech
[18/12/2007|17:25] C:\DOCUME~1\tanou\APPLIC~1\Macromedia
[12/07/2008|20:39] C:\DOCUME~1\tanou\APPLIC~1\MegauploadToolbar
[18/02/2008|22:26] C:\DOCUME~1\tanou\APPLIC~1\Microsoft
[22/07/2006|19:55] C:\DOCUME~1\tanou\APPLIC~1\Mozilla
[09/07/2008|14:08] C:\DOCUME~1\tanou\APPLIC~1\OpenOffice.org2
[23/08/2007|17:17] C:\DOCUME~1\tanou\APPLIC~1\PC Tools
[12/02/2007|20:52] C:\DOCUME~1\tanou\APPLIC~1\Real
[21/05/2005|16:31] C:\DOCUME~1\tanou\APPLIC~1\Seven Zip
[27/01/2007|18:23] C:\DOCUME~1\tanou\APPLIC~1\Skyoski
[12/07/2008|17:31] C:\DOCUME~1\tanou\APPLIC~1\Skype
[12/08/2006|12:24] C:\DOCUME~1\tanou\APPLIC~1\Sun
[23/05/2005|19:26] C:\DOCUME~1\tanou\APPLIC~1\Symantec
[14/01/2008|22:10] C:\DOCUME~1\tanou\APPLIC~1\teamspeak2
[23/06/2006|19:29] C:\DOCUME~1\tanou\APPLIC~1\Toshiba
[12/05/2008|14:50] C:\DOCUME~1\tanou\APPLIC~1\U3
[23/07/2006|15:53] C:\DOCUME~1\tanou\APPLIC~1\Ventrilo
[17/11/2005|21:31] C:\DOCUME~1\tanou\APPLIC~1\vlc

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[22/05/2008 23:51][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/07/2008 20:22][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[18/11/2005|20:24] C:\Program Files\2015
[10/01/2007|21:12] C:\Program Files\Adobe
[12/09/2007|09:10] C:\Program Files\Apple Software Update
[12/04/2008|19:35] C:\Program Files\AV VCS 3.0
[21/05/2005|16:23] C:\Program Files\awdflash.exe
[23/10/2007|08:58] C:\Program Files\BitTorrent
[14/02/2008|19:00] C:\Program Files\buildextradent
[17/10/2005|19:14] C:\Program Files\Ediser
[26/07/2007|19:32] C:\Program Files\eMule
[17/06/2007|18:30] C:\Program Files\epson
[22/05/2005|14:45] C:\Program Files\epson3400eu.exe
[01/04/2008|22:16] C:\Program Files\Fichiers communs
[26/10/2007|00:10] C:\Program Files\Google
[18/02/2008|21:48] C:\Program Files\Grisoft
[08/05/2007|21:34] C:\Program Files\hp photosmart
[23/04/2006|14:31] C:\Program Files\Illustrate
[21/05/2005|14:47] C:\Program Files\INSTALL_MSN_MESSENGER_DL.EXE
[07/07/2008|22:30] C:\Program Files\InstallShield Installation Information
[20/07/2006|02:10] C:\Program Files\InterActual
[15/06/2008|00:02] C:\Program Files\Internet Explorer
[01/04/2008|22:15] C:\Program Files\InterVideo
[01/04/2008|22:16] C:\Program Files\InterVideo Information Service
[07/04/2008|09:48] C:\Program Files\iPod
[07/04/2008|09:48] C:\Program Files\iTunes
[26/03/2008|20:20] C:\Program Files\Java
[20/02/2008|22:27] C:\Program Files\LimeWire
[24/05/2005|18:35] C:\Program Files\LimeWireWin.exe
[23/10/2007|18:02] C:\Program Files\MegauploadToolbar
[05/03/2008|22:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/05/2005|14:28] C:\Program Files\microsoft frontpage
[12/07/2007|00:30] C:\Program Files\Microsoft Office
[18/06/2005|00:48] C:\Program Files\Movie Maker
[12/07/2008|20:25] C:\Program Files\Mozilla Firefox
[05/09/2005|18:16] C:\Program Files\MP3 Wave Maker
[23/10/2007|18:48] C:\Program Files\MP4 Converter
[21/05/2005|14:25] C:\Program Files\MSN
[21/05/2005|14:25] C:\Program Files\MSN Gaming Zone
[02/04/2008|08:31] C:\Program Files\MSXML 4.0
[12/09/2005|22:49] C:\Program Files\NetMeeting
[17/06/2007|18:31] C:\Program Files\Network Associates
[09/06/2005|01:57] C:\Program Files\Norton AntiVirus
[08/01/2006|01:56] C:\Program Files\OpenOffice.org 2.0
[13/06/2007|21:02] C:\Program Files\Outlook Express
[25/06/2004|17:18] C:\Program Files\P4S800_9.AWD
[21/05/2005|16:21] C:\Program Files\P4S800_9.zip
[12/07/2008|17:37] C:\Program Files\PopUp Killer
[07/04/2008|09:46] C:\Program Files\QuickTime
[12/02/2007|20:48] C:\Program Files\Real
[23/05/2005|19:15] C:\Program Files\RealVNC
[07/04/2008|09:49] C:\Program Files\Safari
[21/05/2005|16:25] C:\Program Files\setup_ai.exe
[07/07/2008|22:24] C:\Program Files\Sierra On-Line
[23/08/2007|14:37] C:\Program Files\Skype
[23/08/2007|17:21] C:\Program Files\Spyware Doctor
[12/07/2008|20:24] C:\Program Files\Steam
[17/09/2006|15:10] C:\Program Files\Sunbelt Software
[18/11/2006|15:59] C:\Program Files\Teamspeak2_RC2
[28/09/2007|17:18] C:\Program Files\TI Education
[30/07/2006|16:36] C:\Program Files\Toshiba
[21/05/2005|14:34] C:\Program Files\Uninstall Information
[16/05/2008|21:02] C:\Program Files\Video ActiveX Access
[17/11/2005|21:30] C:\Program Files\VideoLAN
[05/10/2007|18:31] C:\Program Files\VIRTUA~1
[18/02/2008|22:10] C:\Program Files\VirusProtectPro 3.5
[17/06/2007|18:33] C:\Program Files\Winamp
[04/03/2008|20:58] C:\Program Files\Windows Live
[20/12/2006|15:56] C:\Program Files\Windows Media Connect 2
[20/12/2006|15:56] C:\Program Files\Windows Media Player
[23/05/2005|20:05] C:\Program Files\Windows NT
[21/05/2005|15:00] C:\Program Files\WindowsUpdate
[09/07/2005|20:43] C:\Program Files\WinRAR
[22/05/2005|15:01] C:\Program Files\WinZip
[02/01/2002|20:41] C:\Program Files\Wolfenstein - Enemy Territory
[31/05/2008|19:25] C:\Program Files\World of Warcraft
[29/03/2008|22:18] C:\Program Files\WowCartographe
[21/05/2005|14:28] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[30/07/2007|13:59] C:\Program Files\Fichiers communs\Adobe
[08/06/2006|18:39] C:\Program Files\Fichiers communs\Adobe Systems Shared
[21/05/2006|00:46] C:\Program Files\Fichiers communs\Ahead
[22/08/2007|22:15] C:\Program Files\Fichiers communs\Apple
[17/06/2007|16:53] C:\Program Files\Fichiers communs\Blizzard Entertainment
[19/07/2005|17:40] C:\Program Files\Fichiers communs\Cheewoo
[02/04/2007|20:18] C:\Program Files\Fichiers communs\InstallShield
[24/05/2005|18:35] C:\Program Files\Fichiers communs\Java
[01/04/2008|22:12] C:\Program Files\Fichiers communs\Microsoft Shared
[23/10/2007|17:28] C:\Program Files\Fichiers communs\MOVAVI
[21/05/2005|14:26] C:\Program Files\Fichiers communs\MSSoap
[21/05/2005|14:49] C:\Program Files\Fichiers communs\ODBC
[12/02/2007|20:49] C:\Program Files\Fichiers communs\Real
[21/05/2005|14:26] C:\Program Files\Fichiers communs\Services
[23/08/2007|14:37] C:\Program Files\Fichiers communs\Skype
[21/05/2005|14:49] C:\Program Files\Fichiers communs\SpeechEngines
[09/06/2005|01:59] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|21:02] C:\Program Files\Fichiers communs\System
[28/09/2007|17:18] C:\Program Files\Fichiers communs\TI Shared
[01/04/2008|22:16] C:\Program Files\Fichiers communs\Ulead
[04/03/2008|20:57] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[28/09/2007|17:17] C:\Program Files\Fichiers communs\Wise Installation Wizard
[12/02/2007|20:49] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 50

iexplore.exe ~ [1252]

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\tanou\LOCALS~1\Temp\bis3F.exe
C:\DOCUME~1\tanou\LOCALS~1\Temp\bisA.exe
C:\DOCUME~1\tanou\LOCALS~1\Temp\bisC.exe
C:\DOCUME~1\tanou\APPLIC~1\BUILDE~1

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative\Long User.exe
C:\DOCUME~1\tanou\MENUDM~1\PROGRA~1\Bitdownload
C:\DOCUME~1\tanou\MENUDM~1\PROGRA~1\Bitdownload\BitDownload Downloads.lnk
C:\WINDOWS\Prefetch\LONG USER.EXE-01BCDE06.pf
C:\DOCUME~1\tanou\Cookies\tanou@www.adserver5[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@adultfriendfinder[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@search.adultfriendfinder[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@adin.bigpoint[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@bigpoint[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@fr1.darkorbit.bigpoint[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\tanou\Cookies\tanou@banner.casinoking[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@casinoking[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@banner.cotedazurpalace[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@cotedazurpalace[1].txt
C:\DOCUME~1\tanou\Cookies\tanou@adopt.euroclick[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@pacificpoker[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@partygaming.122.2o7[1].txt
C:\DOCUME~1\tanou\Cookies\tanou@partypoker[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\tanou\Cookies\tanou@seafight[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@32vegas[1].txt
C:\DOCUME~1\tanou\Cookies\tanou@banner.32vegas[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@vegas-millions[1].txt
C:\DOCUME~1\tanou\Cookies\tanou@www.playersvegas[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@2xmoinscher[1].txt
C:\DOCUME~1\tanou\Cookies\tanou@www.2xmoinscher[1].txt
C:\DOCUME~1\tanou\Cookies\tanou@888[1].txt

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MORE MAGS FIND]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\tanou\\APPLIC~1\\BUILDE~1\\defy each.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DefaultFace"="C:\\DOCUME~1\\tanou\\APPLIC~1\\BUILDE~1\\defy each.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"stupid creative poll axis"="C:\\Documents and Settings\\All Users\\Application Data\\Memo save stupid creative\\Long User.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 72 ( 70 ## added by CiD )

/!\ 1 Not 127.0.0.1 !!

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 20:43:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

[F:3811][D:146]-> C:\DOCUME~1\tanou\LOCALS~1\Temp
[F:862][D:0]-> C:\DOCUME~1\tanou\Cookies
[F:16732][D:19]-> C:\DOCUME~1\tanou\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 20:45:36,62 ]----------------------
0
Réponse 3 / 9
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Relance Lop S&D
---> Choisis cette fois-ci l'option 2 (Suppression)
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
0
Réponse 4 / 9
Tanou
 
-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : tanou ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 12/07/2008 | 20:54:33,46 ] [ PC : STAN ]
[ MAJ : 09-07-2008 | 21:02 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative\Long User.exe
Supprime! - C:\WINDOWS\Prefetch\LONG USER.EXE-01BCDE06.pf
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@www.adserver5[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@adultfriendfinder[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@search.adultfriendfinder[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@adin.bigpoint[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@fr1.darkorbit.bigpoint[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@banner.casinoking[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@casinoking[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@pacificpoker[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@partygaming.122.2o7[1].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@partypoker[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@seafight[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@32vegas[1].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@banner.32vegas[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@vegas-millions[1].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@www.playersvegas[2].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@www.2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\tanou\Cookies\tanou@888[1].txt
Supprime! - C:\DOCUME~1\tanou\LOCALS~1\Temp\bis3F.exe
Supprime! - C:\DOCUME~1\tanou\LOCALS~1\Temp\bisA.exe
Supprime! - C:\DOCUME~1\tanou\LOCALS~1\Temp\bisC.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative
Supprime! - C:\DOCUME~1\tanou\MENUDM~1\PROGRA~1\Bitdownload
Supprime! - C:\DOCUME~1\tanou\APPLIC~1\BUILDE~1
Supprime! - C:\Program Files\BUILDE~1
RestaurÚ! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des dossiers dans APPLIC~1 ]------------

[30/07/2007|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/06/2006|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[22/08/2007|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[03/10/2006|23:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[18/02/2008|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[22/08/2007|21:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\blue shim axis memo
[20/07/2006|02:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[21/05/2005|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[24/09/2006|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[18/02/2008|21:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[01/04/2008|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[03/01/2002|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[16/10/2005|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/07/2007|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pige
[27/08/2005|06:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[23/08/2007|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[08/06/2005|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[18/02/2008|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[02/04/2007|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[25/08/2006|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/03/2008|20:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[23/10/2007|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xnwfyhdk.mld

[21/05/2005|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[21/05/2005|14:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[18/02/2008|21:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[18/02/2008|22:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[18/02/2008|22:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[10/01/2007|21:11] C:\DOCUME~1\tanou\APPLIC~1\Adobe
[08/10/2007|19:00] C:\DOCUME~1\tanou\APPLIC~1\AdobeUM
[23/05/2006|15:13] C:\DOCUME~1\tanou\APPLIC~1\Ahead
[09/04/2008|22:17] C:\DOCUME~1\tanou\APPLIC~1\Apple Computer
[18/02/2008|22:10] C:\DOCUME~1\tanou\APPLIC~1\AVG7
[17/02/2008|12:34] C:\DOCUME~1\tanou\APPLIC~1\BitTorrent
[22/06/2005|13:41] C:\DOCUME~1\tanou\APPLIC~1\CyberLink
[21/05/2005|14:48] C:\DOCUME~1\tanou\APPLIC~1\desktop.ini
[31/08/2006|00:10] C:\DOCUME~1\tanou\APPLIC~1\dvdcss
[29/07/2007|12:39] C:\DOCUME~1\tanou\APPLIC~1\EPSON
[19/06/2007|12:18] C:\DOCUME~1\tanou\APPLIC~1\GetRightToGo
[26/10/2006|17:08] C:\DOCUME~1\tanou\APPLIC~1\Google
[09/07/2005|20:43] C:\DOCUME~1\tanou\APPLIC~1\Help
[21/05/2005|14:34] C:\DOCUME~1\tanou\APPLIC~1\Identities
[01/04/2008|22:19] C:\DOCUME~1\tanou\APPLIC~1\InterVideo
[19/07/2006|23:23] C:\DOCUME~1\tanou\APPLIC~1\Kazaa Lite
[05/11/2006|13:55] C:\DOCUME~1\tanou\APPLIC~1\Leadertech
[18/12/2007|17:25] C:\DOCUME~1\tanou\APPLIC~1\Macromedia
[12/07/2008|20:50] C:\DOCUME~1\tanou\APPLIC~1\MegauploadToolbar
[18/02/2008|22:26] C:\DOCUME~1\tanou\APPLIC~1\Microsoft
[22/07/2006|19:55] C:\DOCUME~1\tanou\APPLIC~1\Mozilla
[09/07/2008|14:08] C:\DOCUME~1\tanou\APPLIC~1\OpenOffice.org2
[23/08/2007|17:17] C:\DOCUME~1\tanou\APPLIC~1\PC Tools
[12/02/2007|20:52] C:\DOCUME~1\tanou\APPLIC~1\Real
[21/05/2005|16:31] C:\DOCUME~1\tanou\APPLIC~1\Seven Zip
[27/01/2007|18:23] C:\DOCUME~1\tanou\APPLIC~1\Skyoski
[12/07/2008|17:31] C:\DOCUME~1\tanou\APPLIC~1\Skype
[12/08/2006|12:24] C:\DOCUME~1\tanou\APPLIC~1\Sun
[23/05/2005|19:26] C:\DOCUME~1\tanou\APPLIC~1\Symantec
[14/01/2008|22:10] C:\DOCUME~1\tanou\APPLIC~1\teamspeak2
[23/06/2006|19:29] C:\DOCUME~1\tanou\APPLIC~1\Toshiba
[12/05/2008|14:50] C:\DOCUME~1\tanou\APPLIC~1\U3
[23/07/2006|15:53] C:\DOCUME~1\tanou\APPLIC~1\Ventrilo
[17/11/2005|21:31] C:\DOCUME~1\tanou\APPLIC~1\vlc

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[22/05/2008 23:51][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/07/2008 20:22][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[18/11/2005|20:24] C:\Program Files\2015
[10/01/2007|21:12] C:\Program Files\Adobe
[12/09/2007|09:10] C:\Program Files\Apple Software Update
[12/04/2008|19:35] C:\Program Files\AV VCS 3.0
[21/05/2005|16:23] C:\Program Files\awdflash.exe
[23/10/2007|08:58] C:\Program Files\BitTorrent
[17/10/2005|19:14] C:\Program Files\Ediser
[26/07/2007|19:32] C:\Program Files\eMule
[17/06/2007|18:30] C:\Program Files\epson
[22/05/2005|14:45] C:\Program Files\epson3400eu.exe
[01/04/2008|22:16] C:\Program Files\Fichiers communs
[26/10/2007|00:10] C:\Program Files\Google
[18/02/2008|21:48] C:\Program Files\Grisoft
[08/05/2007|21:34] C:\Program Files\hp photosmart
[23/04/2006|14:31] C:\Program Files\Illustrate
[21/05/2005|14:47] C:\Program Files\INSTALL_MSN_MESSENGER_DL.EXE
[07/07/2008|22:30] C:\Program Files\InstallShield Installation Information
[20/07/2006|02:10] C:\Program Files\InterActual
[15/06/2008|00:02] C:\Program Files\Internet Explorer
[01/04/2008|22:15] C:\Program Files\InterVideo
[01/04/2008|22:16] C:\Program Files\InterVideo Information Service
[07/04/2008|09:48] C:\Program Files\iPod
[07/04/2008|09:48] C:\Program Files\iTunes
[26/03/2008|20:20] C:\Program Files\Java
[20/02/2008|22:27] C:\Program Files\LimeWire
[24/05/2005|18:35] C:\Program Files\LimeWireWin.exe
[23/10/2007|18:02] C:\Program Files\MegauploadToolbar
[05/03/2008|22:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/05/2005|14:28] C:\Program Files\microsoft frontpage
[12/07/2007|00:30] C:\Program Files\Microsoft Office
[18/06/2005|00:48] C:\Program Files\Movie Maker
[12/07/2008|20:25] C:\Program Files\Mozilla Firefox
[05/09/2005|18:16] C:\Program Files\MP3 Wave Maker
[23/10/2007|18:48] C:\Program Files\MP4 Converter
[21/05/2005|14:25] C:\Program Files\MSN
[21/05/2005|14:25] C:\Program Files\MSN Gaming Zone
[02/04/2008|08:31] C:\Program Files\MSXML 4.0
[12/09/2005|22:49] C:\Program Files\NetMeeting
[17/06/2007|18:31] C:\Program Files\Network Associates
[09/06/2005|01:57] C:\Program Files\Norton AntiVirus
[08/01/2006|01:56] C:\Program Files\OpenOffice.org 2.0
[13/06/2007|21:02] C:\Program Files\Outlook Express
[25/06/2004|17:18] C:\Program Files\P4S800_9.AWD
[21/05/2005|16:21] C:\Program Files\P4S800_9.zip
[12/07/2008|17:37] C:\Program Files\PopUp Killer
[07/04/2008|09:46] C:\Program Files\QuickTime
[12/02/2007|20:48] C:\Program Files\Real
[23/05/2005|19:15] C:\Program Files\RealVNC
[07/04/2008|09:49] C:\Program Files\Safari
[21/05/2005|16:25] C:\Program Files\setup_ai.exe
[07/07/2008|22:24] C:\Program Files\Sierra On-Line
[23/08/2007|14:37] C:\Program Files\Skype
[23/08/2007|17:21] C:\Program Files\Spyware Doctor
[12/07/2008|20:24] C:\Program Files\Steam
[17/09/2006|15:10] C:\Program Files\Sunbelt Software
[18/11/2006|15:59] C:\Program Files\Teamspeak2_RC2
[28/09/2007|17:18] C:\Program Files\TI Education
[30/07/2006|16:36] C:\Program Files\Toshiba
[21/05/2005|14:34] C:\Program Files\Uninstall Information
[16/05/2008|21:02] C:\Program Files\Video ActiveX Access
[17/11/2005|21:30] C:\Program Files\VideoLAN
[05/10/2007|18:31] C:\Program Files\VIRTUA~1
[18/02/2008|22:10] C:\Program Files\VirusProtectPro 3.5
[17/06/2007|18:33] C:\Program Files\Winamp
[04/03/2008|20:58] C:\Program Files\Windows Live
[20/12/2006|15:56] C:\Program Files\Windows Media Connect 2
[20/12/2006|15:56] C:\Program Files\Windows Media Player
[23/05/2005|20:05] C:\Program Files\Windows NT
[21/05/2005|15:00] C:\Program Files\WindowsUpdate
[09/07/2005|20:43] C:\Program Files\WinRAR
[22/05/2005|15:01] C:\Program Files\WinZip
[02/01/2002|20:41] C:\Program Files\Wolfenstein - Enemy Territory
[31/05/2008|19:25] C:\Program Files\World of Warcraft
[29/03/2008|22:18] C:\Program Files\WowCartographe
[21/05/2005|14:28] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[30/07/2007|13:59] C:\Program Files\Fichiers communs\Adobe
[08/06/2006|18:39] C:\Program Files\Fichiers communs\Adobe Systems Shared
[21/05/2006|00:46] C:\Program Files\Fichiers communs\Ahead
[22/08/2007|22:15] C:\Program Files\Fichiers communs\Apple
[17/06/2007|16:53] C:\Program Files\Fichiers communs\Blizzard Entertainment
[19/07/2005|17:40] C:\Program Files\Fichiers communs\Cheewoo
[02/04/2007|20:18] C:\Program Files\Fichiers communs\InstallShield
[24/05/2005|18:35] C:\Program Files\Fichiers communs\Java
[01/04/2008|22:12] C:\Program Files\Fichiers communs\Microsoft Shared
[23/10/2007|17:28] C:\Program Files\Fichiers communs\MOVAVI
[21/05/2005|14:26] C:\Program Files\Fichiers communs\MSSoap
[21/05/2005|14:49] C:\Program Files\Fichiers communs\ODBC
[12/02/2007|20:49] C:\Program Files\Fichiers communs\Real
[21/05/2005|14:26] C:\Program Files\Fichiers communs\Services
[23/08/2007|14:37] C:\Program Files\Fichiers communs\Skype
[21/05/2005|14:49] C:\Program Files\Fichiers communs\SpeechEngines
[09/06/2005|01:59] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|21:02] C:\Program Files\Fichiers communs\System
[28/09/2007|17:18] C:\Program Files\Fichiers communs\TI Shared
[01/04/2008|22:16] C:\Program Files\Fichiers communs\Ulead
[04/03/2008|20:57] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[28/09/2007|17:17] C:\Program Files\Fichiers communs\Wise Installation Wizard
[12/02/2007|20:49] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 48

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\tanou\Cookies\tanou@bigpoint[1].txt
C:\DOCUME~1\tanou\Cookies\tanou@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\tanou\Cookies\tanou@fr1.seafight.bigpoint[2].txt

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 20:55:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

[F:3808][D:146]-> C:\DOCUME~1\tanou\LOCALS~1\Temp
[F:845][D:0]-> C:\DOCUME~1\tanou\Cookies
[F:16784][D:19]-> C:\DOCUME~1\tanou\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 20:57:17,53 ]----------------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Télécharge OTMoveIt2 à partir du lien ci-dessous :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

---> Enregistre le fichier sur le Bureau.

---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.

---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste Standard List of Files/Folders to be moved.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\blue shim axis memo

---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.

Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.

---> Poste un nouveau rapport HijackThis
0
Réponse 6 / 9
Tanou
 
C:\DOCUME~1\ALLUSE~1\APPLIC~1\blue shim axis memo moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07122008_210215

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:59, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\tanou\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60308
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60308
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.193.44.190:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SBD.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0F6A904-44F1-4165-925E-13941DD09276}: NameServer = 212.27.54.252,212.27.39.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: hellenophile - {6f396a67-f473-48c9-9950-636ce17e584e} - C:\WINDOWS\system32\yesgnhr.dll (file missing)
O22 - SharedTaskScheduler: adirondack - {547aaa89-7e6b-42b4-b112-a64955f86a2a} - C:\WINDOWS\system32\zpuwriz.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
0
Réponse 7 / 9
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

- Enregistre-le sur le bureau

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

- Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
0
Réponse 8 / 9
Tanou
 
SmitFraudFix v2.329

Rapport fait à 21:09:35,15, 12/07/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\tanou\Bureau\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tanou

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tanou\Application Data

C:\Documents and Settings\tanou\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusProtectPro 3.5.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\tanou\MENUDM~1\VirusProtectPro 3.5.lnk PRESENT !
C:\DOCUME~1\tanou\MENUDM~1\PROGRA~1\VirusProtectPro PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\tanou\Favoris

C:\DOCUME~1\tanou\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Access\ PRESENT !
C:\Program Files\VirusProtectPro 3.5\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6f396a67-f473-48c9-9950-636ce17e584e}"="hellenophile"

[HKEY_CLASSES_ROOT\CLSID\{6f396a67-f473-48c9-9950-636ce17e584e}\InProcServer32]
@="C:\WINDOWS\system32\yesgnhr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6f396a67-f473-48c9-9950-636ce17e584e}\InProcServer32]
@="C:\WINDOWS\system32\yesgnhr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{547aaa89-7e6b-42b4-b112-a64955f86a2a}"="adirondack"

[HKEY_CLASSES_ROOT\CLSID\{547aaa89-7e6b-42b4-b112-a64955f86a2a}\InProcServer32]
@="C:\WINDOWS\system32\zpuwriz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{547aaa89-7e6b-42b4-b112-a64955f86a2a}\InProcServer32]
@="C:\WINDOWS\system32\zpuwriz.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet PCI de base SiS 900 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.39.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C0F6A904-44F1-4165-925E-13941DD09276}: NameServer=212.27.54.252,212.27.39.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C0F6A904-44F1-4165-925E-13941DD09276}: NameServer=212.27.54.252,212.27.39.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C0F6A904-44F1-4165-925E-13941DD09276}: NameServer=212.27.54.252,212.27.39.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

merci de votre aide ^^
0
Réponse 9 / 9
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
- Redémarre ton ordinateur en mode sans échec :
https://blog.sosordi.net/

- Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée

- Réponds O(oui) à ces deux questions si elles te sont posées

Voulez-vous nettoyer le registre ?
Corriger le fichier infecté ?

- Un rapport sera généré, sauvegarde-le sur le bureau

- Redémarre en mode normal

- Poste le rapport SmitfraudFix et un nouveau rapport HijackThis
0

Discussions similaires

Fixer un résultat pour de bon à l'aide d'une fonction.
Bioforge -
Bioforge -

1 réponse
Ancien résultat du BAC
rodriguez73 -
Minere -

12 réponses
Retrouver des anciens resultats de Bac
Plunkenus -
Lapourax -

1 réponse
Avoir les résultats du dernier tirage du loto :)
Tutozz -
Tutozz -

9 réponses
Formule Excel
giorgioo -
oek -

22 réponses