Comment terminer IEXPLORE.EXE
Résolu
linds92
Messages postés
24
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Bonjour,
Depuis quelque temps il y a deux processus : IEXPLORE.EXE qui me bouffe beaucoup trop de RAM. J'ai esseyer de les terminer mais ils reviennent a chaque fois. J'ai fait un scan antivirus mais sa donne rien. S'il te plait vous pourriez m'aider jai fai un scan avec HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:18, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\VUNHSUU1\HiJackThis[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B4C0C60C-1EFF-4AC4-8F17-8D616C94CDFD} - (no file)
O4 - HKLM\..\Run: [OSD] C:\WINDOWS\osd.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Style For Eggs Idle] C:\Documents and Settings\All Users\Application Data\BROWSE PROGRAM STYLE FOR\OBJ KEEP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Saveaxis] C:\DOCUME~1\moi\APPLIC~1\STARTD~1\bird shim.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33DFB28A-9792-4AFC-B594-D589365DF67D} (Bahu Photo Uploader) - https://bahu.com/BahuPhotoUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B3A5F463-EBD7-487E-B737-D2B772908D0F} (Infini.Clock) - http://www.infini-fr.com/Sciences/Informatique/Langages/Imperatifs/VisualBasic/ActiveXInstallation/Infini.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D51D5643-8851-43DB-8FD5-E2FF6642DF7C}: NameServer = 195.238.2.22 195.238.2.21
O20 - Winlogon Notify: qoMfdeET - qoMfdeET.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
Bonjour,
Depuis quelque temps il y a deux processus : IEXPLORE.EXE qui me bouffe beaucoup trop de RAM. J'ai esseyer de les terminer mais ils reviennent a chaque fois. J'ai fait un scan antivirus mais sa donne rien. S'il te plait vous pourriez m'aider jai fai un scan avec HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:18, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\VUNHSUU1\HiJackThis[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B4C0C60C-1EFF-4AC4-8F17-8D616C94CDFD} - (no file)
O4 - HKLM\..\Run: [OSD] C:\WINDOWS\osd.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Style For Eggs Idle] C:\Documents and Settings\All Users\Application Data\BROWSE PROGRAM STYLE FOR\OBJ KEEP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Saveaxis] C:\DOCUME~1\moi\APPLIC~1\STARTD~1\bird shim.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33DFB28A-9792-4AFC-B594-D589365DF67D} (Bahu Photo Uploader) - https://bahu.com/BahuPhotoUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B3A5F463-EBD7-487E-B737-D2B772908D0F} (Infini.Clock) - http://www.infini-fr.com/Sciences/Informatique/Langages/Imperatifs/VisualBasic/ActiveXInstallation/Infini.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D51D5643-8851-43DB-8FD5-E2FF6642DF7C}: NameServer = 195.238.2.22 195.238.2.21
O20 - Winlogon Notify: qoMfdeET - qoMfdeET.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
A voir également:
- Comment terminer IEXPLORE.EXE
- Impossible de terminer l'opération car le fichier contient un virus ✓ - Forum Virus
- Terminer la configuration du compte google play - Forum Gmail
- Impossible de terminer les mises à jour - Guide
- Nous n'avons pas pu terminer les mises à jour annulation des modifications ✓ - Forum Windows 10
- &Quot;impossible de terminer l'installation des fonctionnalités" - Forum Windows 8 / 8.1
27 réponses
Non ce n'est pas iexplorer.exe mais iexplore.exe sans le r, en + il y en a deux et meme quand j'ai pas ouvert internet ils sont encore la c'est pas normal
mais c pas iexplorer mais iexplore c'est sans le r a la fin et il me bouffe chacun jusqua 25 000 Ko meme +
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
J'aais déjà lu ca, mais il disent que je peux l'arreter pourtant moi j'arrive pas quand je le termine il revient a chaque foi et il y en a bcp trop en plus c ecris en majuscule et depuis que j'ai c'est processus en marche j'arrete pas de recevoir de la pub aussi alors qu'au paravent je ne les avaient jamais vu dans mn gestionnaire de tache
Salut
c est du a l infection LOP
ici sur ton hijackthis :
O4 - HKLM\..\Run: [Style For Eggs Idle] C:\Documents and Settings\All Users\Application Data\BROWSE PROGRAM STYLE FOR\OBJ KEEP.exe
O4 - HKCU\..\Run: [Saveaxis] C:\DOCUME~1\moi\APPLIC~1\STARTD~1\bird shim.exe
pour nettoyer :
télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
Tutorial ( aide ) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956.htm
c est du a l infection LOP
ici sur ton hijackthis :
O4 - HKLM\..\Run: [Style For Eggs Idle] C:\Documents and Settings\All Users\Application Data\BROWSE PROGRAM STYLE FOR\OBJ KEEP.exe
O4 - HKCU\..\Run: [Saveaxis] C:\DOCUME~1\moi\APPLIC~1\STARTD~1\bird shim.exe
pour nettoyer :
télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
Tutorial ( aide ) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956.htm
Voila :
--------------------\\ Lop S&D 4.2.2-9 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : moi ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 14/08/2008 | 20:02:56 ] [ PC : LINDSEY-15B7F35 (Proc:x86)]
[ MAJ : 13-08-2008 | 21:02 ]
--------------------\\ Listing des dossiers dans APPLIC~1
[12/08/2006|10:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[12/08/2006|10:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[27/04/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[14/08/2008|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[25/04/2008|23:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[13/08/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE PROGRAM STYLE FOR
[10/09/2006|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[12/08/2006|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[24/01/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[21/12/2006|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/06/2008|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[03/05/2008|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[05/08/2008|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[12/08/2006|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[23/07/2007|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[06/08/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[26/01/2008|21:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[29/07/2007|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
[12/08/2006|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[05/08/2008|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[24/02/2008|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[12/08/2006|10:44] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[26/12/2006|23:18] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[10/09/2006|18:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[12/08/2006|10:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[20/12/2007|20:31] C:\DOCUME~1\moi\APPLIC~1\Adobe
[27/04/2008|23:01] C:\DOCUME~1\moi\APPLIC~1\Apple Computer
[06/05/2007|18:02] C:\DOCUME~1\moi\APPLIC~1\ArcSoft
[25/04/2008|23:38] C:\DOCUME~1\moi\APPLIC~1\Azureus
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\ConvertTemp
[08/10/2006|10:29] C:\DOCUME~1\moi\APPLIC~1\Corel
[25/08/2006|22:20] C:\DOCUME~1\moi\APPLIC~1\Creative
[12/08/2006|10:45] C:\DOCUME~1\moi\APPLIC~1\desktop.ini
[16/08/2006|17:49] C:\DOCUME~1\moi\APPLIC~1\Google
[28/08/2006|03:08] C:\DOCUME~1\moi\APPLIC~1\Help
[12/08/2006|11:10] C:\DOCUME~1\moi\APPLIC~1\Identities
[01/06/2008|15:01] C:\DOCUME~1\moi\APPLIC~1\LimeWire
[16/08/2006|13:56] C:\DOCUME~1\moi\APPLIC~1\Macromedia
[03/05/2008|14:13] C:\DOCUME~1\moi\APPLIC~1\Malwarebytes
[12/08/2006|10:44] C:\DOCUME~1\moi\APPLIC~1\Microsoft
[03/06/2008|18:34] C:\DOCUME~1\moi\APPLIC~1\MiniLyrics
[09/06/2008|17:08] C:\DOCUME~1\moi\APPLIC~1\Mozilla
[08/01/2007|16:09] C:\DOCUME~1\moi\APPLIC~1\MSNInstaller
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\Samsung
[06/08/2008|18:05] C:\DOCUME~1\moi\APPLIC~1\skypePM
[31/05/2008|11:00] C:\DOCUME~1\moi\APPLIC~1\SoundSpectrum
[05/08/2008|17:46] C:\DOCUME~1\moi\APPLIC~1\start dumb
[16/08/2006|17:49] C:\DOCUME~1\moi\APPLIC~1\Sun
[12/08/2006|11:18] C:\DOCUME~1\moi\APPLIC~1\Symantec
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\TransRender
[05/08/2008|21:13] C:\DOCUME~1\moi\APPLIC~1\WinRAR
[12/08/2006|10:45] C:\DOCUME~1\INVIT\APPLIC~1\desktop.ini
[14/05/2007|12:02] C:\DOCUME~1\INVIT\APPLIC~1\Identities
[12/08/2006|10:44] C:\DOCUME~1\INVIT\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[14/08/2008 20:00][--ah-----] C:\WINDOWS\tasks\ACE9DB7791924D83.job
[14/08/2008 16:05][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/09/2001 19:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( ACE9DB7791924D83.job )=( c:\docume~1\moi\applic~1\startd~1\boobpilejump.exe )
--------------------\\ Listing des dossiers dans C:\Program Files
[10/09/2006|18:56] C:\Program Files\ABBYY FineReader 5.0 Sprint
[26/12/2006|17:59] C:\Program Files\Adobe
[12/08/2006|11:57] C:\Program Files\Alcatel
[14/08/2008|16:00] C:\Program Files\CCleaner
[05/08/2008|17:45] C:\Program Files\Circle Developement
[25/04/2008|19:42] C:\Program Files\CleanUp!
[16/08/2006|19:05] C:\Program Files\Creative
[14/08/2008|17:06] C:\Program Files\ESET
[12/08/2006|10:45] C:\Program Files\Fichiers communs
[22/04/2007|19:18] C:\Program Files\Google
[07/10/2007|11:02] C:\Program Files\Grisoft
[12/08/2006|12:25] C:\Program Files\InstallShield Installation Information
[12/08/2006|10:55] C:\Program Files\Internet Explorer
[25/07/2008|00:02] C:\Program Files\Maxis
[12/08/2006|10:53] C:\Program Files\Messenger
[05/08/2008|17:45] C:\Program Files\Messenger Plus! Live
[03/05/2008|22:34] C:\Program Files\MessengerDiscovery
[12/08/2006|10:59] C:\Program Files\microsoft frontpage
[12/08/2006|11:27] C:\Program Files\Microsoft Office
[24/02/2008|16:07] C:\Program Files\Microsoft SQL Server Compact Edition
[12/08/2006|11:29] C:\Program Files\Microsoft.NET
[12/08/2006|10:55] C:\Program Files\Movie Maker
[05/08/2008|17:52] C:\Program Files\Mozilla Firefox
[12/08/2006|10:53] C:\Program Files\MSN
[12/08/2006|10:53] C:\Program Files\MSN Gaming Zone
[12/09/2006|19:43] C:\Program Files\MSN Messenger
[28/05/2007|21:15] C:\Program Files\MSXML 4.0
[12/08/2006|10:55] C:\Program Files\NetMeeting
[16/08/2006|12:34] C:\Program Files\Netropa
[12/08/2006|10:53] C:\Program Files\Online Services
[12/08/2006|10:55] C:\Program Files\Outlook Express
[23/03/2008|16:37] C:\Program Files\Panda Security
[24/11/2006|21:13] C:\Program Files\PhotoDeluxe BE 1.0 TO
[05/08/2008|17:16] C:\Program Files\PixArt
[21/07/2008|16:01] C:\Program Files\QuickTime
[29/03/2008|12:13] C:\Program Files\Samsung
[12/08/2006|10:57] C:\Program Files\Services en ligne
[31/05/2008|10:53] C:\Program Files\SoundSpectrum
[26/01/2008|21:31] C:\Program Files\Spybot - Search & Destroy
[13/08/2008|17:10] C:\Program Files\start dumb
[29/07/2007|14:12] C:\Program Files\support.com
[27/09/2007|19:24] C:\Program Files\Thomson
[12/08/2006|11:10] C:\Program Files\Uninstall Information
[04/10/2007|16:11] C:\Program Files\Windows Live
[03/02/2008|00:57] C:\Program Files\Windows Live Safety Center
[11/04/2007|18:40] C:\Program Files\Windows Media Connect 2
[12/08/2006|10:53] C:\Program Files\Windows Media Player
[12/08/2006|10:53] C:\Program Files\Windows NT
[12/08/2006|10:57] C:\Program Files\WindowsUpdate
[12/08/2006|10:59] C:\Program Files\xerox
[14/08/2008|16:00] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[26/12/2006|17:59] C:\Program Files\Fichiers communs\Adobe
[21/04/2008|20:35] C:\Program Files\Fichiers communs\AVSMedia
[12/08/2006|11:28] C:\Program Files\Fichiers communs\DESIGNER
[12/08/2006|12:25] C:\Program Files\Fichiers communs\InstallShield
[12/08/2006|10:45] C:\Program Files\Fichiers communs\Microsoft Shared
[12/08/2006|10:56] C:\Program Files\Fichiers communs\MSSoap
[12/08/2006|10:45] C:\Program Files\Fichiers communs\ODBC
[12/08/2006|10:56] C:\Program Files\Fichiers communs\Services
[12/08/2006|10:45] C:\Program Files\Fichiers communs\SpeechEngines
[12/08/2006|11:18] C:\Program Files\Fichiers communs\Symantec Shared
[12/08/2006|10:55] C:\Program Files\Fichiers communs\System
[24/02/2008|15:41] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 27 Processus )
IEXPLORE.EXE ~ [PID:456] ~ [Threads:34]
IEXPLORE.EXE ~ [PID:2020] ~ [Threads:8]
IEXPLORE.EXE ~ [PID:264] ~ [Threads:4]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE PROGRAM STYLE FOR
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE PROGRAM STYLE FOR\OBJ KEEP.exe
C:\DOCUME~1\moi\APPLIC~1\startd~1
C:\DOCUME~1\moi\APPLIC~1\startd~1\bird shim.exe
C:\DOCUME~1\moi\APPLIC~1\startd~1\DaleBat1Default.exe
C:\DOCUME~1\moi\APPLIC~1\startd~1\uxerrglv.exe
C:\DOCUME~1\moi\APPLIC~1\startd~1\minzeufx.exe
C:\DOCUME~1\moi\APPLIC~1\startd~1\boobpilejump.exe
C:\Program Files\startd~1
C:\Program Files\Circle Developement
C:\DOCUME~1\moi\Cookies\moi@www.adserver5[1].txt
C:\DOCUME~1\moi\Cookies\moi@advertising[2].txt
C:\DOCUME~1\moi\Cookies\moi@32vegas[1].txt
C:\DOCUME~1\moi\Cookies\moi@banner.32vegas[2].txt
C:\DOCUME~1\moi\Cookies\moi@www.lop[2].txt
C:\WINDOWS\Tasks\ACE9DB7791924D83.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Saveaxis"="C:\\DOCUME~1\\moi\\APPLIC~1\\STARTD~1\\bird shim.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Style For Eggs Idle"="C:\\Documents and Settings\\All Users\\Application Data\\BROWSE PROGRAM STYLE FOR\\OBJ KEEP.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 20:04:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:322][D:7]-> C:\DOCUME~1\moi\LOCALS~1\Temp
[F:69][D:0]-> C:\DOCUME~1\moi\Cookies
[F:1634][D:5]-> C:\DOCUME~1\moi\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
--------------------\\ Fin du rapport a 20:06:13,78
--------------------\\ Lop S&D 4.2.2-9 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : moi ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 14/08/2008 | 20:02:56 ] [ PC : LINDSEY-15B7F35 (Proc:x86)]
[ MAJ : 13-08-2008 | 21:02 ]
--------------------\\ Listing des dossiers dans APPLIC~1
[12/08/2006|10:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[12/08/2006|10:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[27/04/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[14/08/2008|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[25/04/2008|23:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[13/08/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE PROGRAM STYLE FOR
[10/09/2006|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[12/08/2006|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[24/01/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[21/12/2006|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/06/2008|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[03/05/2008|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[05/08/2008|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[12/08/2006|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[23/07/2007|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[06/08/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[26/01/2008|21:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[29/07/2007|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
[12/08/2006|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[05/08/2008|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[24/02/2008|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[12/08/2006|10:44] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[26/12/2006|23:18] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[10/09/2006|18:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[12/08/2006|10:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[20/12/2007|20:31] C:\DOCUME~1\moi\APPLIC~1\Adobe
[27/04/2008|23:01] C:\DOCUME~1\moi\APPLIC~1\Apple Computer
[06/05/2007|18:02] C:\DOCUME~1\moi\APPLIC~1\ArcSoft
[25/04/2008|23:38] C:\DOCUME~1\moi\APPLIC~1\Azureus
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\ConvertTemp
[08/10/2006|10:29] C:\DOCUME~1\moi\APPLIC~1\Corel
[25/08/2006|22:20] C:\DOCUME~1\moi\APPLIC~1\Creative
[12/08/2006|10:45] C:\DOCUME~1\moi\APPLIC~1\desktop.ini
[16/08/2006|17:49] C:\DOCUME~1\moi\APPLIC~1\Google
[28/08/2006|03:08] C:\DOCUME~1\moi\APPLIC~1\Help
[12/08/2006|11:10] C:\DOCUME~1\moi\APPLIC~1\Identities
[01/06/2008|15:01] C:\DOCUME~1\moi\APPLIC~1\LimeWire
[16/08/2006|13:56] C:\DOCUME~1\moi\APPLIC~1\Macromedia
[03/05/2008|14:13] C:\DOCUME~1\moi\APPLIC~1\Malwarebytes
[12/08/2006|10:44] C:\DOCUME~1\moi\APPLIC~1\Microsoft
[03/06/2008|18:34] C:\DOCUME~1\moi\APPLIC~1\MiniLyrics
[09/06/2008|17:08] C:\DOCUME~1\moi\APPLIC~1\Mozilla
[08/01/2007|16:09] C:\DOCUME~1\moi\APPLIC~1\MSNInstaller
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\Samsung
[06/08/2008|18:05] C:\DOCUME~1\moi\APPLIC~1\skypePM
[31/05/2008|11:00] C:\DOCUME~1\moi\APPLIC~1\SoundSpectrum
[05/08/2008|17:46] C:\DOCUME~1\moi\APPLIC~1\start dumb
[16/08/2006|17:49] C:\DOCUME~1\moi\APPLIC~1\Sun
[12/08/2006|11:18] C:\DOCUME~1\moi\APPLIC~1\Symantec
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\TransRender
[05/08/2008|21:13] C:\DOCUME~1\moi\APPLIC~1\WinRAR
[12/08/2006|10:45] C:\DOCUME~1\INVIT\APPLIC~1\desktop.ini
[14/05/2007|12:02] C:\DOCUME~1\INVIT\APPLIC~1\Identities
[12/08/2006|10:44] C:\DOCUME~1\INVIT\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[14/08/2008 20:00][--ah-----] C:\WINDOWS\tasks\ACE9DB7791924D83.job
[14/08/2008 16:05][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/09/2001 19:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( ACE9DB7791924D83.job )=( c:\docume~1\moi\applic~1\startd~1\boobpilejump.exe )
--------------------\\ Listing des dossiers dans C:\Program Files
[10/09/2006|18:56] C:\Program Files\ABBYY FineReader 5.0 Sprint
[26/12/2006|17:59] C:\Program Files\Adobe
[12/08/2006|11:57] C:\Program Files\Alcatel
[14/08/2008|16:00] C:\Program Files\CCleaner
[05/08/2008|17:45] C:\Program Files\Circle Developement
[25/04/2008|19:42] C:\Program Files\CleanUp!
[16/08/2006|19:05] C:\Program Files\Creative
[14/08/2008|17:06] C:\Program Files\ESET
[12/08/2006|10:45] C:\Program Files\Fichiers communs
[22/04/2007|19:18] C:\Program Files\Google
[07/10/2007|11:02] C:\Program Files\Grisoft
[12/08/2006|12:25] C:\Program Files\InstallShield Installation Information
[12/08/2006|10:55] C:\Program Files\Internet Explorer
[25/07/2008|00:02] C:\Program Files\Maxis
[12/08/2006|10:53] C:\Program Files\Messenger
[05/08/2008|17:45] C:\Program Files\Messenger Plus! Live
[03/05/2008|22:34] C:\Program Files\MessengerDiscovery
[12/08/2006|10:59] C:\Program Files\microsoft frontpage
[12/08/2006|11:27] C:\Program Files\Microsoft Office
[24/02/2008|16:07] C:\Program Files\Microsoft SQL Server Compact Edition
[12/08/2006|11:29] C:\Program Files\Microsoft.NET
[12/08/2006|10:55] C:\Program Files\Movie Maker
[05/08/2008|17:52] C:\Program Files\Mozilla Firefox
[12/08/2006|10:53] C:\Program Files\MSN
[12/08/2006|10:53] C:\Program Files\MSN Gaming Zone
[12/09/2006|19:43] C:\Program Files\MSN Messenger
[28/05/2007|21:15] C:\Program Files\MSXML 4.0
[12/08/2006|10:55] C:\Program Files\NetMeeting
[16/08/2006|12:34] C:\Program Files\Netropa
[12/08/2006|10:53] C:\Program Files\Online Services
[12/08/2006|10:55] C:\Program Files\Outlook Express
[23/03/2008|16:37] C:\Program Files\Panda Security
[24/11/2006|21:13] C:\Program Files\PhotoDeluxe BE 1.0 TO
[05/08/2008|17:16] C:\Program Files\PixArt
[21/07/2008|16:01] C:\Program Files\QuickTime
[29/03/2008|12:13] C:\Program Files\Samsung
[12/08/2006|10:57] C:\Program Files\Services en ligne
[31/05/2008|10:53] C:\Program Files\SoundSpectrum
[26/01/2008|21:31] C:\Program Files\Spybot - Search & Destroy
[13/08/2008|17:10] C:\Program Files\start dumb
[29/07/2007|14:12] C:\Program Files\support.com
[27/09/2007|19:24] C:\Program Files\Thomson
[12/08/2006|11:10] C:\Program Files\Uninstall Information
[04/10/2007|16:11] C:\Program Files\Windows Live
[03/02/2008|00:57] C:\Program Files\Windows Live Safety Center
[11/04/2007|18:40] C:\Program Files\Windows Media Connect 2
[12/08/2006|10:53] C:\Program Files\Windows Media Player
[12/08/2006|10:53] C:\Program Files\Windows NT
[12/08/2006|10:57] C:\Program Files\WindowsUpdate
[12/08/2006|10:59] C:\Program Files\xerox
[14/08/2008|16:00] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[26/12/2006|17:59] C:\Program Files\Fichiers communs\Adobe
[21/04/2008|20:35] C:\Program Files\Fichiers communs\AVSMedia
[12/08/2006|11:28] C:\Program Files\Fichiers communs\DESIGNER
[12/08/2006|12:25] C:\Program Files\Fichiers communs\InstallShield
[12/08/2006|10:45] C:\Program Files\Fichiers communs\Microsoft Shared
[12/08/2006|10:56] C:\Program Files\Fichiers communs\MSSoap
[12/08/2006|10:45] C:\Program Files\Fichiers communs\ODBC
[12/08/2006|10:56] C:\Program Files\Fichiers communs\Services
[12/08/2006|10:45] C:\Program Files\Fichiers communs\SpeechEngines
[12/08/2006|11:18] C:\Program Files\Fichiers communs\Symantec Shared
[12/08/2006|10:55] C:\Program Files\Fichiers communs\System
[24/02/2008|15:41] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 27 Processus )
IEXPLORE.EXE ~ [PID:456] ~ [Threads:34]
IEXPLORE.EXE ~ [PID:2020] ~ [Threads:8]
IEXPLORE.EXE ~ [PID:264] ~ [Threads:4]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE PROGRAM STYLE FOR
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE PROGRAM STYLE FOR\OBJ KEEP.exe
C:\DOCUME~1\moi\APPLIC~1\startd~1
C:\DOCUME~1\moi\APPLIC~1\startd~1\bird shim.exe
C:\DOCUME~1\moi\APPLIC~1\startd~1\DaleBat1Default.exe
C:\DOCUME~1\moi\APPLIC~1\startd~1\uxerrglv.exe
C:\DOCUME~1\moi\APPLIC~1\startd~1\minzeufx.exe
C:\DOCUME~1\moi\APPLIC~1\startd~1\boobpilejump.exe
C:\Program Files\startd~1
C:\Program Files\Circle Developement
C:\DOCUME~1\moi\Cookies\moi@www.adserver5[1].txt
C:\DOCUME~1\moi\Cookies\moi@advertising[2].txt
C:\DOCUME~1\moi\Cookies\moi@32vegas[1].txt
C:\DOCUME~1\moi\Cookies\moi@banner.32vegas[2].txt
C:\DOCUME~1\moi\Cookies\moi@www.lop[2].txt
C:\WINDOWS\Tasks\ACE9DB7791924D83.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Saveaxis"="C:\\DOCUME~1\\moi\\APPLIC~1\\STARTD~1\\bird shim.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Style For Eggs Idle"="C:\\Documents and Settings\\All Users\\Application Data\\BROWSE PROGRAM STYLE FOR\\OBJ KEEP.exe"
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 20:04:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:322][D:7]-> C:\DOCUME~1\moi\LOCALS~1\Temp
[F:69][D:0]-> C:\DOCUME~1\moi\Cookies
[F:1634][D:5]-> C:\DOCUME~1\moi\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
--------------------\\ Fin du rapport a 20:06:13,78
Relance Lop S&D
* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)
* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)
--------------------\\ Lop S&D 4.2.2-9 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : moi ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 14/08/2008 | 20:13:06 ] [ PC : LINDSEY-15B7F35 (Proc:x86)]
[ MAJ : 13-08-2008 | 21:02 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE PROGRAM STYLE FOR\OBJ KEEP.exe
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1\bird shim.exe
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1\DaleBat1Default.exe
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1\uxerrglv.exe
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1\minzeufx.exe
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1\boobpilejump.exe
Supprime! - C:\DOCUME~1\moi\Cookies\moi@www.adserver5[1].txt
Supprime! - C:\DOCUME~1\moi\Cookies\moi@advertising[2].txt
Supprime! - C:\DOCUME~1\moi\Cookies\moi@32vegas[1].txt
Supprime! - C:\DOCUME~1\moi\Cookies\moi@banner.32vegas[2].txt
Supprime! - C:\DOCUME~1\moi\Cookies\moi@www.lop[2].txt
Supprime! - C:\WINDOWS\Tasks\ACE9DB7791924D83.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE PROGRAM STYLE FOR
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1
Supprime! - C:\Program Files\startd~1
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[12/08/2006|10:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[12/08/2006|10:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[27/04/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[14/08/2008|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[25/04/2008|23:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[10/09/2006|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[12/08/2006|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[24/01/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[21/12/2006|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/06/2008|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[03/05/2008|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[05/08/2008|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[12/08/2006|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[23/07/2007|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[06/08/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[26/01/2008|21:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[29/07/2007|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
[12/08/2006|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[05/08/2008|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[24/02/2008|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[12/08/2006|10:44] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[26/12/2006|23:18] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[10/09/2006|18:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[12/08/2006|10:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[20/12/2007|20:31] C:\DOCUME~1\moi\APPLIC~1\Adobe
[27/04/2008|23:01] C:\DOCUME~1\moi\APPLIC~1\Apple Computer
[06/05/2007|18:02] C:\DOCUME~1\moi\APPLIC~1\ArcSoft
[25/04/2008|23:38] C:\DOCUME~1\moi\APPLIC~1\Azureus
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\ConvertTemp
[08/10/2006|10:29] C:\DOCUME~1\moi\APPLIC~1\Corel
[25/08/2006|22:20] C:\DOCUME~1\moi\APPLIC~1\Creative
[12/08/2006|10:45] C:\DOCUME~1\moi\APPLIC~1\desktop.ini
[16/08/2006|17:49] C:\DOCUME~1\moi\APPLIC~1\Google
[28/08/2006|03:08] C:\DOCUME~1\moi\APPLIC~1\Help
[12/08/2006|11:10] C:\DOCUME~1\moi\APPLIC~1\Identities
[01/06/2008|15:01] C:\DOCUME~1\moi\APPLIC~1\LimeWire
[16/08/2006|13:56] C:\DOCUME~1\moi\APPLIC~1\Macromedia
[03/05/2008|14:13] C:\DOCUME~1\moi\APPLIC~1\Malwarebytes
[12/08/2006|10:44] C:\DOCUME~1\moi\APPLIC~1\Microsoft
[03/06/2008|18:34] C:\DOCUME~1\moi\APPLIC~1\MiniLyrics
[09/06/2008|17:08] C:\DOCUME~1\moi\APPLIC~1\Mozilla
[08/01/2007|16:09] C:\DOCUME~1\moi\APPLIC~1\MSNInstaller
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\Samsung
[06/08/2008|18:05] C:\DOCUME~1\moi\APPLIC~1\skypePM
[31/05/2008|11:00] C:\DOCUME~1\moi\APPLIC~1\SoundSpectrum
[16/08/2006|17:49] C:\DOCUME~1\moi\APPLIC~1\Sun
[12/08/2006|11:18] C:\DOCUME~1\moi\APPLIC~1\Symantec
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\TransRender
[05/08/2008|21:13] C:\DOCUME~1\moi\APPLIC~1\WinRAR
[12/08/2006|10:45] C:\DOCUME~1\INVIT\APPLIC~1\desktop.ini
[14/05/2007|12:02] C:\DOCUME~1\INVIT\APPLIC~1\Identities
[12/08/2006|10:44] C:\DOCUME~1\INVIT\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[14/08/2008 16:05][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/09/2001 19:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[10/09/2006|18:56] C:\Program Files\ABBYY FineReader 5.0 Sprint
[26/12/2006|17:59] C:\Program Files\Adobe
[12/08/2006|11:57] C:\Program Files\Alcatel
[14/08/2008|16:00] C:\Program Files\CCleaner
[25/04/2008|19:42] C:\Program Files\CleanUp!
[16/08/2006|19:05] C:\Program Files\Creative
[14/08/2008|17:06] C:\Program Files\ESET
[12/08/2006|10:45] C:\Program Files\Fichiers communs
[22/04/2007|19:18] C:\Program Files\Google
[07/10/2007|11:02] C:\Program Files\Grisoft
[12/08/2006|12:25] C:\Program Files\InstallShield Installation Information
[12/08/2006|10:55] C:\Program Files\Internet Explorer
[25/07/2008|00:02] C:\Program Files\Maxis
[12/08/2006|10:53] C:\Program Files\Messenger
[05/08/2008|17:45] C:\Program Files\Messenger Plus! Live
[03/05/2008|22:34] C:\Program Files\MessengerDiscovery
[12/08/2006|10:59] C:\Program Files\microsoft frontpage
[12/08/2006|11:27] C:\Program Files\Microsoft Office
[24/02/2008|16:07] C:\Program Files\Microsoft SQL Server Compact Edition
[12/08/2006|11:29] C:\Program Files\Microsoft.NET
[12/08/2006|10:55] C:\Program Files\Movie Maker
[05/08/2008|17:52] C:\Program Files\Mozilla Firefox
[12/08/2006|10:53] C:\Program Files\MSN
[12/08/2006|10:53] C:\Program Files\MSN Gaming Zone
[12/09/2006|19:43] C:\Program Files\MSN Messenger
[28/05/2007|21:15] C:\Program Files\MSXML 4.0
[12/08/2006|10:55] C:\Program Files\NetMeeting
[16/08/2006|12:34] C:\Program Files\Netropa
[12/08/2006|10:53] C:\Program Files\Online Services
[12/08/2006|10:55] C:\Program Files\Outlook Express
[23/03/2008|16:37] C:\Program Files\Panda Security
[24/11/2006|21:13] C:\Program Files\PhotoDeluxe BE 1.0 TO
[05/08/2008|17:16] C:\Program Files\PixArt
[21/07/2008|16:01] C:\Program Files\QuickTime
[29/03/2008|12:13] C:\Program Files\Samsung
[12/08/2006|10:57] C:\Program Files\Services en ligne
[31/05/2008|10:53] C:\Program Files\SoundSpectrum
[26/01/2008|21:31] C:\Program Files\Spybot - Search & Destroy
[29/07/2007|14:12] C:\Program Files\support.com
[27/09/2007|19:24] C:\Program Files\Thomson
[12/08/2006|11:10] C:\Program Files\Uninstall Information
[04/10/2007|16:11] C:\Program Files\Windows Live
[03/02/2008|00:57] C:\Program Files\Windows Live Safety Center
[11/04/2007|18:40] C:\Program Files\Windows Media Connect 2
[12/08/2006|10:53] C:\Program Files\Windows Media Player
[12/08/2006|10:53] C:\Program Files\Windows NT
[12/08/2006|10:57] C:\Program Files\WindowsUpdate
[12/08/2006|10:59] C:\Program Files\xerox
[14/08/2008|16:00] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[26/12/2006|17:59] C:\Program Files\Fichiers communs\Adobe
[21/04/2008|20:35] C:\Program Files\Fichiers communs\AVSMedia
[12/08/2006|11:28] C:\Program Files\Fichiers communs\DESIGNER
[12/08/2006|12:25] C:\Program Files\Fichiers communs\InstallShield
[12/08/2006|10:45] C:\Program Files\Fichiers communs\Microsoft Shared
[12/08/2006|10:56] C:\Program Files\Fichiers communs\MSSoap
[12/08/2006|10:45] C:\Program Files\Fichiers communs\ODBC
[12/08/2006|10:56] C:\Program Files\Fichiers communs\Services
[12/08/2006|10:45] C:\Program Files\Fichiers communs\SpeechEngines
[12/08/2006|11:18] C:\Program Files\Fichiers communs\Symantec Shared
[12/08/2006|10:55] C:\Program Files\Fichiers communs\System
[24/02/2008|15:41] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 25 Processus )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 20:14:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:322][D:7]-> C:\DOCUME~1\moi\LOCALS~1\Temp
[F:64][D:0]-> C:\DOCUME~1\moi\Cookies
[F:1647][D:5]-> C:\DOCUME~1\moi\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
--------------------\\ Fin du rapport a 20:15:51,00
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : moi ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 14/08/2008 | 20:13:06 ] [ PC : LINDSEY-15B7F35 (Proc:x86)]
[ MAJ : 13-08-2008 | 21:02 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE PROGRAM STYLE FOR\OBJ KEEP.exe
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1\bird shim.exe
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1\DaleBat1Default.exe
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1\uxerrglv.exe
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1\minzeufx.exe
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1\boobpilejump.exe
Supprime! - C:\DOCUME~1\moi\Cookies\moi@www.adserver5[1].txt
Supprime! - C:\DOCUME~1\moi\Cookies\moi@advertising[2].txt
Supprime! - C:\DOCUME~1\moi\Cookies\moi@32vegas[1].txt
Supprime! - C:\DOCUME~1\moi\Cookies\moi@banner.32vegas[2].txt
Supprime! - C:\DOCUME~1\moi\Cookies\moi@www.lop[2].txt
Supprime! - C:\WINDOWS\Tasks\ACE9DB7791924D83.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE PROGRAM STYLE FOR
Supprime! - C:\DOCUME~1\moi\APPLIC~1\startd~1
Supprime! - C:\Program Files\startd~1
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[12/08/2006|10:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[12/08/2006|10:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[27/04/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[14/08/2008|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[25/04/2008|23:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[10/09/2006|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[12/08/2006|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[24/01/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[21/12/2006|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/06/2008|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[03/05/2008|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[05/08/2008|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[12/08/2006|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[23/07/2007|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[06/08/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[26/01/2008|21:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[29/07/2007|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
[12/08/2006|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[05/08/2008|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[24/02/2008|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[12/08/2006|10:44] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[26/12/2006|23:18] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[10/09/2006|18:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[12/08/2006|10:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[20/12/2007|20:31] C:\DOCUME~1\moi\APPLIC~1\Adobe
[27/04/2008|23:01] C:\DOCUME~1\moi\APPLIC~1\Apple Computer
[06/05/2007|18:02] C:\DOCUME~1\moi\APPLIC~1\ArcSoft
[25/04/2008|23:38] C:\DOCUME~1\moi\APPLIC~1\Azureus
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\ConvertTemp
[08/10/2006|10:29] C:\DOCUME~1\moi\APPLIC~1\Corel
[25/08/2006|22:20] C:\DOCUME~1\moi\APPLIC~1\Creative
[12/08/2006|10:45] C:\DOCUME~1\moi\APPLIC~1\desktop.ini
[16/08/2006|17:49] C:\DOCUME~1\moi\APPLIC~1\Google
[28/08/2006|03:08] C:\DOCUME~1\moi\APPLIC~1\Help
[12/08/2006|11:10] C:\DOCUME~1\moi\APPLIC~1\Identities
[01/06/2008|15:01] C:\DOCUME~1\moi\APPLIC~1\LimeWire
[16/08/2006|13:56] C:\DOCUME~1\moi\APPLIC~1\Macromedia
[03/05/2008|14:13] C:\DOCUME~1\moi\APPLIC~1\Malwarebytes
[12/08/2006|10:44] C:\DOCUME~1\moi\APPLIC~1\Microsoft
[03/06/2008|18:34] C:\DOCUME~1\moi\APPLIC~1\MiniLyrics
[09/06/2008|17:08] C:\DOCUME~1\moi\APPLIC~1\Mozilla
[08/01/2007|16:09] C:\DOCUME~1\moi\APPLIC~1\MSNInstaller
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\Samsung
[06/08/2008|18:05] C:\DOCUME~1\moi\APPLIC~1\skypePM
[31/05/2008|11:00] C:\DOCUME~1\moi\APPLIC~1\SoundSpectrum
[16/08/2006|17:49] C:\DOCUME~1\moi\APPLIC~1\Sun
[12/08/2006|11:18] C:\DOCUME~1\moi\APPLIC~1\Symantec
[28/05/2007|11:47] C:\DOCUME~1\moi\APPLIC~1\TransRender
[05/08/2008|21:13] C:\DOCUME~1\moi\APPLIC~1\WinRAR
[12/08/2006|10:45] C:\DOCUME~1\INVIT\APPLIC~1\desktop.ini
[14/05/2007|12:02] C:\DOCUME~1\INVIT\APPLIC~1\Identities
[12/08/2006|10:44] C:\DOCUME~1\INVIT\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[14/08/2008 16:05][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/09/2001 19:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[10/09/2006|18:56] C:\Program Files\ABBYY FineReader 5.0 Sprint
[26/12/2006|17:59] C:\Program Files\Adobe
[12/08/2006|11:57] C:\Program Files\Alcatel
[14/08/2008|16:00] C:\Program Files\CCleaner
[25/04/2008|19:42] C:\Program Files\CleanUp!
[16/08/2006|19:05] C:\Program Files\Creative
[14/08/2008|17:06] C:\Program Files\ESET
[12/08/2006|10:45] C:\Program Files\Fichiers communs
[22/04/2007|19:18] C:\Program Files\Google
[07/10/2007|11:02] C:\Program Files\Grisoft
[12/08/2006|12:25] C:\Program Files\InstallShield Installation Information
[12/08/2006|10:55] C:\Program Files\Internet Explorer
[25/07/2008|00:02] C:\Program Files\Maxis
[12/08/2006|10:53] C:\Program Files\Messenger
[05/08/2008|17:45] C:\Program Files\Messenger Plus! Live
[03/05/2008|22:34] C:\Program Files\MessengerDiscovery
[12/08/2006|10:59] C:\Program Files\microsoft frontpage
[12/08/2006|11:27] C:\Program Files\Microsoft Office
[24/02/2008|16:07] C:\Program Files\Microsoft SQL Server Compact Edition
[12/08/2006|11:29] C:\Program Files\Microsoft.NET
[12/08/2006|10:55] C:\Program Files\Movie Maker
[05/08/2008|17:52] C:\Program Files\Mozilla Firefox
[12/08/2006|10:53] C:\Program Files\MSN
[12/08/2006|10:53] C:\Program Files\MSN Gaming Zone
[12/09/2006|19:43] C:\Program Files\MSN Messenger
[28/05/2007|21:15] C:\Program Files\MSXML 4.0
[12/08/2006|10:55] C:\Program Files\NetMeeting
[16/08/2006|12:34] C:\Program Files\Netropa
[12/08/2006|10:53] C:\Program Files\Online Services
[12/08/2006|10:55] C:\Program Files\Outlook Express
[23/03/2008|16:37] C:\Program Files\Panda Security
[24/11/2006|21:13] C:\Program Files\PhotoDeluxe BE 1.0 TO
[05/08/2008|17:16] C:\Program Files\PixArt
[21/07/2008|16:01] C:\Program Files\QuickTime
[29/03/2008|12:13] C:\Program Files\Samsung
[12/08/2006|10:57] C:\Program Files\Services en ligne
[31/05/2008|10:53] C:\Program Files\SoundSpectrum
[26/01/2008|21:31] C:\Program Files\Spybot - Search & Destroy
[29/07/2007|14:12] C:\Program Files\support.com
[27/09/2007|19:24] C:\Program Files\Thomson
[12/08/2006|11:10] C:\Program Files\Uninstall Information
[04/10/2007|16:11] C:\Program Files\Windows Live
[03/02/2008|00:57] C:\Program Files\Windows Live Safety Center
[11/04/2007|18:40] C:\Program Files\Windows Media Connect 2
[12/08/2006|10:53] C:\Program Files\Windows Media Player
[12/08/2006|10:53] C:\Program Files\Windows NT
[12/08/2006|10:57] C:\Program Files\WindowsUpdate
[12/08/2006|10:59] C:\Program Files\xerox
[14/08/2008|16:00] C:\Program Files\Yahoo!
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[26/12/2006|17:59] C:\Program Files\Fichiers communs\Adobe
[21/04/2008|20:35] C:\Program Files\Fichiers communs\AVSMedia
[12/08/2006|11:28] C:\Program Files\Fichiers communs\DESIGNER
[12/08/2006|12:25] C:\Program Files\Fichiers communs\InstallShield
[12/08/2006|10:45] C:\Program Files\Fichiers communs\Microsoft Shared
[12/08/2006|10:56] C:\Program Files\Fichiers communs\MSSoap
[12/08/2006|10:45] C:\Program Files\Fichiers communs\ODBC
[12/08/2006|10:56] C:\Program Files\Fichiers communs\Services
[12/08/2006|10:45] C:\Program Files\Fichiers communs\SpeechEngines
[12/08/2006|11:18] C:\Program Files\Fichiers communs\Symantec Shared
[12/08/2006|10:55] C:\Program Files\Fichiers communs\System
[24/02/2008|15:41] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 25 Processus )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 20:14:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:322][D:7]-> C:\DOCUME~1\moi\LOCALS~1\Temp
[F:64][D:0]-> C:\DOCUME~1\moi\Cookies
[F:1647][D:5]-> C:\DOCUME~1\moi\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
--------------------\\ Fin du rapport a 20:15:51,00
Désinstal messenger Plus , réinstal le mais sans le sponsor car ton soucis viens de la
réouvre hijackthis
fais scan only
coches ces lignes :
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B4C0C60C-1EFF-4AC4-8F17-8D616C94CDFD} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33DFB28A-9792-4AFC-B594-D589365DF67D} (Bahu Photo Uploader) - https://bahu.com/BahuPhotoUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B3A5F463-EBD7-487E-B737-D2B772908D0F} (Infini.Clock) - http://www.infini-fr.com/
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: qoMfdeET - qoMfdeET.dll (file missing)
tu les coches toutes et tu clic sur fix checked
ensuite refais un scan hijackthis (do a system scan and save a logfile) et copie colle le rapport dans ta réponse stp
réouvre hijackthis
fais scan only
coches ces lignes :
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B4C0C60C-1EFF-4AC4-8F17-8D616C94CDFD} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33DFB28A-9792-4AFC-B594-D589365DF67D} (Bahu Photo Uploader) - https://bahu.com/BahuPhotoUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_2/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B3A5F463-EBD7-487E-B737-D2B772908D0F} (Infini.Clock) - http://www.infini-fr.com/
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: qoMfdeET - qoMfdeET.dll (file missing)
tu les coches toutes et tu clic sur fix checked
ensuite refais un scan hijackthis (do a system scan and save a logfile) et copie colle le rapport dans ta réponse stp
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:32, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\moi\Local Settings\Temporary Internet Files\Content.IE5\VUNHSUU1\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OSD] C:\WINDOWS\osd.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D51D5643-8851-43DB-8FD5-E2FF6642DF7C}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
Scan saved at 20:33:32, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\moi\Local Settings\Temporary Internet Files\Content.IE5\VUNHSUU1\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OSD] C:\WINDOWS\osd.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D51D5643-8851-43DB-8FD5-E2FF6642DF7C}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
tu as une trace de norton
désinstal : live update de symantec ( c est le module de mises a jours de norton)
tu avais une trace d une ancienne infection
je te conseil de faire ce scan :
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
désinstal : live update de symantec ( c est le module de mises a jours de norton)
tu avais une trace d une ancienne infection
je te conseil de faire ce scan :
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
pour liveupdate , tu vas dans panneau de configuration puis ajouts et suppression de programmes
dans la liste tu repere live update et tu le désinstal idem pour messenger live + que tu pourras remettre mais sans le sponsor :
messenger live plus : https://www.01net.com/telecharger/windows/Internet/communication/fiches/34094.html
dans la liste tu repere live update et tu le désinstal idem pour messenger live + que tu pourras remettre mais sans le sponsor :
messenger live plus : https://www.01net.com/telecharger/windows/Internet/communication/fiches/34094.html
salut a ts
j'ai trouvé la solution , il s'agit d'un warm ou un trojan qui se sert de iexplorer.exe pour se connecter , mais c'est que votre antivirus n'est pas slolide j'ai trouvé un antivirus puissant et gratuit :p "avira antivir personal " faite un scan et puis ça ira mieux
j'ai trouvé la solution , il s'agit d'un warm ou un trojan qui se sert de iexplorer.exe pour se connecter , mais c'est que votre antivirus n'est pas slolide j'ai trouvé un antivirus puissant et gratuit :p "avira antivir personal " faite un scan et puis ça ira mieux
Voila
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1052
Windows 5.1.2600 Service Pack 2
21:10:14 14/08/2008
mbam-log-8-14-2008 (21-10-14).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 62476
Temps écoulé: 18 minute(s), 22 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07755e4d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07755e4d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1052
Windows 5.1.2600 Service Pack 2
21:10:14 14/08/2008
mbam-log-8-14-2008 (21-10-14).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 62476
Temps écoulé: 18 minute(s), 22 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07755e4d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM07755e4d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
