Virus probable

topaye Messages postés 7 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
J'ai un pb d'acces sur les sites d'antivirus (mise à jour), windows update, liens google qui m'envoie sur d'autre sites.
Avast ne détecte pas de virus.
Voici le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:14, on 07/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ltmsg.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE3] "C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe"
O4 - HKLM\..\Run: [OPSE3 Reminder] "C:\Program Files\ScanSoft\OmniPageSE3.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE3.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [FlyAway] C:\DOCUME~1\Ludovic\LOCALS~1\Temp\Répertoire temporaire 1 pour flyaway.ZIP\FlyAway.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: https://www.consoclicker.com/
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} (TNSClickerb.Clicker) - http://www.consoclicker.com/TNSClickrb.CAB
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photoservice.photos.orange.fr/migrationorange/index.cfm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O22 - SharedTaskScheduler: Wheel Mouse Optical Driver - {D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D} - C:\WINDOWS\System32\dxmpp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Qqu'un peut-il m'aider
Configuration: Windows XP
Internet Explorer 7.0

6 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

    ___________________________

    tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    * Double-clique dessus pour lancer l'installation
    * Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    * Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
    * Patiente jusqu'à la fin du scan
    * Poste le rapport généré (C:\lopR.txt)

    ______________________________

    remets un rapport hijakchits

    a plus
    0
    1. topaye Messages postés 7 Statut Membre
       
      Slr,

      Rapport Malwarebytes :


      Malwarebytes' Anti-Malware 1.28
      Version de la base de données: 1240
      Windows 5.1.2600 Service Pack 2

      07/10/2008 22:11:40
      mbam-log-2008-10-07 (22-11-40).txt

      Type de recherche: Examen rapide
      Eléments examinés: 48084
      Temps écoulé: 6 minute(s), 13 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 5
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 2
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 12

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{24311111-1111-1121-1111-111191113457} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{43331111-1111-1111-1111-611111195622} (Trojan.Clicker) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{64311111-1111-1121-1111-111191113457} (Trojan.Clicker) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\tdssadw.dll (Rootkit.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\TDSSerrors.log (Trojan.TDSS) -> Delete on reboot.
      C:\WINDOWS\system32\tdssinit.dll (Rootkit.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\TDSSl.dll (Rootkit.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\tdsslog.dll (Rootkit.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\tdssmain.dll (Rootkit.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\tdssserf.dll (Rootkit.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\tdssserf1.dll (Rootkit.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\tdssservers.dat (Trojan.TDSS) -> Delete on reboot.
      C:\WINDOWS\system32\drivers\tdssserv.sys (Rootkit.Agent) -> Delete on reboot.

      Rapport :Lop S&D


      --------------------\\ Lop S&D 4.2.4-5 XP/Vista

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
      BIOS : 786B2 v2.18
      USER : Ludovic ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1229 [VPS 081005-0] 4.8.1229 (Activated)
      A:\ (USB)
      C:\ (Local Disk) - NTFS - Total : 149 Go Free : 91 Go
      D:\ (CD or DVD)

      "C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
      Option : [1] ( 07/10/2008|22:15 )

      --------------------\\ Listing des dossiers dans APPLIC~1

      [05/11/2007|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
      [07/10/2008|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
      [07/10/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
      [26/04/2006|08:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
      [08/12/2006|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
      [07/10/2007|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [15/08/2008|15:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
      [19/08/2007|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
      [07/10/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
      [05/10/2008|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [02/05/2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
      [04/03/2007|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
      [05/07/2006|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
      [15/08/2008|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
      [09/03/2007|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
      [03/10/2005|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
      [18/02/2006|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

      [21/06/2005|04:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
      [21/06/2005|04:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
      [20/06/2005|19:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

      [07/10/2008|18:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

      [05/11/2007|20:33] C:\DOCUME~1\Ludovic\APPLIC~1\ACD Systems
      [16/01/2008|22:43] C:\DOCUME~1\Ludovic\APPLIC~1\Adobe
      [29/06/2005|11:34] C:\DOCUME~1\Ludovic\APPLIC~1\Ahead
      [28/10/2006|14:28] C:\DOCUME~1\Ludovic\APPLIC~1\Azureus
      [15/05/2008|20:06] C:\DOCUME~1\Ludovic\APPLIC~1\BitTorrent
      [07/10/2008|17:56] C:\DOCUME~1\Ludovic\APPLIC~1\EoRezo
      [18/08/2005|11:22] C:\DOCUME~1\Ludovic\APPLIC~1\Google
      [22/06/2005|17:11] C:\DOCUME~1\Ludovic\APPLIC~1\Help
      [21/06/2005|04:39] C:\DOCUME~1\Ludovic\APPLIC~1\Identities
      [07/08/2005|17:58] C:\DOCUME~1\Ludovic\APPLIC~1\InterTrust
      [23/06/2005|16:41] C:\DOCUME~1\Ludovic\APPLIC~1\InterVideo
      [05/10/2008|17:01] C:\DOCUME~1\Ludovic\APPLIC~1\Lavasoft
      [28/11/2005|16:34] C:\DOCUME~1\Ludovic\APPLIC~1\Macromedia
      [07/10/2008|22:03] C:\DOCUME~1\Ludovic\APPLIC~1\Malwarebytes
      [09/05/2007|10:57] C:\DOCUME~1\Ludovic\APPLIC~1\Microsoft
      [02/05/2008|19:57] C:\DOCUME~1\Ludovic\APPLIC~1\Motive
      [15/08/2008|15:49] C:\DOCUME~1\Ludovic\APPLIC~1\ScanSoft
      [06/10/2008|21:07] C:\DOCUME~1\Ludovic\APPLIC~1\Shareaza
      [20/06/2005|19:48] C:\DOCUME~1\Ludovic\APPLIC~1\Sun

      [07/10/2008|18:06] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

      --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

      [07/10/2008 21:22][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [24/04/2003 04:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

      --------------------\\ Listing des dossiers dans C:\Program Files

      [05/11/2007|20:16] C:\Program Files\ACD Systems
      [15/11/2005|12:47] C:\Program Files\Activision
      [09/05/2007|23:48] C:\Program Files\Adobe
      [21/06/2005|20:40] C:\Program Files\Agfa
      [29/06/2005|11:32] C:\Program Files\Ahead
      [06/10/2008|17:55] C:\Program Files\Alwil Software
      [20/06/2005|19:50] C:\Program Files\Analog Devices
      [06/03/2007|17:51] C:\Program Files\Azureus
      [07/10/2008|17:55] C:\Program Files\BitTorrent
      [18/05/2006|20:16] C:\Program Files\Codemasters
      [20/06/2005|19:45] C:\Program Files\Common Files
      [05/03/2007|17:40] C:\Program Files\Compaq
      [21/06/2005|04:39] C:\Program Files\ComPlus Applications
      [07/07/2007|18:27] C:\Program Files\DIFX
      [29/06/2005|11:47] C:\Program Files\DVD Shrink
      [07/10/2008|17:56] C:\Program Files\EoRezo
      [07/10/2008|17:58] C:\Program Files\Fichiers communs
      [09/03/2008|12:19] C:\Program Files\Free Audio Pack
      [06/09/2006|11:23] C:\Program Files\Geneatique2006
      [08/10/2007|14:06] C:\Program Files\Google
      [07/10/2008|18:07] C:\Program Files\Grisoft
      [22/01/2006|18:14] C:\Program Files\IncrediMail
      [07/09/2008|23:19] C:\Program Files\InstallShield Installation Information
      [18/08/2008|06:52] C:\Program Files\Internet Explorer
      [07/09/2008|23:19] C:\Program Files\InterVideo
      [20/11/2007|17:34] C:\Program Files\Inventel
      [10/06/2008|21:32] C:\Program Files\Java
      [19/08/2007|17:26] C:\Program Files\Kodak
      [05/10/2008|17:01] C:\Program Files\Lavasoft
      [07/10/2008|17:58] C:\Program Files\Logitech
      [07/10/2008|17:58] C:\Program Files\ltmoh
      [07/10/2008|22:03] C:\Program Files\Malwarebytes' Anti-Malware
      [29/09/2008|18:55] C:\Program Files\Messenger
      [10/05/2007|12:55] C:\Program Files\Microsoft CAPICOM 2.1.0.2
      [21/06/2005|04:39] C:\Program Files\microsoft frontpage
      [22/06/2005|20:35] C:\Program Files\Microsoft Office
      [30/03/2006|12:04] C:\Program Files\mobile PhoneTools
      [29/09/2008|18:23] C:\Program Files\Movie Maker
      [21/06/2005|04:39] C:\Program Files\MSN
      [21/06/2005|04:39] C:\Program Files\MSN Gaming Zone
      [23/08/2005|20:27] C:\Program Files\MSN Messenger
      [15/11/2006|12:42] C:\Program Files\MSXML 4.0
      [29/09/2008|18:23] C:\Program Files\NetMeeting
      [20/02/2006|17:48] C:\Program Files\NoAdware4
      [22/06/2005|20:39] C:\Program Files\OfficeUpdate11
      [15/08/2008|15:42] C:\Program Files\Olivetti
      [02/05/2008|19:56] C:\Program Files\Orange
      [02/05/2008|19:54] C:\Program Files\OrangeHSS
      [29/09/2008|18:23] C:\Program Files\Outlook Express
      [15/09/2006|17:36] C:\Program Files\Protectis
      [05/07/2006|11:56] C:\Program Files\QuickTime
      [20/06/2005|20:31] C:\Program Files\Raccourcis de programmes
      [15/08/2008|15:48] C:\Program Files\ScanSoft
      [20/11/2007|17:41] C:\Program Files\Securitoo
      [21/06/2005|04:39] C:\Program Files\Services en ligne
      [07/10/2008|17:55] C:\Program Files\Softwin
      [09/03/2007|18:52] C:\Program Files\Spybot - Search & Destroy
      [06/09/2006|10:23] C:\Program Files\Tracker Software
      [07/10/2008|21:16] C:\Program Files\Trend Micro
      [03/11/2005|01:08] C:\Program Files\Twins Video Player
      [20/06/2005|19:45] C:\Program Files\Uninstall Information
      [03/10/2005|22:27] C:\Program Files\Viewpoint
      [02/05/2008|19:53] C:\Program Files\Wanadoo
      [19/11/2007|22:48] C:\Program Files\Wanadoo Messager
      [28/10/2007|22:25] C:\Program Files\Windows Media Connect 2
      [29/09/2008|18:23] C:\Program Files\Windows Media Player
      [29/09/2008|18:23] C:\Program Files\Windows NT
      [21/06/2005|20:29] C:\Program Files\WindowsUpdate
      [11/06/2008|07:32] C:\Program Files\WinRAR
      [21/06/2005|04:39] C:\Program Files\xerox
      [12/11/2005|15:47] C:\Program Files\Yahoo!

      --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

      [05/11/2007|20:16] C:\Program Files\Fichiers communs\ACD Systems
      [07/08/2005|17:59] C:\Program Files\Fichiers communs\Adobe
      [29/06/2005|11:31] C:\Program Files\Fichiers communs\Ahead
      [06/03/2007|20:31] C:\Program Files\Fichiers communs\DESIGNER
      [04/03/2007|18:51] C:\Program Files\Fichiers communs\France Telecom
      [15/08/2008|15:48] C:\Program Files\Fichiers communs\InstallShield
      [20/06/2005|19:48] C:\Program Files\Fichiers communs\Java
      [19/11/2007|23:02] C:\Program Files\Fichiers communs\Logitech
      [18/08/2008|06:48] C:\Program Files\Fichiers communs\Microsoft Shared
      [02/05/2008|19:56] C:\Program Files\Fichiers communs\Motive
      [21/06/2005|04:39] C:\Program Files\Fichiers communs\MSSoap
      [21/06/2005|04:39] C:\Program Files\Fichiers communs\ODBC
      [15/08/2008|15:48] C:\Program Files\Fichiers communs\Scansoft Shared
      [21/06/2005|04:39] C:\Program Files\Fichiers communs\Services
      [07/10/2008|17:54] C:\Program Files\Fichiers communs\Softwin
      [21/06/2005|04:39] C:\Program Files\Fichiers communs\SpeechEngines
      [29/09/2008|18:23] C:\Program Files\Fichiers communs\System

      --------------------\\ Process

      ( 54 Processes )

      iexplore.exe ~ [PID:768]
      Iexplore.exe ~ [PID:3440]

      --------------------\\ Recherche avec S_Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Recherche de Fichiers / Dossiers Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Verification du Registre

      ..... OK !

      --------------------\\ Verification du fichier Hosts

      Fichier Hosts PROPRE


      --------------------\\ Recherche de fichiers avec Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-10-07 22:16:49
      Windows 5.1.2600 Service Pack 2 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      disk error: C:\WINDOWS\System32\
      please note that you need administrator rights to perform deep scan

      --------------------\\ Recherche d'autres infections

      --------------------\\ ROOTKIT !!

      Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
      Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]
      Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
      Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]
      Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV]
      Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv]


      Trojan ! .. C:\WINDOWS\system32\drivers\tdssserv.sys
      Trojan ! .. C:\WINDOWS\system32\tdssservers.dat
      Trojan ! .. C:\WINDOWS\system32\tdssserf.dll
      Trojan ! .. C:\WINDOWS\system32\tdssmain.dll
      Trojan ! .. C:\WINDOWS\system32\tdssinit.dll
      Trojan ! .. C:\WINDOWS\system32\tdssadw.dll
      Trojan ! .. C:\WINDOWS\system32\tdsslog.dll
      Trojan ! .. C:\WINDOWS\system32\tdssl.dll



      [F:1670][D:442]-> C:\DOCUME~1\Ludovic\LOCALS~1\Temp
      [F:59][D:0]-> C:\DOCUME~1\Ludovic\Cookies
      [F:1023][D:4]-> C:\DOCUME~1\Ludovic\LOCALS~1\TEMPOR~1\content.IE5

      1 - "C:\Lop SD\LopR_1.txt" - 07/10/2008|22:17 - Option : [1]

      --------------------\\ Fin du rapport a 22:17:50



      Je redemarre?
      0
  2. topaye Messages postés 7 Statut Membre
     
    Impossible de telecharger : MalwareByte's Anti-Malware
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. topaye Messages postés 7 Statut Membre
       
      Salut,
      J'ai apparement retrouvé toutes les fonctionnalités d'internet.
      Dois-je faire ta derniere manip combofix.
      Bye
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui il faut absolument faire combofix car il reste des rootkit comme indiqué dans lop sd:::

    --------------------\\ ROOTKIT !!

    Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
    Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]
    Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
    Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]
    Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV]
    Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv]

    Trojan ! .. C:\WINDOWS\system32\drivers\tdssserv.sys
    Trojan ! .. C:\WINDOWS\system32\tdssservers.dat
    Trojan ! .. C:\WINDOWS\system32\tdssserf.dll
    Trojan ! .. C:\WINDOWS\system32\tdssmain.dll
    Trojan ! .. C:\WINDOWS\system32\tdssinit.dll
    Trojan ! .. C:\WINDOWS\system32\tdssadw.dll
    Trojan ! .. C:\WINDOWS\system32\tdsslog.dll
    Trojan ! .. C:\WINDOWS\system32\tdssl.dll
    0
    1. topaye Messages postés 7 Statut Membre
       
      Voici le rapport :

      Lancé depuis: C:\Documents and Settings\Ludovic\Bureau\ComboFix.exe
      * Un nouveau point de restauration a été créé

      [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Ludovic\Application Data\Install.dat
      C:\Program Files\INSTALL.LOG
      C:\WINDOWS\system32\_003506_.tmp.dll
      C:\WINDOWS\system32\_003507_.tmp.dll
      C:\WINDOWS\system32\_003508_.tmp.dll
      C:\WINDOWS\system32\_003509_.tmp.dll
      C:\WINDOWS\system32\_003516_.tmp.dll
      C:\WINDOWS\system32\_003517_.tmp.dll
      C:\WINDOWS\system32\_003518_.tmp.dll
      C:\WINDOWS\system32\_003519_.tmp.dll
      C:\WINDOWS\system32\_003520_.tmp.dll
      C:\WINDOWS\system32\_003521_.tmp.dll
      C:\WINDOWS\system32\_003522_.tmp.dll
      C:\WINDOWS\system32\_003523_.tmp.dll
      C:\WINDOWS\system32\_003524_.tmp.dll
      C:\WINDOWS\system32\_003525_.tmp.dll
      C:\WINDOWS\system32\_003526_.tmp.dll
      C:\WINDOWS\system32\_003527_.tmp.dll
      C:\WINDOWS\system32\_003528_.tmp.dll
      C:\WINDOWS\system32\_003529_.tmp.dll
      C:\WINDOWS\system32\_003530_.tmp.dll
      C:\WINDOWS\system32\_003531_.tmp.dll
      C:\WINDOWS\system32\_003532_.tmp.dll
      C:\WINDOWS\system32\_003533_.tmp.dll
      C:\WINDOWS\system32\_003534_.tmp.dll
      C:\WINDOWS\system32\_003535_.tmp.dll
      C:\WINDOWS\system32\_003536_.tmp.dll
      C:\WINDOWS\system32\_003537_.tmp.dll
      C:\WINDOWS\system32\_003538_.tmp.dll
      C:\WINDOWS\system32\_003539_.tmp.dll
      C:\WINDOWS\system32\_003540_.tmp.dll
      C:\WINDOWS\system32\_003541_.tmp.dll
      C:\WINDOWS\system32\_003542_.tmp.dll
      C:\WINDOWS\system32\_003543_.tmp.dll
      C:\WINDOWS\system32\_003544_.tmp.dll
      C:\WINDOWS\system32\_003545_.tmp.dll
      C:\WINDOWS\system32\_003546_.tmp.dll
      C:\WINDOWS\system32\_003547_.tmp.dll
      C:\WINDOWS\system32\_003548_.tmp.dll
      C:\WINDOWS\system32\_003549_.tmp.dll
      C:\WINDOWS\system32\_003550_.tmp.dll
      C:\WINDOWS\system32\_003551_.tmp.dll
      C:\WINDOWS\system32\_003552_.tmp.dll
      C:\WINDOWS\system32\_003553_.tmp.dll
      C:\WINDOWS\system32\_003554_.tmp.dll
      C:\WINDOWS\system32\_003555_.tmp.dll
      C:\WINDOWS\system32\_003556_.tmp.dll
      C:\WINDOWS\system32\_003557_.tmp.dll
      C:\WINDOWS\system32\_003558_.tmp.dll
      C:\WINDOWS\system32\_003559_.tmp.dll
      C:\WINDOWS\system32\_003561_.tmp.dll
      C:\WINDOWS\system32\_003562_.tmp.dll
      C:\WINDOWS\system32\_003563_.tmp.dll
      C:\WINDOWS\system32\_003564_.tmp.dll
      C:\WINDOWS\system32\_003566_.tmp.dll
      C:\WINDOWS\system32\_003567_.tmp.dll
      C:\WINDOWS\system32\_003568_.tmp.dll
      C:\WINDOWS\system32\_003569_.tmp.dll
      C:\WINDOWS\system32\_003570_.tmp.dll
      C:\WINDOWS\system32\_003571_.tmp.dll
      C:\WINDOWS\system32\_003572_.tmp.dll
      C:\WINDOWS\system32\_003573_.tmp.dll
      C:\WINDOWS\system32\_003574_.tmp.dll
      C:\WINDOWS\system32\_003575_.tmp.dll
      C:\WINDOWS\system32\_003577_.tmp.dll
      C:\WINDOWS\system32\_003578_.tmp.dll
      C:\WINDOWS\system32\_003579_.tmp.dll
      C:\WINDOWS\system32\_003580_.tmp.dll
      C:\WINDOWS\system32\_003581_.tmp.dll
      C:\WINDOWS\system32\_003584_.tmp.dll
      C:\WINDOWS\system32\_003585_.tmp.dll
      C:\WINDOWS\system32\_003586_.tmp.dll
      C:\WINDOWS\system32\_003587_.tmp.dll
      C:\WINDOWS\system32\_003588_.tmp.dll
      C:\WINDOWS\system32\_003589_.tmp.dll
      C:\WINDOWS\system32\_003590_.tmp.dll
      C:\WINDOWS\system32\_003592_.tmp.dll
      C:\WINDOWS\system32\_003593_.tmp.dll
      C:\WINDOWS\system32\_003594_.tmp.dll
      C:\WINDOWS\system32\_003595_.tmp.dll
      C:\WINDOWS\system32\_003596_.tmp.dll
      C:\WINDOWS\system32\_003597_.tmp.dll
      C:\WINDOWS\system32\_003598_.tmp.dll
      C:\WINDOWS\system32\_003599_.tmp.dll
      C:\WINDOWS\system32\_003600_.tmp.dll
      C:\WINDOWS\system32\_003601_.tmp.dll
      C:\WINDOWS\system32\_003602_.tmp.dll
      C:\WINDOWS\system32\_003603_.tmp.dll
      C:\WINDOWS\system32\_003604_.tmp.dll
      C:\WINDOWS\system32\_003605_.tmp.dll
      C:\WINDOWS\system32\_003606_.tmp.dll
      C:\WINDOWS\system32\_003607_.tmp.dll
      C:\WINDOWS\system32\_003608_.tmp.dll
      C:\WINDOWS\system32\_003610_.tmp.dll
      C:\WINDOWS\system32\_003611_.tmp.dll
      C:\WINDOWS\system32\_003612_.tmp.dll
      C:\WINDOWS\system32\_003613_.tmp.dll
      C:\WINDOWS\system32\_003614_.tmp.dll
      C:\WINDOWS\system32\_003617_.tmp.dll
      C:\WINDOWS\system32\_003618_.tmp.dll
      C:\WINDOWS\system32\_003619_.tmp.dll
      C:\WINDOWS\system32\_003620_.tmp.dll
      C:\WINDOWS\system32\_003621_.tmp.dll
      C:\WINDOWS\system32\_003622_.tmp.dll
      C:\WINDOWS\system32\_003623_.tmp.dll
      C:\WINDOWS\system32\_003625_.tmp.dll
      C:\WINDOWS\system32\_003626_.tmp.dll
      C:\WINDOWS\system32\_003627_.tmp.dll
      C:\WINDOWS\system32\_003628_.tmp.dll
      C:\WINDOWS\system32\_003629_.tmp.dll
      C:\WINDOWS\system32\_003630_.tmp.dll
      C:\WINDOWS\system32\_003631_.tmp.dll
      C:\WINDOWS\system32\_003632_.tmp.dll
      C:\WINDOWS\system32\_003633_.tmp.dll
      C:\WINDOWS\system32\_003634_.tmp.dll
      C:\WINDOWS\system32\_003635_.tmp.dll
      C:\WINDOWS\system32\_003636_.tmp.dll
      C:\WINDOWS\system32\_003639_.tmp.dll
      C:\WINDOWS\system32\_003640_.tmp.dll
      C:\WINDOWS\system32\_003644_.tmp.dll
      C:\WINDOWS\system32\_003645_.tmp.dll
      C:\WINDOWS\system32\_003647_.tmp.dll
      C:\WINDOWS\system32\_003650_.tmp.dll
      C:\WINDOWS\system32\_003652_.tmp.dll
      C:\WINDOWS\system32\_003653_.tmp.dll
      C:\WINDOWS\system32\_003654_.tmp.dll
      C:\WINDOWS\system32\_003655_.tmp.dll
      C:\WINDOWS\system32\_003658_.tmp.dll
      C:\WINDOWS\system32\_003659_.tmp.dll
      C:\WINDOWS\system32\_003660_.tmp.dll
      C:\WINDOWS\system32\_003661_.tmp.dll
      C:\WINDOWS\system32\_003662_.tmp.dll
      C:\WINDOWS\system32\_003667_.tmp.dll
      C:\WINDOWS\system32\_003669_.tmp.dll
      C:\WINDOWS\system32\_005680_.tmp.dll
      C:\WINDOWS\system32\_005681_.tmp.dll
      C:\WINDOWS\system32\_005682_.tmp.dll
      C:\WINDOWS\system32\_005683_.tmp.dll
      C:\WINDOWS\system32\_005690_.tmp.dll
      C:\WINDOWS\system32\_005691_.tmp.dll
      C:\WINDOWS\system32\_005692_.tmp.dll
      C:\WINDOWS\system32\_005693_.tmp.dll
      C:\WINDOWS\system32\_005695_.tmp.dll
      C:\WINDOWS\system32\_005696_.tmp.dll
      C:\WINDOWS\system32\_005699_.tmp.dll
      C:\WINDOWS\system32\_005700_.tmp.dll
      C:\WINDOWS\system32\_005702_.tmp.dll
      C:\WINDOWS\system32\_005703_.tmp.dll
      C:\WINDOWS\system32\_005704_.tmp.dll
      C:\WINDOWS\system32\_005705_.tmp.dll
      C:\WINDOWS\system32\_005706_.tmp.dll
      C:\WINDOWS\system32\_005709_.tmp.dll
      C:\WINDOWS\system32\_005710_.tmp.dll
      C:\WINDOWS\system32\_005714_.tmp.dll
      C:\WINDOWS\system32\_005715_.tmp.dll
      C:\WINDOWS\system32\_005717_.tmp.dll
      C:\WINDOWS\system32\_005720_.tmp.dll
      C:\WINDOWS\system32\_005722_.tmp.dll
      C:\WINDOWS\system32\_005723_.tmp.dll
      C:\WINDOWS\system32\_005724_.tmp.dll
      C:\WINDOWS\system32\_005725_.tmp.dll
      C:\WINDOWS\system32\_005726_.tmp.dll
      C:\WINDOWS\system32\_005729_.tmp.dll
      C:\WINDOWS\system32\_005730_.tmp.dll
      C:\WINDOWS\system32\_005731_.tmp.dll
      C:\WINDOWS\system32\_005732_.tmp.dll
      C:\WINDOWS\system32\_005733_.tmp.dll
      C:\WINDOWS\system32\_005738_.tmp.dll
      C:\WINDOWS\system32\_005740_.tmp.dll
      C:\WINDOWS\system32\drivers\fad.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_TDSSSERV
      -------\Service_TDSSserv


      ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
      .

      2008-10-07 22:15 . 2008-10-07 22:17 <REP> d-------- C:\Lop SD
      2008-10-07 22:03 . 2008-10-07 22:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-10-07 22:03 . 2008-10-07 22:03 <REP> d-------- C:\Documents and Settings\Ludovic\Application Data\Malwarebytes
      2008-10-07 22:03 . 2008-10-07 22:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-10-07 22:03 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-10-07 22:03 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-10-07 21:16 . 2008-10-07 21:16 <REP> d-------- C:\Program Files\Trend Micro
      2008-10-07 18:07 . 2008-10-07 18:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
      2008-10-07 17:55 . 2008-10-09 20:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-10-07 17:55 . 2008-10-09 20:54 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-10-06 20:00 . 2008-10-07 17:54 81,984 --a------ C:\WINDOWS\system32\bdod.bin
      2008-10-06 19:54 . 2008-10-07 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
      2008-10-06 17:55 . 2008-10-06 17:55 <REP> d-------- C:\Program Files\Alwil Software
      2008-10-05 17:02 . 2008-10-07 17:56 <REP> d-------- C:\Program Files\EoRezo
      2008-10-05 17:02 . 2008-10-07 17:56 <REP> d-------- C:\Documents and Settings\Ludovic\Application Data\EoRezo
      2008-10-04 20:43 . 2008-10-05 17:01 <REP> d-------- C:\Program Files\Lavasoft
      2008-09-30 21:23 . 2008-09-30 21:23 40 --a------ C:\Auth.prof
      2008-09-29 18:09 . 2007-10-25 18:43 8,516,608 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
      2008-09-29 18:08 . 2007-02-28 18:02 2,182,400 --a------ C:\WINDOWS\system32\ntoskrnl.exe
      2008-09-24 22:12 . 2008-04-13 11:36 2,986,496 --a------ C:\WINDOWS\system32\SET10FC.tmp
      2008-09-24 22:12 . 2008-04-13 19:33 539,136 --a------ C:\WINDOWS\system32\SET1122.tmp
      2008-09-24 22:12 . 2008-04-13 19:33 354,304 --a------ C:\WINDOWS\system32\SET10EE.tmp
      2008-09-24 22:12 . 2008-04-13 19:31 177,152 --a------ C:\WINDOWS\system32\SET1124.tmp
      2008-09-24 22:12 . 2008-04-13 19:33 80,896 --a------ C:\WINDOWS\system32\SET10E9.tmp
      2008-09-24 22:12 . 2008-04-13 19:33 75,776 --a------ C:\WINDOWS\system32\SET10F9.tmp
      2008-09-24 22:12 . 2008-04-13 19:33 50,176 --a------ C:\WINDOWS\system32\SET10E3.tmp
      2008-09-24 22:12 . 2008-04-13 19:33 24,576 --a------ C:\WINDOWS\system32\SET1148.tmp
      2008-09-24 22:12 . 2008-04-13 19:33 15,872 --a------ C:\WINDOWS\system32\SET10F2.tmp
      2008-09-24 22:12 . 2008-04-13 19:33 6,656 --a------ C:\WINDOWS\system32\SET10E6.tmp
      2008-09-24 22:07 . 2008-04-13 19:33 8,517,632 --a------ C:\WINDOWS\system32\SET386.tmp
      2008-09-24 22:06 . 2008-04-13 19:33 734,720 --a------ C:\WINDOWS\system32\SET24F.tmp
      2008-09-24 22:04 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\[u]0[/u]03205_.tmp
      2008-09-24 22:00 . 2004-08-04 08:00 71,040 --------- C:\WINDOWS\system32\drivers\_003512_.tmp.dll
      2008-09-24 20:49 . 2004-08-04 08:00 71,040 --------- C:\WINDOWS\system32\drivers\_003502_.tmp.dll
      2008-09-24 19:25 . 2004-08-04 08:00 71,040 --------- C:\WINDOWS\system32\drivers\_003492_.tmp.dll
      2008-09-24 18:14 . 2008-09-29 18:22 <REP> d-------- C:\WINDOWS\system32\fr
      2008-09-24 18:14 . 2008-09-29 18:22 <REP> d-------- C:\WINDOWS\l2schemas
      2008-09-24 18:04 . 2004-08-04 08:00 71,040 --------- C:\WINDOWS\system32\drivers\_003482_.tmp.dll
      2008-09-22 23:47 . 2008-04-14 04:33 8,517,632 --a------ C:\WINDOWS\system32\SET47B.tmp
      2008-09-22 23:46 . 2008-04-14 04:33 2,843,136 --a------ C:\WINDOWS\system32\SET62C.tmp
      2008-09-22 23:45 . 2008-04-14 04:33 1,267,200 --a------ C:\WINDOWS\system32\SET76D.tmp
      2008-09-22 20:49 . 2008-09-29 19:12 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-10-07 15:58 --------- d-----w C:\Program Files\ltmoh
      2008-10-07 15:58 --------- d-----w C:\Program Files\Logitech
      2008-10-07 15:55 --------- d-----w C:\Program Files\Softwin
      2008-10-07 15:55 --------- d-----w C:\Program Files\BitTorrent
      2008-10-07 15:54 --------- d-----w C:\Program Files\Fichiers communs\Softwin
      2008-10-06 20:13 90,112 ----a-w C:\WINDOWS\DUMP3b24.tmp
      2008-10-06 19:07 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\Shareaza
      2008-10-05 15:01 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\Lavasoft
      2008-09-07 21:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-09-07 21:19 --------- d-----w C:\Program Files\InterVideo
      2008-08-15 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
      2008-08-15 13:49 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\ScanSoft
      2008-08-15 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
      2008-08-15 13:48 --------- d-----w C:\Program Files\ScanSoft
      2008-08-15 13:48 --------- d-----w C:\Program Files\Fichiers communs\Scansoft Shared
      2008-08-15 13:48 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
      2008-08-15 13:42 --------- d-----w C:\Program Files\Olivetti
      2008-07-30 20:05 71,848 ----a-w C:\WINDOWS\UnInstall.exe
      2007-11-20 15:34 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
      1999-06-30 13:06 151,552 ----a-w C:\WINDOWS\inf\AGFA\message.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
      "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 4841472]
      "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
      "DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
      "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 36864]
      "SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-25 282624]
      "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2008-01-22 94208]
      "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2008-01-22 107248]
      "Orange_McciTrayApp"="C:\Program Files\Orange\LiveAssistant.exe" [2007-12-21 1476608]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]
      "OlStatusMon"="C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-06-28 106496]
      "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
      "OpwareSE3"="C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe" [2005-05-23 57344]
      "OPSE3 Reminder"="C:\Program Files\ScanSoft\OmniPageSE3.0\EregFre\Ereg.exe" [2004-10-27 729088]
      "LTWinModem1"="ltmsg.exe" [2001-04-03 C:\WINDOWS\system32\ltmsg.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.ACDV"= ACDV.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
      R2 McciCMService;McciCMService;C:\Program Files\Fichiers communs\Motive\McciCMService.exe [2007-10-23 303104]
      R2 olMntrService;olMntrService;C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe [2006-06-28 86016]
      R3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
      R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
      S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 55936]
      S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 55936]
      S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS [2008-03-09 21248]
      S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS [ ]
      S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS [2008-03-09 20096]
      S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS [ ]
      S3 optousb;OPTO ELECTRONICS optousb;C:\WINDOWS\system32\DRIVERS\optousb.sys [2006-10-18 18560]
      S3 optovcm;OPTO ELECTRONICS optovcm;C:\WINDOWS\system32\DRIVERS\optovcm.sys [2006-10-19 25344]
      S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 52384]
      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 6064]
      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 84512]
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
      HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
      HKLM-Run-EoEngine - (no file)
      Notify-dimsntfy - (no file)


      .
      ------- Examen supplémentaire -------
      .
      R0 -: HKCU-Main,Start Page = hxxp://www.lo.st
      R0 -: HKLM-Main,Search Bar = hxxp://go.compaq.com/1Q00CDT/040C/bl8.asp
      R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
      O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

      O16 -: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
      C:\WINDOWS\Downloaded Program Files\start.INF

      O16 -: {3A226D85-574D-4272-B73C-DBCAECF709B3} - hxxp://www.consoclicker.com/TNSClickrb.CAB
      C:\WINDOWS\Downloaded Program Files\TNSClickrb.INF
      C:\WINDOWS\system32\Csp2a.dll
      C:\WINDOWS\system32\MSVBVM60.DLL
      C:\WINDOWS\system32\oleaut32.dll
      C:\WINDOWS\system32\olepro32.dll
      C:\WINDOWS\system32\asycfilt.dll
      C:\WINDOWS\system32\stdole2.tlb
      C:\WINDOWS\system32\comcat.dll
      C:\WINDOWS\Downloaded Program Files\TNSClickrb.dll

      O16 -: {6DB731A3-B074-4118-8B1C-32511C65D836} - hxxp://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
      C:\WINDOWS\Downloaded Program Files\fpu.inf
      C:\WINDOWS\System32\OLEAUT32.DLL
      C:\WINDOWS\System32\OLEPRO32.DLL
      C:\WINDOWS\System32\ASYCFILT.DLL
      C:\WINDOWS\System32\STDOLE2.TLB
      C:\WINDOWS\System32\COMCAT.DLL
      C:\WINDOWS\System32\ccrpftv6.ocx
      C:\WINDOWS\System32\XceedFtp.dll
      C:\WINDOWS\Downloaded Program Files\fpu.ocx

      O16 -: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} - hxxp://www.consoclicker.com/TNSClickra.CAB
      C:\WINDOWS\Downloaded Program Files\TNSClickra.INF
      C:\WINDOWS\system32\MSVBVM60.DLL
      C:\WINDOWS\system32\oleaut32.dll
      C:\WINDOWS\system32\olepro32.dll
      C:\WINDOWS\system32\asycfilt.dll
      C:\WINDOWS\system32\stdole2.tlb
      C:\WINDOWS\system32\comcat.dll
      C:\WINDOWS\system32\Csp2a.dll
      C:\WINDOWS\Downloaded Program Files\TNSClickra.dll

      O16 -: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} - hxxp://photos.orange.fr/resources/activex/Ephoto.cab
      C:\WINDOWS\Downloaded Program Files\Ephoto.inf
      C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\gdiplus.dll
      C:\WINDOWS\Downloaded Program Files\EphotoAxRes.dll
      C:\WINDOWS\Downloaded Program Files\EphotoAx.dll
      C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
      C:\WINDOWS\Downloaded Program Files\EphotoAxResES.dll
      C:\WINDOWS\Downloaded Program Files\EphotoAxResNL.dll
      C:\WINDOWS\Downloaded Program Files\EphotoAxResFR.dll
      C:\WINDOWS\Downloaded Program Files\EphotoAxResEN.dll
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-10-09 20:56:50
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      ------------------------ Autres processus actifs ------------------------
      .
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\OrangeHSS\Launcher\Launcher.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\OrangeHSS\Deskboard\Deskboard.exe
      C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0[/u]\AlertModule.exe
      C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\[u]0[/u]\FTCOMModule.exe
      .
      **************************************************************************
      .
      Heure de fin: 2008-10-09 21:03:08 - La machine a redémarré [Ludovic]
      ComboFix-quarantined-files.txt 2008-10-09 19:03:04

      Avant-CF: 97 768 157 184 octets libres
      Après-CF: 98,606,268,416 octets libres

      399 --- E O F --- 2008-09-29 16:55:39
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    si tu avais mis AVG 7 et que tu l'a viré vire le fichier AVG 7 en allant dans poste de travail puis

    C:\Documents and Settings\All Users\Application Data\Avg7

    ______________

    vire le fichier EOZERO:

    C:\Program Files\EoRezo

    _______________

    recolle un rapport hijakchits
    0
    1. topaye Messages postés 7 Statut Membre
       
      rapport hijakchits

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:28:03, on 10/10/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16705)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
      C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
      C:\Program Files\Orange\LiveAssistant.exe
      C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
      C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
      C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe
      C:\WINDOWS\system32\ltmsg.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\OrangeHSS\Launcher\Launcher.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      C:\Program Files\Fichiers communs\Motive\McciCMService.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
      C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
      O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
      O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
      O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
      O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
      O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
      O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [OpwareSE3] "C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe"
      O4 - HKLM\..\Run: [OPSE3 Reminder] "C:\Program Files\ScanSoft\OmniPageSE3.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE3.0\EregFre\ereg.ini"
      O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O15 - Trusted Zone: https://www.consoclicker.com/
      O15 - Trusted Zone: http://pfttbc.ft.motive.com
      O15 - Trusted Zone: http://*.orange.fr
      O15 - Trusted Zone: http://rw.search.ke.voila.fr
      O15 - Trusted Zone: http://orange.weborama.fr
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
      O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} (TNSClickerb.Clicker) - http://www.consoclicker.com/TNSClickrb.CAB
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
      O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
      O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photoservice.photos.orange.fr/migrationorange/index.cfm
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
      O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    relance hijakchits, fais do a system scan only et fix ces lignes (fix cheked)

    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
    O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
    O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} (TNSClickerb.Clicker) - http://www.consoclicker.com/TNSClickrb.CAB
    O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/

    ______________________

    lance ccleaner pour nettoyer les traces d'infections:
    https://www.malekal.com/tutoriel-ccleaner/

    _________________________

    pour etre sûr qu'il reste rien:

    colle un scan en ligne avec: un des deux suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    rq:
    pour protéger gratos ton ordi

    https://www.commentcamarche.net/telecharger/ 4 securite

    mettre un antivirus

    AVAST en français ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    AD AWAREMALWAREBYTE ANTIMALWARE
    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de Windows ou mieu COMODO ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    https://www.commentcamarche.net/telecharger/ 157 zonealarm

    -----------

    CCLEANER pour effacer les traces de surf
    0