Sujet Précédent Sujet Suivant

Infeté par trojan downloader

Résolu/Fermé
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 - 28 sept. 2008 à 14:03
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 28 sept. 2008 à 17:00
slt, mon ordi est infecté par trojan downloader.Small.Buy et par Trojan.Generic. Comment porrais-je les supprimer?
A voir également:

15 réponses

Réponse 1 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 14:04
Salut !!

Fais un rapport hijackthis pour que je puisse vérifier les infections de ton pc stp

▶ Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

https://www.androidworld.fr/


Comment copier/coller le rapport :


Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

Une explication des raccourcis clavier sont illustrés sur mon site web à cette adresse :

https://www.androidworld.fr/
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 14:09
J'ai fait comme tu m'as dit et voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:41, on 28/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\system32\schtasks.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\System32\mobsync.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Users\pcs\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [L07FXLRD_3199861] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Outil de notification Live Search.lnk = pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
-1
Réponse 2 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 14:16
je ne vois pas d infections dans ton rapport mais fais quand meme cice stp :

▶ Télécharger malwarebytes

▶ Voici un tuto pour bien l installer et bien l utiliser :

https://www.androidworld.fr/

aide toi bien du tuto pour supprimer correctement ce qu il aura trouvé


Après l analyse, redémarrer le pc et poste le rapport !!
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 14:31
slt, j'ai pas eu besoin de télécharger malwarebytes parce que je l'ai déjà. Mais en l'exécutant l'ordi a redémarré sans que j'intervienne et on m'a signalé qu'il y a eu un problème. En fait cela se passe toujours , mais moi j'ai l'habitude d'exécuter malwarebytes au mode sans échec. Merci pour tes conseils.
-1
Réponse 3 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 14:34
ok :s

▶ Télécharger et enregistrer lopSD sur le Bureau

(C est le numéro 4 en bas de la page)

▶ Double-clic Lop S&D

▶ Faire l'installation

▶ Fermer toutes les applications

▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

▶ Taper F pour français , puis presser entrée

▶ Taper 1

▶ Presser Entrée

▶ Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

▶ Attendre l'apparition du rapport
▶ Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 14:42
voici le rapport:


--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : BIOS Date: 12/05/07 11:10:18 Ver: 5.11
USER : pcs ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080927-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 455 Go Free : 357 Go
D:\ (Local Disk) - NTFS - Total : 10 Go Free : 1 Go
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( 28/09/2008|14:39 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[23/04/2008|20:17] C:\Users\pcs\AppData\Local\Adobe
[08/02/2008|14:01] C:\Users\pcs\AppData\Local\AOL
[15/04/2008|09:28] C:\Users\pcs\AppData\Local\Apple
[15/04/2008|09:29] C:\Users\pcs\AppData\Local\Apple Computer
[07/02/2008|18:08] C:\Users\pcs\AppData\Local\Application Data
[07/02/2008|18:11] C:\Users\pcs\AppData\Local\ATI
[23/09/2008|13:52] C:\Users\pcs\AppData\Local\d3d9caps.dat
[07/09/2008|14:46] C:\Users\pcs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[27/09/2008|17:49] C:\Users\pcs\AppData\Local\GDIPFONTCACHEV1.DAT
[05/05/2008|11:40] C:\Users\pcs\AppData\Local\Google
[07/02/2008|18:12] C:\Users\pcs\AppData\Local\Hewlett-Packard
[07/02/2008|18:08] C:\Users\pcs\AppData\Local\Historique
[28/09/2008|13:33] C:\Users\pcs\AppData\Local\IconCache.db
[29/03/2008|12:23] C:\Users\pcs\AppData\Local\Microsoft
[11/07/2008|20:19] C:\Users\pcs\AppData\Local\Microsoft Games
[18/09/2008|22:42] C:\Users\pcs\AppData\Local\Microsoft Help
[31/03/2008|19:08] C:\Users\pcs\AppData\Local\Mozilla
[28/09/2008|12:37] C:\Users\pcs\AppData\Local\Opera
[28/09/2008|14:38] C:\Users\pcs\AppData\Local\Temp
[07/02/2008|18:08] C:\Users\pcs\AppData\Local\Temporary Internet Files
[08/02/2008|18:30] C:\Users\pcs\AppData\Local\VirtualStore
[27/03/2008|21:21] C:\Users\pcs\AppData\Local\Windows Live Writer

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[28/09/2008 10:20][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{B800AB31-B5E8-436B-A0E7-AE441ECCC9FF}.job
[28/09/2008 14:25][--ah-----] C:\Windows\tasks\SA.DAT
[28/09/2008 13:33][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[23/04/2008|20:15] C:\ProgramData\Adobe
[15/04/2008|09:28] C:\ProgramData\Apple
[02/11/2006|15:02] C:\ProgramData\Application Data
[27/02/2008|18:55] C:\ProgramData\Arcade Lab
[13/12/2007|18:52] C:\ProgramData\ATI
[13/06/2008|06:24] C:\ProgramData\BM2dc989b0.txt
[15/06/2008|13:33] C:\ProgramData\BM2dc989b0.xml
[07/02/2008|18:04] C:\ProgramData\Bureau
[08/02/2008|15:37] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[07/02/2008|18:04] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[25/09/2008|14:04] C:\ProgramData\GameHouse
[27/09/2008|18:04] C:\ProgramData\Google Updater
[07/02/2008|18:12] C:\ProgramData\Hewlett-Packard
[13/12/2007|18:53] C:\ProgramData\HP
[13/12/2007|18:53] C:\ProgramData\hpzinstall.log
[10/02/2008|21:19] C:\ProgramData\InterAction studios
[18/05/2008|12:43] C:\ProgramData\Kaspersky Lab
[07/02/2008|18:22] C:\ProgramData\Kaspersky Lab Setup Files
[15/06/2008|13:56] C:\ProgramData\Lavasoft
[07/02/2008|18:13] C:\ProgramData\LuUninstall.LiveUpdate
[15/06/2008|16:55] C:\ProgramData\Malwarebytes
[07/02/2008|18:04] C:\ProgramData\Menu D‚marrer
[12/06/2008|16:08] C:\ProgramData\Microsoft
[11/09/2008|13:04] C:\ProgramData\Microsoft Help
[07/02/2008|18:04] C:\ProgramData\ModŠles
[13/12/2007|18:59] C:\ProgramData\muvee Technologies
[12/02/2008|18:31] C:\ProgramData\PlayFirst
[15/06/2008|13:05] C:\ProgramData\pskt.ini
[17/06/2008|16:35] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|15:02] C:\ProgramData\Start Menu
[18/08/2008|16:44] C:\ProgramData\SweetIM
[07/02/2008|18:18] C:\ProgramData\Symantec
[28/09/2008|14:25] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[25/09/2008|14:04] C:\ProgramData\Trymedia
[08/02/2008|18:18] C:\ProgramData\UDL
[17/06/2008|16:46] C:\ProgramData\WildTangent
[29/03/2008|11:40] C:\ProgramData\WLInstaller
[01/04/2008|17:28] C:\ProgramData\Yahoo!
[02/04/2008|15:57] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[16/03/2008|14:26] C:\Program Files\.castanet
[16/03/2008|14:25] C:\Program Files\3DSetup
[25/03/2008|20:15] C:\Program Files\3ivx
[27/09/2008|12:19] C:\Program Files\Adobe
[30/04/2008|23:06] C:\Program Files\Alwil Software
[25/03/2008|20:17] C:\Program Files\AngelPotion Video Codec V1
[07/02/2008|18:08] C:\Program Files\AOL
[15/05/2008|13:37] C:\Program Files\Apple Software Update
[17/06/2008|17:46] C:\Program Files\a-squared Free
[13/12/2007|18:48] C:\Program Files\ATI
[13/12/2007|18:49] C:\Program Files\ATI Technologies
[27/09/2008|17:35] C:\Program Files\Bandoo
[16/06/2008|16:33] C:\Program Files\BitDefender
[15/04/2008|09:28] C:\Program Files\Bonjour
[28/09/2008|13:32] C:\Program Files\BoontyGames
[27/09/2008|17:37] C:\Program Files\Common Files
[22/02/2008|13:21] C:\Program Files\CONEXANT
[10/06/2008|14:37] C:\Program Files\Core Design
[27/09/2008|17:53] C:\Program Files\CyberLink
[16/03/2008|14:25] C:\Program Files\data
[27/03/2008|23:12] C:\Program Files\directx
[27/09/2008|17:53] C:\Program Files\DivX
[14/12/2007|02:41] C:\Program Files\EasyBits
[08/02/2008|18:14] C:\Program Files\EPSON
[07/02/2008|18:04] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[22/08/2008|16:01] C:\Program Files\Fizzy
[18/06/2008|15:40] C:\Program Files\Franson
[30/03/2008|16:03] C:\Program Files\Google
[25/03/2008|20:16] C:\Program Files\GSpot
[22/08/2008|16:09] C:\Program Files\Hawaiian Runner
[13/12/2007|19:06] C:\Program Files\Hewlett-Packard
[13/12/2007|19:01] C:\Program Files\HP
[17/06/2008|16:50] C:\Program Files\HP Games
[27/09/2008|17:54] C:\Program Files\InstallShield Installation Information
[13/12/2007|18:48] C:\Program Files\Intel
[19/08/2008|12:32] C:\Program Files\Internet Explorer
[13/12/2007|19:01] C:\Program Files\Java
[01/07/2008|18:34] C:\Program Files\KONAMI
[01/05/2008|18:17] C:\Program Files\Learning Essentials
[17/06/2008|14:59] C:\Program Files\Malwarebytes' Anti-Malware
[25/03/2008|20:20] C:\Program Files\Matroska Pack
[30/03/2008|16:35] C:\Program Files\MegauploadToolbar
[01/05/2008|18:22] C:\Program Files\Microsoft Etudes
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[07/02/2008|18:30] C:\Program Files\Microsoft Office
[07/02/2008|18:30] C:\Program Files\Microsoft Visual Studio
[07/02/2008|18:27] C:\Program Files\Microsoft Visual Studio 8
[07/02/2008|18:30] C:\Program Files\Microsoft Works
[07/02/2008|18:29] C:\Program Files\Microsoft.NET
[16/03/2008|14:25] C:\Program Files\mmskin
[14/12/2007|02:53] C:\Program Files\Movie Maker
[25/09/2008|15:36] C:\Program Files\Mozilla Firefox
[07/02/2008|18:30] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[28/09/2008|13:06] C:\Program Files\MSN Games
[17/06/2008|22:16] C:\Program Files\Namco
[28/09/2008|13:33] C:\Program Files\Opera
[27/04/2008|13:25] C:\Program Files\PC Camera
[25/03/2008|20:18] C:\Program Files\Pinnacle
[27/03/2008|18:51] C:\Program Files\PopCap Games
[11/02/2008|20:58] C:\Program Files\Portrait Displays
[22/06/2008|16:33] C:\Program Files\Real
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[15/04/2008|09:29] C:\Program Files\Safari
[13/12/2007|19:10] C:\Program Files\Services en ligne
[17/06/2008|17:46] C:\Program Files\Spybot - Search & Destroy
[26/09/2008|17:07] C:\Program Files\Spyware Doctor
[16/03/2008|14:26] C:\Program Files\Support
[18/08/2008|16:44] C:\Program Files\SweetIM
[17/06/2008|16:36] C:\Program Files\Telltale Games
[16/03/2008|14:25] C:\Program Files\thrash
[01/06/2008|13:27] C:\Program Files\Uniblue
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[16/03/2008|14:25] C:\Program Files\user
[14/12/2007|03:16] C:\Program Files\Windows Calendar
[14/12/2007|02:53] C:\Program Files\Windows Collaboration
[14/12/2007|03:00] C:\Program Files\Windows Defender
[14/12/2007|02:53] C:\Program Files\Windows Journal
[29/03/2008|12:09] C:\Program Files\Windows Live
[19/08/2008|12:32] C:\Program Files\Windows Mail
[25/03/2008|20:19] C:\Program Files\Windows Media Components
[14/12/2007|03:23] C:\Program Files\Windows Media Player
[07/02/2008|18:04] C:\Program Files\Windows NT
[14/12/2007|02:53] C:\Program Files\Windows Photo Gallery
[22/02/2008|20:14] C:\Program Files\Windows Sidebar
[25/03/2008|20:18] C:\Program Files\XviD
[01/04/2008|17:22] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[23/04/2008|20:16] C:\Program Files\Common Files\Adobe
[16/06/2008|15:44] C:\Program Files\Common Files\BitDefender
[07/02/2008|18:30] C:\Program Files\Common Files\DESIGNER
[13/12/2007|18:53] C:\Program Files\Common Files\HP
[08/02/2008|18:21] C:\Program Files\Common Files\InstallShield
[13/12/2007|19:01] C:\Program Files\Common Files\Java
[13/12/2007|18:59] C:\Program Files\Common Files\LightScribe
[13/12/2007|18:59] C:\Program Files\Common Files\LS Getting Started
[23/08/2008|11:11] C:\Program Files\Common Files\microsoft shared
[11/02/2008|20:59] C:\Program Files\Common Files\Portrait Displays
[22/06/2008|16:34] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[07/02/2008|18:37] C:\Program Files\Common Files\Symantec Shared
[07/02/2008|18:27] C:\Program Files\Common Files\System
[27/03/2008|19:28] C:\Program Files\Common Files\WindowsLiveInstaller
[22/06/2008|16:34] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 80 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\pcs\AppData\Local\Temp\nsrE87E.tmp
C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies\pcs@advertising[1].txt
C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies\pcs@adopt.euroclick[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 14:39:28
Windows 6.0.6000 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:1266][D:60]-> C:\Users\pcs\AppData\Local\Temp
[F:167][D:1]-> C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies
[F:736][D:6]-> C:\Users\pcs\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:11][D:5]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 28/09/2008|14:41 - Option : [1]

--------------------\\ Fin du rapport a 14:41:38
[ UAC => 1 ]
-1
Réponse 4 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 14:48
ok maintenant :

▶ Relance Lop S&D

▶ Choisis cette fois-ci l'option 2 (Suppression)

▶ Ne ferme pas la fenêtre lors de la suppression !

▶ Poste le rapport généré (C:\lopR.txt)

* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)


ensuite :


▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.




▶ Télécharge Combofix de sUBs

(c est le numéro 5 en bas de la page)

▶ et enregistre le sur le Bureau.


▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


ensuite envois le rapport et refais un nouveau rapport hijackthis stp
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 15:05
voici le 1er rapport:


--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : BIOS Date: 12/05/07 11:10:18 Ver: 5.11
USER : pcs ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080927-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 455 Go Free : 357 Go
D:\ (Local Disk) - NTFS - Total : 10 Go Free : 1 Go
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [2] ( 28/09/2008|14:52 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\pcs\AppData\Local\Temp\nsrE87E.tmp
Supprime! - C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies\pcs@advertising[1].txt
Supprime! - C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies\pcs@adopt.euroclick[1].txt
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[23/04/2008|20:17] C:\Users\pcs\AppData\Local\Adobe
[08/02/2008|14:01] C:\Users\pcs\AppData\Local\AOL
[15/04/2008|09:28] C:\Users\pcs\AppData\Local\Apple
[15/04/2008|09:29] C:\Users\pcs\AppData\Local\Apple Computer
[07/02/2008|18:08] C:\Users\pcs\AppData\Local\Application Data
[07/02/2008|18:11] C:\Users\pcs\AppData\Local\ATI
[23/09/2008|13:52] C:\Users\pcs\AppData\Local\d3d9caps.dat
[07/09/2008|14:46] C:\Users\pcs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[27/09/2008|17:49] C:\Users\pcs\AppData\Local\GDIPFONTCACHEV1.DAT
[05/05/2008|11:40] C:\Users\pcs\AppData\Local\Google
[07/02/2008|18:12] C:\Users\pcs\AppData\Local\Hewlett-Packard
[07/02/2008|18:08] C:\Users\pcs\AppData\Local\Historique
[28/09/2008|13:33] C:\Users\pcs\AppData\Local\IconCache.db
[29/03/2008|12:23] C:\Users\pcs\AppData\Local\Microsoft
[11/07/2008|20:19] C:\Users\pcs\AppData\Local\Microsoft Games
[18/09/2008|22:42] C:\Users\pcs\AppData\Local\Microsoft Help
[31/03/2008|19:08] C:\Users\pcs\AppData\Local\Mozilla
[28/09/2008|12:37] C:\Users\pcs\AppData\Local\Opera
[28/09/2008|14:52] C:\Users\pcs\AppData\Local\Temp
[07/02/2008|18:08] C:\Users\pcs\AppData\Local\Temporary Internet Files
[08/02/2008|18:30] C:\Users\pcs\AppData\Local\VirtualStore
[27/03/2008|21:21] C:\Users\pcs\AppData\Local\Windows Live Writer

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[28/09/2008 10:20][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{B800AB31-B5E8-436B-A0E7-AE441ECCC9FF}.job
[28/09/2008 14:25][--ah-----] C:\Windows\tasks\SA.DAT
[28/09/2008 13:33][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[23/04/2008|20:15] C:\ProgramData\Adobe
[15/04/2008|09:28] C:\ProgramData\Apple
[02/11/2006|15:02] C:\ProgramData\Application Data
[27/02/2008|18:55] C:\ProgramData\Arcade Lab
[13/12/2007|18:52] C:\ProgramData\ATI
[13/06/2008|06:24] C:\ProgramData\BM2dc989b0.txt
[15/06/2008|13:33] C:\ProgramData\BM2dc989b0.xml
[07/02/2008|18:04] C:\ProgramData\Bureau
[08/02/2008|15:37] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[07/02/2008|18:04] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[25/09/2008|14:04] C:\ProgramData\GameHouse
[27/09/2008|18:04] C:\ProgramData\Google Updater
[07/02/2008|18:12] C:\ProgramData\Hewlett-Packard
[13/12/2007|18:53] C:\ProgramData\HP
[13/12/2007|18:53] C:\ProgramData\hpzinstall.log
[10/02/2008|21:19] C:\ProgramData\InterAction studios
[18/05/2008|12:43] C:\ProgramData\Kaspersky Lab
[07/02/2008|18:22] C:\ProgramData\Kaspersky Lab Setup Files
[15/06/2008|13:56] C:\ProgramData\Lavasoft
[07/02/2008|18:13] C:\ProgramData\LuUninstall.LiveUpdate
[15/06/2008|16:55] C:\ProgramData\Malwarebytes
[07/02/2008|18:04] C:\ProgramData\Menu D‚marrer
[12/06/2008|16:08] C:\ProgramData\Microsoft
[11/09/2008|13:04] C:\ProgramData\Microsoft Help
[07/02/2008|18:04] C:\ProgramData\ModŠles
[13/12/2007|18:59] C:\ProgramData\muvee Technologies
[12/02/2008|18:31] C:\ProgramData\PlayFirst
[15/06/2008|13:05] C:\ProgramData\pskt.ini
[17/06/2008|16:35] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|15:02] C:\ProgramData\Start Menu
[18/08/2008|16:44] C:\ProgramData\SweetIM
[07/02/2008|18:18] C:\ProgramData\Symantec
[28/09/2008|14:25] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[25/09/2008|14:04] C:\ProgramData\Trymedia
[08/02/2008|18:18] C:\ProgramData\UDL
[17/06/2008|16:46] C:\ProgramData\WildTangent
[29/03/2008|11:40] C:\ProgramData\WLInstaller
[01/04/2008|17:28] C:\ProgramData\Yahoo!
[02/04/2008|15:57] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[16/03/2008|14:26] C:\Program Files\.castanet
[16/03/2008|14:25] C:\Program Files\3DSetup
[25/03/2008|20:15] C:\Program Files\3ivx
[27/09/2008|12:19] C:\Program Files\Adobe
[30/04/2008|23:06] C:\Program Files\Alwil Software
[25/03/2008|20:17] C:\Program Files\AngelPotion Video Codec V1
[07/02/2008|18:08] C:\Program Files\AOL
[15/05/2008|13:37] C:\Program Files\Apple Software Update
[17/06/2008|17:46] C:\Program Files\a-squared Free
[13/12/2007|18:48] C:\Program Files\ATI
[13/12/2007|18:49] C:\Program Files\ATI Technologies
[27/09/2008|17:35] C:\Program Files\Bandoo
[16/06/2008|16:33] C:\Program Files\BitDefender
[15/04/2008|09:28] C:\Program Files\Bonjour
[28/09/2008|13:32] C:\Program Files\BoontyGames
[27/09/2008|17:37] C:\Program Files\Common Files
[22/02/2008|13:21] C:\Program Files\CONEXANT
[10/06/2008|14:37] C:\Program Files\Core Design
[27/09/2008|17:53] C:\Program Files\CyberLink
[16/03/2008|14:25] C:\Program Files\data
[27/03/2008|23:12] C:\Program Files\directx
[27/09/2008|17:53] C:\Program Files\DivX
[14/12/2007|02:41] C:\Program Files\EasyBits
[08/02/2008|18:14] C:\Program Files\EPSON
[07/02/2008|18:04] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[22/08/2008|16:01] C:\Program Files\Fizzy
[18/06/2008|15:40] C:\Program Files\Franson
[30/03/2008|16:03] C:\Program Files\Google
[25/03/2008|20:16] C:\Program Files\GSpot
[22/08/2008|16:09] C:\Program Files\Hawaiian Runner
[13/12/2007|19:06] C:\Program Files\Hewlett-Packard
[13/12/2007|19:01] C:\Program Files\HP
[17/06/2008|16:50] C:\Program Files\HP Games
[27/09/2008|17:54] C:\Program Files\InstallShield Installation Information
[13/12/2007|18:48] C:\Program Files\Intel
[19/08/2008|12:32] C:\Program Files\Internet Explorer
[13/12/2007|19:01] C:\Program Files\Java
[01/07/2008|18:34] C:\Program Files\KONAMI
[01/05/2008|18:17] C:\Program Files\Learning Essentials
[17/06/2008|14:59] C:\Program Files\Malwarebytes' Anti-Malware
[25/03/2008|20:20] C:\Program Files\Matroska Pack
[30/03/2008|16:35] C:\Program Files\MegauploadToolbar
[01/05/2008|18:22] C:\Program Files\Microsoft Etudes
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[07/02/2008|18:30] C:\Program Files\Microsoft Office
[07/02/2008|18:30] C:\Program Files\Microsoft Visual Studio
[07/02/2008|18:27] C:\Program Files\Microsoft Visual Studio 8
[07/02/2008|18:30] C:\Program Files\Microsoft Works
[07/02/2008|18:29] C:\Program Files\Microsoft.NET
[16/03/2008|14:25] C:\Program Files\mmskin
[14/12/2007|02:53] C:\Program Files\Movie Maker
[25/09/2008|15:36] C:\Program Files\Mozilla Firefox
[07/02/2008|18:30] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[28/09/2008|13:06] C:\Program Files\MSN Games
[17/06/2008|22:16] C:\Program Files\Namco
[28/09/2008|13:33] C:\Program Files\Opera
[27/04/2008|13:25] C:\Program Files\PC Camera
[25/03/2008|20:18] C:\Program Files\Pinnacle
[27/03/2008|18:51] C:\Program Files\PopCap Games
[11/02/2008|20:58] C:\Program Files\Portrait Displays
[22/06/2008|16:33] C:\Program Files\Real
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[15/04/2008|09:29] C:\Program Files\Safari
[13/12/2007|19:10] C:\Program Files\Services en ligne
[17/06/2008|17:46] C:\Program Files\Spybot - Search & Destroy
[26/09/2008|17:07] C:\Program Files\Spyware Doctor
[16/03/2008|14:26] C:\Program Files\Support
[18/08/2008|16:44] C:\Program Files\SweetIM
[17/06/2008|16:36] C:\Program Files\Telltale Games
[16/03/2008|14:25] C:\Program Files\thrash
[01/06/2008|13:27] C:\Program Files\Uniblue
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[16/03/2008|14:25] C:\Program Files\user
[14/12/2007|03:16] C:\Program Files\Windows Calendar
[14/12/2007|02:53] C:\Program Files\Windows Collaboration
[14/12/2007|03:00] C:\Program Files\Windows Defender
[14/12/2007|02:53] C:\Program Files\Windows Journal
[29/03/2008|12:09] C:\Program Files\Windows Live
[19/08/2008|12:32] C:\Program Files\Windows Mail
[25/03/2008|20:19] C:\Program Files\Windows Media Components
[14/12/2007|03:23] C:\Program Files\Windows Media Player
[07/02/2008|18:04] C:\Program Files\Windows NT
[14/12/2007|02:53] C:\Program Files\Windows Photo Gallery
[22/02/2008|20:14] C:\Program Files\Windows Sidebar
[25/03/2008|20:18] C:\Program Files\XviD
[01/04/2008|17:22] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[23/04/2008|20:16] C:\Program Files\Common Files\Adobe
[16/06/2008|15:44] C:\Program Files\Common Files\BitDefender
[07/02/2008|18:30] C:\Program Files\Common Files\DESIGNER
[13/12/2007|18:53] C:\Program Files\Common Files\HP
[08/02/2008|18:21] C:\Program Files\Common Files\InstallShield
[13/12/2007|19:01] C:\Program Files\Common Files\Java
[13/12/2007|18:59] C:\Program Files\Common Files\LightScribe
[13/12/2007|18:59] C:\Program Files\Common Files\LS Getting Started
[23/08/2008|11:11] C:\Program Files\Common Files\microsoft shared
[11/02/2008|20:59] C:\Program Files\Common Files\Portrait Displays
[22/06/2008|16:34] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[07/02/2008|18:37] C:\Program Files\Common Files\Symantec Shared
[07/02/2008|18:27] C:\Program Files\Common Files\System
[27/03/2008|19:28] C:\Program Files\Common Files\WindowsLiveInstaller
[22/06/2008|16:34] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 79 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 14:53:15
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden files ...
C:\Users\pcs\AppData\Local\Temp\~DF12E0.tmp
C:\Users\pcs\AppData\Local\Temp\~DF12EA.tmp
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:1255][D:60]-> C:\Users\pcs\AppData\Local\Temp
[F:165][D:1]-> C:\Users\pcs\AppData\Roaming\MICROS~1\Windows\Cookies
[F:736][D:6]-> C:\Users\pcs\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:11][D:5]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 28/09/2008|14:41 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 28/09/2008|14:55 - Option : [2]

--------------------\\ Fin du rapport a 14:55:33
[ UAC => 1 ]


et voici le rapport hijacthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:50, on 28/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\pcs\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [L07FXLRD_3199861] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Outil de notification Live Search.lnk = pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
-1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 15:07
ok maintenant fais combofix stp
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 15:19
j'ai posté le compte rendu combofix , stp reviens à la discussion pour jeter un coup d'oeil.
-1
Réponse 6 / 15
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 15:16
voici le compte rendu combofix:

ComboFix 08-09-27.03 - pcs 2008-09-28 15:10:57.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1256 [GMT 2:00]
Lancé depuis: C:\Users\pcs\Desktop\1234.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Windows\system32\jusched.exe
C:\Windows\system32\MSINET.oca

----- BITS: Il y a peut-être des sites infectés -----

hxxp://ftp.hp.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
.

2008-09-28 14:38 . 2008-09-28 14:55 <REP> d-------- C:\Lop SD
2008-09-28 13:32 . 2008-09-28 13:32 <REP> d-------- C:\Program Files\BoontyGames
2008-09-28 13:28 . 2008-09-28 13:28 <REP> d-------- C:\Boonty
2008-09-28 13:06 . 2008-09-28 13:06 <REP> d-------- C:\Program Files\MSN Games
2008-09-28 13:06 . 2008-09-28 13:06 192,512 --a------ C:\Windows\off-road-uninst.exe
2008-09-25 14:04 . 2008-09-25 14:04 <REP> d-------- C:\Users\All Users\Trymedia
2008-09-25 14:04 . 2008-09-25 14:04 <REP> d-------- C:\Users\All Users\GameHouse
2008-09-25 14:04 . 2008-09-25 14:04 <REP> d-------- C:\ProgramData\Trymedia
2008-09-25 14:04 . 2008-09-25 14:04 <REP> d-------- C:\ProgramData\GameHouse
2008-09-10 12:24 . 2008-07-31 01:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 12:24 . 2008-07-31 05:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-10 12:24 . 2008-07-31 05:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 12:21 . 2008-06-26 05:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 13:01 --------- d---a-w C:\ProgramData\TEMP
2008-09-28 11:37 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-09-28 11:33 --------- d-----w C:\Program Files\Opera
2008-09-27 16:04 --------- d-----w C:\ProgramData\Google Updater
2008-09-27 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 15:53 --------- d-----w C:\Program Files\DivX
2008-09-27 15:53 --------- d-----w C:\Program Files\CyberLink
2008-09-27 15:41 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-09-27 15:35 --------- d-----w C:\Program Files\Bandoo
2008-09-26 15:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-09-11 11:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-22 14:09 --------- d-----w C:\Users\pcs\AppData\Roaming\fizzy
2008-08-22 14:09 --------- d-----w C:\Program Files\Hawaiian Runner
2008-08-22 14:01 --------- d-----w C:\Program Files\Fizzy
2008-08-19 10:32 --------- d-----w C:\Program Files\Windows Mail
2008-08-18 14:44 --------- d-----w C:\ProgramData\SweetIM
2008-08-18 14:44 --------- d-----w C:\Program Files\SweetIM
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-13 14:11 174 --sha-w C:\Program Files\desktop.ini
2008-03-25 18:18 1,298 ----a-w C:\Program Files\INSTALL.LOG
2002-04-20 14:36 41,709 ----a-w C:\Program Files\RegSetup.exe
2002-04-20 14:28 313 ----a-w C:\Program Files\2002 FIFA World Cup TM.lnk
2002-04-20 12:44 2,490,368 ------w C:\Program Files\fifawc.exe
2002-03-04 17:40 3,536 ----a-w C:\Program Files\fifawc.lib
2002-03-04 17:40 1,860 ----a-w C:\Program Files\fifawc.exp
2002-02-20 17:12 16,565 ------w C:\Program Files\ReadMe.txt
2002-02-13 12:11 28,672 ----a-w C:\Program Files\FIFA02R_sv.dll
2002-02-13 12:11 28,672 ----a-w C:\Program Files\FIFA02R_pt.dll
2002-02-13 12:11 28,672 ----a-w C:\Program Files\FIFA02R_ko.dll
2002-02-12 00:26 7,410 ----a-w C:\Program Files\test.map
2002-02-12 00:26 7,410 ----a-w C:\Program Files\scenario.bin
2002-02-12 00:26 113 ----a-w C:\Program Files\soccer.ini
1998-02-10 17:34 128,000 ----a-w C:\Program Files\UNWISE.EXE
2008-04-24 10:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-24 10:31 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-24 10:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-02-08 17:48 56 --sh--r C:\Windows\System32\FFEA7521F2.sys
2008-03-25 18:16 848 --sha-w C:\Windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-07-06 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-07-06 12:44 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 1164600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-22 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-30 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2007-04-25 280064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-22 185896]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-07-06 111928]

C:\Users\pcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-04-19 152616]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-30 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\bandoo\bndhook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"vidc.3IV2"= 3ivxVfWCodec.dll
"VIDC.AP41"= APmpg4v1.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-349797978-2833223424-2454343011-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C89CAF95-4D5B-4004-8715-A9F7085CF6C6}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{412CE1B8-E0C2-4255-8734-1D4C9FE2E473}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C517D3F9-6348-4D10-8A27-30823D06F106}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{1FB9F1C6-FDED-4850-926E-A9A1E16C824E}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{A049DD61-4720-458B-9813-3E8D5E20DD71}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6F9C344-56A8-475B-B2FC-71CAD6950188}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{65D09C4B-6BAC-4559-97F4-9F52875FF77B}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0A44E29F-DBA5-458D-B418-8BD80A6CE8A3}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A5204EBD-0224-4522-A3FB-009C3ECCEDD8}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F12BF83E-B865-4D5A-ACAA-1EAC00F75DD3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{617120EF-3D4F-4C19-94A8-8DF38ED232B1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5FA61B8B-7BA8-49DB-B95E-DF7BB2821C2B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{37FDE4BF-AD75-4FD1-A9C2-CC02A3BB2F76}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DFEE5C9A-A16C-470D-B86E-3909F3BD804A}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{83743841-3163-4CAE-B840-63B751E220CC}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-15 3151872]
R3 CAM1210;SM0121 USB 2.0 Video Camera;C:\Windows\system32\Drivers\cam1210.sys [2006-07-24 89856]
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-11 34296]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04237b94-e95b-11dc-9a90-001e8c40a85a}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ada988b6-160b-11dd-a690-001e8c40a85a}]
\shell\AutoRun\command - J:\jfvkcsy.bat
\shell\explore\Command - J:\jfvkcsy.bat
\shell\open\Command - J:\jfvkcsy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3554876-8657-11dd-877a-001e8c40a85a}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-HPAdvisor - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-Yahoo! Pager - ~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-L07FXLRD_3199861 - C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\pcs\AppData\Roaming\Mozilla\Firefox\Profiles\nrugnph4.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 15:13:29
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-28 15:15:08
ComboFix-quarantined-files.txt 2008-09-28 13:14:44

Avant-CF: 383ÿ468ÿ036ÿ096 octets libres
Après-CF: 385,534,935,040 octets libres

219 --- E O F --- 2008-09-26 14:58:12
-1
Réponse 7 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 15:20
ok maintenant...

▶ Copie le texte en gras ci-dessous :

File::
c:\windows\system32\jusched.exe



Folder::


Registry::



▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt.

▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

▶ Cela va relancer Combofix,

▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

▶ S'il n'y a pas de rédémarrage, poste quand même les rapports.
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 15:31
J'ai pas pu glisser le fichier dans combofix.exe
-1
Réponse 8 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 15:35
pourquoi tu n as pas pu ??
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 15:36
J'ai fait comme tu m'a dit mais rien ne s'affiche
-1
Réponse 9 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 15:37
C est que le fichier CFScript a été mal crée...éfface celui que tu as crée et recommence stp
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 15:47
combofix ne veut plus s'ouvrir cette fois
-1
Réponse 10 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 15:49
▶ Télécharge OTMoveIt (de Old_Timer) sur ton Bureau

(c est le numéro 7 en bas de la page)

▶ Double-clique sur OTMoveIt.exe pour le lancer.
▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.


c:\windows\system32\jusched.exe


▶ clique sur MoveIt! pour lancer la suppression.
▶ Le résultat apparaitra dans le cadre "Results".
▶ Clique sur Exit pour fermer.
▶ Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

▶Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

ensuite redémarre le pc et refais un nouveau rapport hijackthis stp
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 15:58
voici le résultat:

File/Folder c:\windows\system32\jusched.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09282008_155602
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 16:02
et voici le nouveau rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:50, on 28/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\KbdStub.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\pcs\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\pcs\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [L07FXLRD_5627938] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = pcs\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
-1
Réponse 11 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 16:02
ok...redémarre le pc et refais un nouveau rapport hijackthis stp
-1
Réponse 12 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 16:09
relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

puis tu cliques sur fix checked.

vas aussi télécharger le SP1 pour vista :

http://www.microsoft.com/downloads/details.aspx?FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674&displaylang=fr

vas aussi désinstaller sweetIM et spyware doctor qui sont très déconseillés.

ensuite :

▶ Télécharge JavaRa.zip

▶ Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)

▶ Double-clique sur le répertoire JavaRa obtenu.

▶ Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)

▶ Clique sur Search For Updates.

▶ Sélectionne Update Using jucheck.exe puis clique sur Search.

▶ Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.

▶ Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.

▶ Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

▶ Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.

* Note : le rapport se trouve aussi là : ( C:\JavaRa.log )

Ferme l'application et dis moi si tu as encore des problemes

je reviendrai tout à l heure pour vérifier tes réponses car je dois partir ;-)

@+
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 16:29
voilà le résultat;

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Sep 28 16:28:05 2008

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

------------------------------------

Finished reporting.
-1
Réponse 13 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 16:41
est ce que tu as encore des problemes ??
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 16:46
non, merci pour tout ce que tu s fait pour moi, mais comment pourrais-j savoir que mon ordi est totalement désinfecté?
(avant je l'apprends en utilisant spyware Doctor, mais je l'ai désinstallé comme tu me l'a dit.)
-1
mimoul Messages postés 60 Date d'inscription mardi 17 juin 2008 Statut Membre Dernière intervention 14 mai 2009 1
28 sept. 2008 à 16:51
En fait je suis en train d réaliser un scan à l'aide d'avast,mais je fais pas trop confiance
-1
Réponse 14 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 16:53
vas quand meme faire une analyse en ligne avec bitdefender à cette adresse (sous internet explorer) :

http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php

ensuite :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

▶ Télécharge Toolscleaner sur ton Bureau :

(c est le numéro 15 en bas de la page)

▶ Double-clique sur ToolsCleaner2.exe et laisse le travailler
▶ Clique sur Recherche et laisse le scan se terminer.
▶ Clique sur Suppression pour finaliser.
▶ Tu peux, si tu le souhaites, te servir des Options facultatives.
▶ Clique sur Quitter, pour que le rapport puisse se créer.
▶ Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse


et ensuite vas réactiver le controle des comptes et créer un point de restauration !! IMPORTANT
-1
Réponse 15 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 sept. 2008 à 17:00
si tu ne veux plus avast, utilise ceci pour le désinstaller : http://www.commentcamarche.net/telecharger/telecharger 34055246 utilitaire de desinstallation de avast

et télécharge Antivir

Un tutoriel sera à ta disposition sur le site.
-1

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Comment éliminer manuellement virus trojan?
ballag -
RClog -

12 réponses