Ouverture intempestive Internet Explorer [Résolu/Fermé]

Signaler
Messages postés
55
Date d'inscription
vendredi 15 août 2008
Statut
Membre
Dernière intervention
10 juin 2011
-
Messages postés
51549
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
1 mai 2020
-
Bonjour,

J'utilise Firefox mais Internet Explorer ouvre sans arrêt des fenêtres alors qu'il est fermé. Si je l'ouvre volontairement (j'ai mis Google en page d'accueil) ma page disparaît rapidement sous une fenêtre pub, puis une autre. En regardant sur divers forums on y parle beaucoup de Highjack mais je ne saurais pas interpréter le rapport.
Est-ce qu'il y a une autre solution ou bien quelqu'un peut-il interpréter le rapport si je le poste ?
Par avance merci.

19 réponses

Messages postés
51549
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
1 mai 2020
5 013
slt,



colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
Messages postés
55
Date d'inscription
vendredi 15 août 2008
Statut
Membre
Dernière intervention
10 juin 2011
2
Voilà ce que me donne le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:16, on 19/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Pop up Blocker\pd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [InternetJoy] "C:\ProgramData\ITCH BOOK BOOK.i0hxxm0"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\meal for build.tzm1df"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3470224691-3631093681-4139023912-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Invité')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PD - {716B24E2-12B2-48FB-A342-5015B31939BE} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Messages postés
51549
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
1 mai 2020
5 013
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7cohpQ2gDNqaTCG6dL8MpZH_j22azsFEHzKrZc89j__rRs12F-cY3KTCVHRUMOsoyw3OopzBrXZK2P8pruR8nrpv-ABv81P4-aXQNX2IXzh1ltRzqkKomnXxSiO0FGMqtzXitpr00q8ia29bT2kUTwOm-GbbimM_ya-6UYCJIxIrfFh2ttUYebYSxQBgH2b7GVAnVGjI47TwU6lwGdvQ3RXX_uWjcg%3D%3D&attredirects=1

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
Messages postés
55
Date d'inscription
vendredi 15 août 2008
Statut
Membre
Dernière intervention
10 juin 2011
2
--------------------\\ Lop S&D 4.2.3-1 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
Ver 1.00PARTTBL
BOOT : Normal boot

"C:\Lop SD" ( MAJ : 19-08-2008|02:08 )
Option : [1] ( 19/08/2008|16:07 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[19/08/2008|12:29] C:\Users\sauvane\AppData\Local\Adobe
[29/01/2008|13:54] C:\Users\sauvane\AppData\Local\Apple
[29/01/2008|14:20] C:\Users\sauvane\AppData\Local\Apple Computer
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\Application Data
[15/12/2007|18:12] C:\Users\sauvane\AppData\Local\ATI
[21/06/2008|21:35] C:\Users\sauvane\AppData\Local\d3d9caps.dat
[19/08/2008|14:48] C:\Users\sauvane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\GDIPFONTCACHEV1.DAT
[22/01/2008|15:16] C:\Users\sauvane\AppData\Local\Google
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\Historique
[19/08/2008|15:38] C:\Users\sauvane\AppData\Local\IconCache.db
[14/08/2008|10:42] C:\Users\sauvane\AppData\Local\Microsoft
[01/06/2008|17:18] C:\Users\sauvane\AppData\Local\Microsoft Games
[12/08/2008|17:20] C:\Users\sauvane\AppData\Local\Mozilla
[19/08/2008|16:07] C:\Users\sauvane\AppData\Local\Temp
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\Temporary Internet Files
[15/12/2007|18:12] C:\Users\sauvane\AppData\Local\Toshiba
[11/01/2008|23:46] C:\Users\sauvane\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[18/08/2008 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - sauvane.job
[19/08/2008 15:41][--ah-----] C:\Windows\tasks\SA.DAT
[19/08/2008 15:39][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[18/05/2007|09:49] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[10/08/2008|10:53] C:\ProgramData\Adobe
[29/01/2008|13:53] C:\ProgramData\Apple
[29/01/2008|13:58] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[15/12/2007|18:12] C:\ProgramData\ATI
[15/08/2008|22:37] C:\ProgramData\body meow bolt
[15/12/2007|18:03] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[15/08/2008|22:37] C:\ProgramData\each new axis love
[15/12/2007|18:03] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[22/01/2008|15:13] C:\ProgramData\Google
[17/03/2008|21:18] C:\ProgramData\ITCH BOOK BOOK.1f71hw8
[11/01/2008|21:26] C:\ProgramData\ITCH BOOK BOOK.c3z0xtp
[17/03/2008|21:18] C:\ProgramData\ITCH BOOK BOOK.hzvgsjj
[15/08/2008|22:36] C:\ProgramData\ITCH BOOK BOOK.i0hxxm0
[15/08/2008|22:36] C:\ProgramData\ITCH BOOK BOOK.io1ie
[19/08/2008|14:31] C:\ProgramData\Lavasoft
[12/06/2008|21:56] C:\ProgramData\Logitech
[15/08/2008|22:37] C:\ProgramData\meal for build.tzm1df
[15/12/2007|18:03] C:\ProgramData\Menu D‚marrer
[19/01/2008|23:48] C:\ProgramData\Messenger Plus!
[11/02/2008|21:00] C:\ProgramData\Microsoft
[15/08/2008|13:01] C:\ProgramData\Microsoft Help
[15/12/2007|18:03] C:\ProgramData\ModŠles
[19/08/2008|13:40] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|15:02] C:\ProgramData\Start Menu
[10/08/2008|11:51] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[15/12/2007|18:09] C:\ProgramData\Toshiba
[15/12/2007|18:04] C:\ProgramData\ToshibaEurope
[10/07/2007|17:32] C:\ProgramData\Ulead Systems
[10/07/2007|17:25] C:\ProgramData\Vista64
[10/08/2008|10:36] C:\ProgramData\WLInstaller
[10/07/2007|17:25] C:\ProgramData\XP
[11/08/2008|12:25] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[18/05/2007|09:49] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[10/08/2008|10:51] C:\Program Files\Adobe
[29/01/2008|13:54] C:\Program Files\Apple Software Update
[15/12/2007|16:48] C:\Program Files\ATI
[15/12/2007|16:49] C:\Program Files\ATI Technologies
[29/01/2008|13:56] C:\Program Files\Bonjour
[15/12/2007|16:50] C:\Program Files\Camera Assistant Software for Toshiba
[12/08/2008|16:41] C:\Program Files\CCleaner
[15/08/2008|22:35] C:\Program Files\Circle Developement
[19/08/2008|14:26] C:\Program Files\Common Files
[13/07/2008|03:11] C:\Program Files\desktop.ini
[15/12/2007|18:03] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[17/08/2008|09:52] C:\Program Files\FileDeleter
[15/08/2008|13:01] C:\Program Files\Google
[18/04/2007|09:08] C:\Program Files\IDM
[14/08/2008|10:44] C:\Program Files\InstallShield Installation Information
[15/12/2007|18:08] C:\Program Files\Intel
[15/08/2008|13:01] C:\Program Files\Internet Explorer
[10/07/2007|17:33] C:\Program Files\InterVideo
[29/01/2008|13:58] C:\Program Files\iPod
[29/01/2008|13:58] C:\Program Files\iTunes
[18/04/2007|07:44] C:\Program Files\Java
[19/08/2008|14:28] C:\Program Files\Lavasoft
[15/03/2008|17:58] C:\Program Files\Lexmark 1200 Series
[12/06/2008|22:03] C:\Program Files\LimeWire
[12/06/2008|21:56] C:\Program Files\Logitech
[12/10/2007|01:49] C:\Program Files\ltmoh
[15/08/2008|22:35] C:\Program Files\Messenger Plus! Live
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[18/05/2007|09:47] C:\Program Files\Microsoft Office
[15/08/2008|13:01] C:\Program Files\Microsoft Works
[18/05/2007|09:47] C:\Program Files\Microsoft.NET
[02/11/2006|14:42] C:\Program Files\Movie Maker
[14/08/2008|13:54] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[15/08/2008|22:35] C:\Program Files\MSN Messenger
[10/07/2007|15:47] C:\Program Files\MSXML 4.0
[18/04/2007|08:14] C:\Program Files\My Company Name
[18/04/2007|09:08] C:\Program Files\myphotobook
[16/06/2008|21:41] C:\Program Files\Norton Internet Security
[19/01/2008|14:20] C:\Program Files\PhotoFiltre
[12/08/2008|18:07] C:\Program Files\Pop up Blocker
[29/01/2008|13:56] C:\Program Files\QuickTime
[12/10/2007|01:43] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[06/01/2008|01:18] C:\Program Files\Samsung
[15/08/2008|13:01] C:\Program Files\Spybot - Search & Destroy
[16/06/2008|21:40] C:\Program Files\Symantec
[15/12/2007|16:55] C:\Program Files\Synaptics
[14/08/2008|10:44] C:\Program Files\TOSHIBA
[19/08/2008|15:54] C:\Program Files\Trend Micro
[10/07/2007|17:30] C:\Program Files\Ulead Systems
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[17/12/2007|04:15] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[10/07/2007|16:44] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[12/08/2008|16:37] C:\Program Files\Windows Live
[15/08/2008|13:01] C:\Program Files\Windows Mail
[18/04/2007|08:46] C:\Program Files\Windows Media Components
[17/12/2007|04:15] C:\Program Files\Windows Media Player
[15/12/2007|18:03] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[10/01/2008|04:10] C:\Program Files\Windows Sidebar
[10/08/2008|11:59] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[10/08/2008|10:52] C:\Program Files\Common Files\Adobe
[29/01/2008|13:53] C:\Program Files\Common Files\Apple
[18/05/2007|09:47] C:\Program Files\Common Files\DESIGNER
[18/04/2007|08:47] C:\Program Files\Common Files\InstallShield
[18/04/2007|07:44] C:\Program Files\Common Files\Java
[12/06/2008|22:00] C:\Program Files\Common Files\Logitech
[11/08/2008|12:31] C:\Program Files\Common Files\microsoft shared
[11/01/2008|21:19] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[15/08/2008|13:01] C:\Program Files\Common Files\ST System Shared
[06/01/2008|01:17] C:\Program Files\Common Files\SWF Studio
[15/08/2008|13:01] C:\Program Files\Common Files\Symantec Shared
[12/10/2007|00:12] C:\Program Files\Common Files\System
[15/12/2007|18:11] C:\Program Files\Common Files\Toshiba Shared
[10/07/2007|17:33] C:\Program Files\Common Files\Ulead Systems
[10/08/2008|11:28] C:\Program Files\Common Files\WindowsLiveInstaller
[19/08/2008|14:26] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 79 Processus )

iexplore.exe ~ [PID:5376] ~ [Threads:5]
iexplore.exe ~ [PID:5388] ~ [Threads:8]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\ITCH BOOK BOOK.io1ie
C:\ProgramData\meal for build.tzm1df
C:\ProgramData\ITCH BOOK BOOK.1f71hw8
C:\ProgramData\ITCH BOOK BOOK.c3z0xtp
C:\ProgramData\ITCH BOOK BOOK.hzvgsjj
C:\ProgramData\ITCH BOOK BOOK.i0hxxm0

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Each New Axis Love
C:\ProgramData\Each New Axis Love\Locks Ace.exe
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\Users\sauvane\AppData\Roaming\MICROS~1\Windows\Cookies\sauvane@adopt.euroclick[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternetJoy"="\"C:\\ProgramData\\ITCH BOOK BOOK.i0hxxm0\""
"axis love poll lite"="\"C:\\ProgramData\\meal for build.tzm1df\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 16:08:14
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 73

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:7][D:7]-> C:\Users\sauvane\AppData\Local\Temp
[F:20][D:1]-> C:\Users\sauvane\AppData\Roaming\MICROS~1\Windows\Cookies
[F:8][D:4]-> C:\Users\sauvane\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:18][D:14]-> C:\$Recycle.Bin

--------------------\\ Fin du rapport a 16:10:00
[ UAC => 1 ]
Messages postés
51549
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
1 mai 2020
5 013
ok relance lop sd et choisi l'option 2 et colles le rapport
______________

recolles un nouveau hijackhtis
et dis si tu as encore des problemes et expliques
Messages postés
55
Date d'inscription
vendredi 15 août 2008
Statut
Membre
Dernière intervention
10 juin 2011
2
Voilà le rapport Lop :

--------------------\\ Lop S&D 4.2.3-1 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
Ver 1.00PARTTBL
BOOT : Normal boot

"C:\Lop SD" ( MAJ : 19-08-2008|02:08 )
Option : [2] ( 19/08/2008|16:59 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Echec ! - C:\ProgramData\Each New Axis Love\Locks Ace.exe
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\Users\sauvane\AppData\Roaming\MICROS~1\Windows\Cookies\sauvane@adopt.euroclick[2].txt
Supprime! - C:\ProgramData\ITCH BOOK BOOK.io1ie
Supprime! - C:\ProgramData\meal for build.tzm1df
Supprime! - C:\ProgramData\ITCH BOOK BOOK.1f71hw8
Supprime! - C:\ProgramData\ITCH BOOK BOOK.c3z0xtp
Supprime! - C:\ProgramData\ITCH BOOK BOOK.hzvgsjj
Supprime! - C:\ProgramData\ITCH BOOK BOOK.i0hxxm0
Echec ! - C:\ProgramData\Each New Axis Love
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE

Echec ! - C:\ProgramData\Each New Axis Love\Locks Ace.exe
Echec ! - C:\ProgramData\Each New Axis Love

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[19/08/2008|12:29] C:\Users\sauvane\AppData\Local\Adobe
[29/01/2008|13:54] C:\Users\sauvane\AppData\Local\Apple
[29/01/2008|14:20] C:\Users\sauvane\AppData\Local\Apple Computer
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\Application Data
[15/12/2007|18:12] C:\Users\sauvane\AppData\Local\ATI
[21/06/2008|21:35] C:\Users\sauvane\AppData\Local\d3d9caps.dat
[19/08/2008|16:30] C:\Users\sauvane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\GDIPFONTCACHEV1.DAT
[22/01/2008|15:16] C:\Users\sauvane\AppData\Local\Google
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\Historique
[19/08/2008|15:38] C:\Users\sauvane\AppData\Local\IconCache.db
[14/08/2008|10:42] C:\Users\sauvane\AppData\Local\Microsoft
[01/06/2008|17:18] C:\Users\sauvane\AppData\Local\Microsoft Games
[12/08/2008|17:20] C:\Users\sauvane\AppData\Local\Mozilla
[19/08/2008|16:59] C:\Users\sauvane\AppData\Local\Temp
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\Temporary Internet Files
[15/12/2007|18:12] C:\Users\sauvane\AppData\Local\Toshiba
[11/01/2008|23:46] C:\Users\sauvane\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[18/08/2008 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - sauvane.job
[19/08/2008 15:41][--ah-----] C:\Windows\tasks\SA.DAT
[19/08/2008 15:39][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[18/05/2007|09:49] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[10/08/2008|10:53] C:\ProgramData\Adobe
[29/01/2008|13:53] C:\ProgramData\Apple
[29/01/2008|13:58] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[15/12/2007|18:12] C:\ProgramData\ATI
[15/08/2008|22:37] C:\ProgramData\body meow bolt
[15/12/2007|18:03] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[15/08/2008|22:37] C:\ProgramData\each new axis love
[15/12/2007|18:03] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[22/01/2008|15:13] C:\ProgramData\Google
[19/08/2008|14:31] C:\ProgramData\Lavasoft
[12/06/2008|21:56] C:\ProgramData\Logitech
[15/12/2007|18:03] C:\ProgramData\Menu D‚marrer
[19/01/2008|23:48] C:\ProgramData\Messenger Plus!
[11/02/2008|21:00] C:\ProgramData\Microsoft
[15/08/2008|13:01] C:\ProgramData\Microsoft Help
[15/12/2007|18:03] C:\ProgramData\ModŠles
[19/08/2008|13:40] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|15:02] C:\ProgramData\Start Menu
[10/08/2008|11:51] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[15/12/2007|18:09] C:\ProgramData\Toshiba
[15/12/2007|18:04] C:\ProgramData\ToshibaEurope
[10/07/2007|17:32] C:\ProgramData\Ulead Systems
[10/07/2007|17:25] C:\ProgramData\Vista64
[10/08/2008|10:36] C:\ProgramData\WLInstaller
[10/07/2007|17:25] C:\ProgramData\XP
[11/08/2008|12:25] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[18/05/2007|09:49] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[10/08/2008|10:51] C:\Program Files\Adobe
[29/01/2008|13:54] C:\Program Files\Apple Software Update
[15/12/2007|16:48] C:\Program Files\ATI
[15/12/2007|16:49] C:\Program Files\ATI Technologies
[29/01/2008|13:56] C:\Program Files\Bonjour
[15/12/2007|16:50] C:\Program Files\Camera Assistant Software for Toshiba
[12/08/2008|16:41] C:\Program Files\CCleaner
[19/08/2008|14:26] C:\Program Files\Common Files
[13/07/2008|03:11] C:\Program Files\desktop.ini
[15/12/2007|18:03] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[17/08/2008|09:52] C:\Program Files\FileDeleter
[15/08/2008|13:01] C:\Program Files\Google
[18/04/2007|09:08] C:\Program Files\IDM
[14/08/2008|10:44] C:\Program Files\InstallShield Installation Information
[15/12/2007|18:08] C:\Program Files\Intel
[15/08/2008|13:01] C:\Program Files\Internet Explorer
[10/07/2007|17:33] C:\Program Files\InterVideo
[29/01/2008|13:58] C:\Program Files\iPod
[29/01/2008|13:58] C:\Program Files\iTunes
[18/04/2007|07:44] C:\Program Files\Java
[19/08/2008|14:28] C:\Program Files\Lavasoft
[15/03/2008|17:58] C:\Program Files\Lexmark 1200 Series
[12/06/2008|22:03] C:\Program Files\LimeWire
[12/06/2008|21:56] C:\Program Files\Logitech
[12/10/2007|01:49] C:\Program Files\ltmoh
[15/08/2008|22:35] C:\Program Files\Messenger Plus! Live
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[18/05/2007|09:47] C:\Program Files\Microsoft Office
[15/08/2008|13:01] C:\Program Files\Microsoft Works
[18/05/2007|09:47] C:\Program Files\Microsoft.NET
[02/11/2006|14:42] C:\Program Files\Movie Maker
[14/08/2008|13:54] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[15/08/2008|22:35] C:\Program Files\MSN Messenger
[10/07/2007|15:47] C:\Program Files\MSXML 4.0
[18/04/2007|08:14] C:\Program Files\My Company Name
[18/04/2007|09:08] C:\Program Files\myphotobook
[16/06/2008|21:41] C:\Program Files\Norton Internet Security
[19/01/2008|14:20] C:\Program Files\PhotoFiltre
[12/08/2008|18:07] C:\Program Files\Pop up Blocker
[29/01/2008|13:56] C:\Program Files\QuickTime
[12/10/2007|01:43] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[06/01/2008|01:18] C:\Program Files\Samsung
[15/08/2008|13:01] C:\Program Files\Spybot - Search & Destroy
[16/06/2008|21:40] C:\Program Files\Symantec
[15/12/2007|16:55] C:\Program Files\Synaptics
[14/08/2008|10:44] C:\Program Files\TOSHIBA
[19/08/2008|15:54] C:\Program Files\Trend Micro
[10/07/2007|17:30] C:\Program Files\Ulead Systems
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[17/12/2007|04:15] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[10/07/2007|16:44] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[12/08/2008|16:37] C:\Program Files\Windows Live
[15/08/2008|13:01] C:\Program Files\Windows Mail
[18/04/2007|08:46] C:\Program Files\Windows Media Components
[17/12/2007|04:15] C:\Program Files\Windows Media Player
[15/12/2007|18:03] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[10/01/2008|04:10] C:\Program Files\Windows Sidebar
[10/08/2008|11:59] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[10/08/2008|10:52] C:\Program Files\Common Files\Adobe
[29/01/2008|13:53] C:\Program Files\Common Files\Apple
[18/05/2007|09:47] C:\Program Files\Common Files\DESIGNER
[18/04/2007|08:47] C:\Program Files\Common Files\InstallShield
[18/04/2007|07:44] C:\Program Files\Common Files\Java
[12/06/2008|22:00] C:\Program Files\Common Files\Logitech
[11/08/2008|12:31] C:\Program Files\Common Files\microsoft shared
[11/01/2008|21:19] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[15/08/2008|13:01] C:\Program Files\Common Files\ST System Shared
[06/01/2008|01:17] C:\Program Files\Common Files\SWF Studio
[15/08/2008|13:01] C:\Program Files\Common Files\Symantec Shared
[12/10/2007|00:12] C:\Program Files\Common Files\System
[15/12/2007|18:11] C:\Program Files\Common Files\Toshiba Shared
[10/07/2007|17:33] C:\Program Files\Common Files\Ulead Systems
[10/08/2008|11:28] C:\Program Files\Common Files\WindowsLiveInstaller
[19/08/2008|14:26] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 78 Processus )

iexplore.exe ~ [PID:24544] ~ [Threads:4]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Each New Axis Love
C:\ProgramData\Each New Axis Love\Locks Ace.exe

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 17:00:14
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 73

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:7][D:7]-> C:\Users\sauvane\AppData\Local\Temp
[F:25][D:1]-> C:\Users\sauvane\AppData\Roaming\MICROS~1\Windows\Cookies
[F:22][D:4]-> C:\Users\sauvane\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:20][D:14]-> C:\$Recycle.Bin

--------------------\\ Fin du rapport a 17:02:23
[ UAC => 1 ]

Et le rapport Highjack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03:47, on 19/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Pop up Blocker\pd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3470224691-3631093681-4139023912-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Invité')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PD - {716B24E2-12B2-48FB-A342-5015B31939BE} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Messages postés
51549
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
1 mai 2020
5 013
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


C:\ProgramData\Each New Axis Love
C:\ProgramData\Each New Axis Love\Locks Ace.exe


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

________________

ad aware est dépassé remplace le par malwarebyte en complment de spybot:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Messages postés
55
Date d'inscription
vendredi 15 août 2008
Statut
Membre
Dernière intervention
10 juin 2011
2
Bon voici le rapport :

Folder move failed. C:\ProgramData\Each New Axis Love scheduled to be moved on reboot.
File move failed. C:\ProgramData\Each New Axis Love\Locks Ace.exe scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08192008_172257

J'ai aussi redémarré mais je n'aime pas voir le mot "failed" dans un rapport. Un problème ?

Sinon, j'ai installé Malwarebytes sur ton conseil.
Messages postés
51549
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
1 mai 2020
5 013
refais otmovit pour voir si il les trouve encore
Messages postés
51549
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
1 mai 2020
5 013
non il faut le faire car c'est le mieux pour comprendre ton probleme , car ton pc doit etre infécté
Messages postés
55
Date d'inscription
vendredi 15 août 2008
Statut
Membre
Dernière intervention
10 juin 2011
2
Apparemment, ça ne marche toujours pas pourtant je suis tes instructions à la lettre. Voilà le rapport :

Folder move failed. C:\ProgramData\Each New Axis Love scheduled to be moved on reboot.
File move failed. C:\ProgramData\Each New Axis Love\Locks Ace.exe scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08192008_174637

Files moved on Reboot...
Folder move failed. C:\ProgramData\Each New Axis Love scheduled to be moved on reboot.
File move failed. C:\ProgramData\Each New Axis Love\Locks Ace.exe scheduled to be moved on reboot.
Messages postés
55
Date d'inscription
vendredi 15 août 2008
Statut
Membre
Dernière intervention
10 juin 2011
2
PS Internet Explorer continue d'ouvrir des fenêtres intempestives.
Messages postés
51549
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
1 mai 2020
5 013
désactive le compte utilisateur et le tea timer de spybot (mode puis mode avancé puis outils puis resident)


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

_________

puis refais lop sd et colle le rapport avec l'option 2
Messages postés
55
Date d'inscription
vendredi 15 août 2008
Statut
Membre
Dernière intervention
10 juin 2011
2
Voilou :


--------------------\\ Lop S&D 4.2.3-1 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
Ver 1.00PARTTBL
BOOT : Normal boot

"C:\Lop SD" ( MAJ : 19-08-2008|02:08 )
Option : [2] ( 19/08/2008|18:50 )

[ UAC => 0 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\Each New Axis Love\Locks Ace.exe
Supprime! - C:\ProgramData\Each New Axis Love

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[19/08/2008|12:29] C:\Users\sauvane\AppData\Local\Adobe
[29/01/2008|13:54] C:\Users\sauvane\AppData\Local\Apple
[29/01/2008|14:20] C:\Users\sauvane\AppData\Local\Apple Computer
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\Application Data
[15/12/2007|18:12] C:\Users\sauvane\AppData\Local\ATI
[21/06/2008|21:35] C:\Users\sauvane\AppData\Local\d3d9caps.dat
[19/08/2008|16:30] C:\Users\sauvane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\GDIPFONTCACHEV1.DAT
[22/01/2008|15:16] C:\Users\sauvane\AppData\Local\Google
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\Historique
[19/08/2008|18:44] C:\Users\sauvane\AppData\Local\IconCache.db
[14/08/2008|10:42] C:\Users\sauvane\AppData\Local\Microsoft
[19/08/2008|18:02] C:\Users\sauvane\AppData\Local\Microsoft Games
[12/08/2008|17:20] C:\Users\sauvane\AppData\Local\Mozilla
[19/08/2008|18:50] C:\Users\sauvane\AppData\Local\Temp
[15/12/2007|18:04] C:\Users\sauvane\AppData\Local\Temporary Internet Files
[15/12/2007|18:12] C:\Users\sauvane\AppData\Local\Toshiba
[11/01/2008|23:46] C:\Users\sauvane\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[18/08/2008 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - sauvane.job
[19/08/2008 18:46][--ah-----] C:\Windows\tasks\SA.DAT
[19/08/2008 18:45][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[18/05/2007|09:49] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[10/08/2008|10:53] C:\ProgramData\Adobe
[29/01/2008|13:53] C:\ProgramData\Apple
[29/01/2008|13:58] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[15/12/2007|18:12] C:\ProgramData\ATI
[15/08/2008|22:37] C:\ProgramData\body meow bolt
[15/12/2007|18:03] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[15/12/2007|18:03] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[22/01/2008|15:13] C:\ProgramData\Google
[19/08/2008|17:21] C:\ProgramData\ITCH BOOK BOOK.r1lapry
[19/08/2008|14:31] C:\ProgramData\Lavasoft
[12/06/2008|21:56] C:\ProgramData\Logitech
[19/08/2008|17:32] C:\ProgramData\Malwarebytes
[15/12/2007|18:03] C:\ProgramData\Menu D‚marrer
[19/01/2008|23:48] C:\ProgramData\Messenger Plus!
[11/02/2008|21:00] C:\ProgramData\Microsoft
[15/08/2008|13:01] C:\ProgramData\Microsoft Help
[15/12/2007|18:03] C:\ProgramData\ModŠles
[19/08/2008|18:41] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|15:02] C:\ProgramData\Start Menu
[19/08/2008|17:04] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[15/12/2007|18:09] C:\ProgramData\Toshiba
[15/12/2007|18:04] C:\ProgramData\ToshibaEurope
[10/07/2007|17:32] C:\ProgramData\Ulead Systems
[10/07/2007|17:25] C:\ProgramData\Vista64
[10/08/2008|10:36] C:\ProgramData\WLInstaller
[10/07/2007|17:25] C:\ProgramData\XP
[11/08/2008|12:25] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[18/05/2007|09:49] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[10/08/2008|10:51] C:\Program Files\Adobe
[29/01/2008|13:54] C:\Program Files\Apple Software Update
[15/12/2007|16:48] C:\Program Files\ATI
[15/12/2007|16:49] C:\Program Files\ATI Technologies
[29/01/2008|13:56] C:\Program Files\Bonjour
[15/12/2007|16:50] C:\Program Files\Camera Assistant Software for Toshiba
[12/08/2008|16:41] C:\Program Files\CCleaner
[19/08/2008|17:31] C:\Program Files\Common Files
[13/07/2008|03:11] C:\Program Files\desktop.ini
[15/12/2007|18:03] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[17/08/2008|09:52] C:\Program Files\FileDeleter
[15/08/2008|13:01] C:\Program Files\Google
[18/04/2007|09:08] C:\Program Files\IDM
[14/08/2008|10:44] C:\Program Files\InstallShield Installation Information
[15/12/2007|18:08] C:\Program Files\Intel
[15/08/2008|13:01] C:\Program Files\Internet Explorer
[10/07/2007|17:33] C:\Program Files\InterVideo
[29/01/2008|13:58] C:\Program Files\iPod
[29/01/2008|13:58] C:\Program Files\iTunes
[18/04/2007|07:44] C:\Program Files\Java
[15/03/2008|17:58] C:\Program Files\Lexmark 1200 Series
[12/06/2008|22:03] C:\Program Files\LimeWire
[12/06/2008|21:56] C:\Program Files\Logitech
[12/10/2007|01:49] C:\Program Files\ltmoh
[19/08/2008|17:32] C:\Program Files\Malwarebytes' Anti-Malware
[15/08/2008|22:35] C:\Program Files\Messenger Plus! Live
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[18/05/2007|09:47] C:\Program Files\Microsoft Office
[15/08/2008|13:01] C:\Program Files\Microsoft Works
[18/05/2007|09:47] C:\Program Files\Microsoft.NET
[02/11/2006|14:42] C:\Program Files\Movie Maker
[19/08/2008|18:47] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[15/08/2008|22:35] C:\Program Files\MSN Messenger
[10/07/2007|15:47] C:\Program Files\MSXML 4.0
[18/04/2007|08:14] C:\Program Files\My Company Name
[18/04/2007|09:08] C:\Program Files\myphotobook
[16/06/2008|21:41] C:\Program Files\Norton Internet Security
[19/01/2008|14:20] C:\Program Files\PhotoFiltre
[12/08/2008|18:07] C:\Program Files\Pop up Blocker
[29/01/2008|13:56] C:\Program Files\QuickTime
[12/10/2007|01:43] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[06/01/2008|01:18] C:\Program Files\Samsung
[15/08/2008|13:01] C:\Program Files\Spybot - Search & Destroy
[16/06/2008|21:40] C:\Program Files\Symantec
[15/12/2007|16:55] C:\Program Files\Synaptics
[14/08/2008|10:44] C:\Program Files\TOSHIBA
[19/08/2008|15:54] C:\Program Files\Trend Micro
[10/07/2007|17:30] C:\Program Files\Ulead Systems
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[17/12/2007|04:15] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[10/07/2007|16:44] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[12/08/2008|16:37] C:\Program Files\Windows Live
[15/08/2008|13:01] C:\Program Files\Windows Mail
[18/04/2007|08:46] C:\Program Files\Windows Media Components
[17/12/2007|04:15] C:\Program Files\Windows Media Player
[15/12/2007|18:03] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[10/01/2008|04:10] C:\Program Files\Windows Sidebar
[10/08/2008|11:59] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[10/08/2008|10:52] C:\Program Files\Common Files\Adobe
[29/01/2008|13:53] C:\Program Files\Common Files\Apple
[18/05/2007|09:47] C:\Program Files\Common Files\DESIGNER
[18/04/2007|08:47] C:\Program Files\Common Files\InstallShield
[18/04/2007|07:44] C:\Program Files\Common Files\Java
[12/06/2008|22:00] C:\Program Files\Common Files\Logitech
[11/08/2008|12:31] C:\Program Files\Common Files\microsoft shared
[11/01/2008|21:19] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[15/08/2008|13:01] C:\Program Files\Common Files\ST System Shared
[06/01/2008|01:17] C:\Program Files\Common Files\SWF Studio
[15/08/2008|13:01] C:\Program Files\Common Files\Symantec Shared
[12/10/2007|00:12] C:\Program Files\Common Files\System
[15/12/2007|18:11] C:\Program Files\Common Files\Toshiba Shared
[10/07/2007|17:33] C:\Program Files\Common Files\Ulead Systems
[10/08/2008|11:28] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 65 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

C:\ProgramData\ITCH BOOK BOOK.r1lapry

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\sauvane\AppData\Roaming\MICROS~1\Windows\Cookies\sauvane@adopt.euroclick[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 18:51:21
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 73

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:13][D:8]-> C:\Users\sauvane\AppData\Local\Temp
[F:22][D:1]-> C:\Users\sauvane\AppData\Roaming\MICROS~1\Windows\Cookies
[F:13][D:5]-> C:\Users\sauvane\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:18][D:14]-> C:\$Recycle.Bin

--------------------\\ Fin du rapport a 18:53:17
[ UAC => 1 ]
Messages postés
51549
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
1 mai 2020
5 013
ok c'est bon cela a été viré
recolles un hijackhtis et dis tes soucis actuels
Messages postés
55
Date d'inscription
vendredi 15 août 2008
Statut
Membre
Dernière intervention
10 juin 2011
2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:15, on 19/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Pop up Blocker\pd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PD - {716B24E2-12B2-48FB-A342-5015B31939BE} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Messages postés
51549
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
1 mai 2020
5 013
Est que je dois réactiver les paramètres administrateur et Spybot ? Sinon, tout roule.

OUI REACTIVE


bonne suite (vire lop sd de ton ordi)
Messages postés
55
Date d'inscription
vendredi 15 août 2008
Statut
Membre
Dernière intervention
10 juin 2011
2
Champion jlpjlp,

A priori tout va bien, je vais rester connectée pour voir si ce foutu IE revient à la charge, on ne sait jamais. Grand merci.
Messages postés
51549
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
1 mai 2020
5 013
ok si pb tu diras