Sujet Précédent Sujet Suivant

Virue

Résolu/Fermé
girafe25 - 11 nov. 2008 à 10:27
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 11 nov. 2008 à 14:50
Bonjour,
Je suis infecter et n'arrive pas à localiser le virus, pouvez vous m'aider SVP
Rapport HIJACKTHIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:27, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\xxx1047.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\dllhost.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~tmpd.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~tmpc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\xxx1047.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg65ctrl_windows_activex_ie.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://familybelinda.spaces.live.com/PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: jkkJyyaa - jkkJyyaa.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvcupnphost (WMPNetworkSvcupnphost) - Unknown owner - C:\WINDOWS\

18 réponses

Réponse 1 / 18
douchka66 Messages postés 1665 Date d'inscription samedi 31 mai 2008 Statut Membre Dernière intervention 12 mars 2015 46
11 nov. 2008 à 10:30
bonjour
tu fais un scan complet avec malwarebytes affiche le rapport et ensuite ccleaner ok
0
girafe25
11 nov. 2008 à 11:32
Bonjour
Je vous remercie de votre réponse voici le rapport de Malwarebyte

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 895

11:29:52 11/11/2008
mbam-log-11-11-2008 (11-29-52).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 155014
Temps écoulé: 51 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 2 / 18
girafe25
11 nov. 2008 à 11:34
Voici le rapport

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 895

11:29:52 11/11/2008
mbam-log-11-11-2008 (11-29-52).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 155014
Temps écoulé: 51 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 3 / 18
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 nov. 2008 à 11:38
Salut !!

Malwarebytes n est pas à jour... On est à la version 1.30

Fais une mise à jour de malwarebytes mais ne relance pas tout dessuite une analyse...

Fais ceci stp :

▶ Télécharger et enregistrer lopSD sur le Bureau

▶ Double-clic Lop S&D

▶ Faire l'installation

▶ Fermer toutes les applications

▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

▶ Taper F pour français , puis presser entrée

▶ Taper 1

▶ Presser Entrée

▶ Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

▶ Attendre l'apparition du rapport
▶ Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR
0
Réponse 4 / 18
girafe25
11 nov. 2008 à 11:45
Rapport :


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : Phoenix - Award BIOS v6.00PG
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081110-1] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:179 Go (Free:48 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
E:\ (Local Disk) - FAT32 - Total:37 Go (Free:13 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 11/11/2008|11:41 )

--------------------\\ Listing des dossiers dans APPLIC~1

[18/10/2005|19:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[03/01/2005|06:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[03/01/2005|05:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[03/01/2005|05:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[26/08/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/05/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe(2)
[05/05/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[05/12/2007|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[09/11/2007|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[07/05/2007|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[29/12/2007|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/05/2008|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[09/06/2007|07:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[03/01/2005|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[08/11/2008|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[03/01/2005|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[27/06/2008|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[17/04/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[17/04/2008|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[09/11/2007|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[26/06/2008|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[14/08/2007|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[29/03/2006|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[26/03/2007|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[01/04/2006|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Otto
[27/03/2006|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[03/01/2005|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[18/08/2007|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\second regs grim software
[28/06/2008|00:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
[03/01/2005|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[11/11/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[21/03/2006|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[11/06/2008|07:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[20/03/2006|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[26/07/2006|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[05/07/2007|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[05/07/2007|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[22/05/2006|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[18/10/2005|19:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[14/10/2007|17:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[03/01/2005|06:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[03/01/2005|05:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[03/01/2005|05:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[07/05/2007|14:47] C:\DOCUME~1\HP_ADM~1\APPLIC~1\acccore
[11/04/2008|08:49] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Adobe
[23/04/2007|10:42] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
[13/01/2007|20:12] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ahead
[01/10/2007|09:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Anuman Interactive
[05/12/2007|11:56] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AOL
[29/12/2007|17:48] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer
[15/06/2007|15:38] C:\DOCUME~1\HP_ADM~1\APPLIC~1\BitDownload
[14/09/2008|15:41] C:\DOCUME~1\HP_ADM~1\APPLIC~1\dvdcss
[31/03/2006|15:20] C:\DOCUME~1\HP_ADM~1\APPLIC~1\eConf
[14/08/2007|14:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Google
[31/03/2006|13:46] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Help
[09/09/2006|12:34] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Hemera
[08/04/2006|17:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Hewlett-Packard
[31/03/2006|12:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\HP
[21/03/2006|17:22] C:\DOCUME~1\HP_ADM~1\APPLIC~1\HPQ
[18/10/2005|19:24] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Identities
[18/08/2007|13:48] C:\DOCUME~1\HP_ADM~1\APPLIC~1\IE7Pro
[26/03/2006|10:33] C:\DOCUME~1\HP_ADM~1\APPLIC~1\InterVideo
[02/04/2006|11:05] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Lavasoft
[21/03/2006|18:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
[08/12/2007|13:13] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Logitech
[20/03/2006|19:13] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Macromedia
[26/06/2008|15:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Malwarebytes
[23/10/2008|17:53] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft
[29/07/2008|09:01] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Mozilla
[31/03/2006|15:00] C:\DOCUME~1\HP_ADM~1\APPLIC~1\MSNInstaller
[06/07/2007|10:12] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Musicmatch
[29/10/2006|12:20] C:\DOCUME~1\HP_ADM~1\APPLIC~1\muvee Technologies
[01/04/2006|10:53] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Otto
[11/02/2007|10:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PC Tools
[03/01/2005|05:31] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
[21/03/2006|18:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
[26/03/2006|20:45] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sun
[21/03/2006|09:47] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec
[31/03/2006|13:00] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Template
[02/06/2008|19:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TmpRecentIcons
[29/07/2008|09:01] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TomTom
[02/12/2006|20:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\vlc
[09/01/2007|12:14] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso
[20/03/2006|19:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\You've Got Pictures Screensaver

[10/02/2007|12:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[03/01/2005|04:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/06/2008|15:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

[03/01/2005|04:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[08/06/2007 06:47][--ah-----] C:\WINDOWS\tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
[11/11/2008 09:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 20:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[26/08/2008|09:59] C:\Program Files\Adobe
[09/06/2007|07:11] C:\Program Files\Ahead
[26/06/2008|16:00] C:\Program Files\Alwil Software
[01/10/2007|09:51] C:\Program Files\Anuman Interactive
[07/07/2008|11:01] C:\Program Files\a-squared Free
[15/10/2006|16:38] C:\Program Files\AviSynth 2.5
[11/11/2008|09:20] C:\Program Files\AxBx
[05/08/2007|23:46] C:\Program Files\BitDownload
[05/06/2008|16:40] C:\Program Files\BitTorrent Fastest Tool
[28/06/2008|01:00] C:\Program Files\CCleaner
[25/07/2008|10:30] C:\Program Files\DD PlayCam
[09/06/2007|07:11] C:\Program Files\DivX
[11/11/2008|09:04] C:\Program Files\eMule
[29/05/2007|19:46] C:\Program Files\EZFace
[15/10/2006|16:30] C:\Program Files\ffdshow
[25/07/2008|10:43] C:\Program Files\Fichiers communs
[04/06/2007|07:42] C:\Program Files\FrenchOtto
[04/06/2007|07:42] C:\Program Files\GemMasterFrench
[22/10/2007|08:09] C:\Program Files\Google
[22/08/2008|04:41] C:\Program Files\Hewlett-Packard
[22/08/2008|04:41] C:\Program Files\HP
[18/08/2007|13:48] C:\Program Files\IE7Pro
[28/10/2008|11:34] C:\Program Files\InstallShield Installation Information
[28/10/2008|11:26] C:\Program Files\Internet Explorer
[03/01/2005|05:33] C:\Program Files\InterVideo
[07/10/2007|09:59] C:\Program Files\Java
[27/06/2008|15:57] C:\Program Files\Lavasoft
[20/03/2006|19:21] C:\Program Files\Learn2.com
[06/04/2007|14:34] C:\Program Files\LHSP
[08/12/2007|13:10] C:\Program Files\Logitech
[25/07/2008|10:43] C:\Program Files\Look 312P
[03/01/2005|05:17] C:\Program Files\MainConcept
[26/06/2008|15:30] C:\Program Files\Malwarebytes' Anti-Malware
[30/04/2006|11:30] C:\Program Files\McAfee.com
[08/09/2008|11:12] C:\Program Files\Messenger
[08/09/2007|07:59] C:\Program Files\MGI
[26/10/2008|17:49] C:\Program Files\Micro Application
[24/09/2007|11:19] C:\Program Files\Microsoft AutoRoute
[05/07/2007|13:41] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[18/10/2005|19:27] C:\Program Files\microsoft frontpage
[21/03/2006|17:57] C:\Program Files\Microsoft Money
[21/03/2006|17:56] C:\Program Files\Microsoft Office
[04/06/2007|07:42] C:\Program Files\Microsoft Picture It! 7
[02/04/2007|09:35] C:\Program Files\Microsoft Sites publics fran‡ais
[04/06/2007|07:42] C:\Program Files\Microsoft Works
[21/03/2006|17:49] C:\Program Files\Microsoft Works Suite 2003
[08/09/2008|10:52] C:\Program Files\Movie Maker
[11/11/2008|11:38] C:\Program Files\Mozilla Firefox
[30/04/2006|10:53] C:\Program Files\MP3Gain
[08/09/2008|10:52] C:\Program Files\MSN
[08/04/2006|17:03] C:\Program Files\MSN Apps
[18/10/2005|19:27] C:\Program Files\MSN Gaming Zone
[12/09/2008|14:31] C:\Program Files\MSN Messenger
[16/08/2007|08:04] C:\Program Files\MSXML 4.0
[06/07/2007|11:22] C:\Program Files\MUSICMATCH
[03/01/2005|05:38] C:\Program Files\muvee Technologies
[28/06/2008|00:21] C:\Program Files\Navilog1
[03/01/2007|18:01] C:\Program Files\NeoDivx Suite
[13/01/2007|20:11] C:\Program Files\Nero
[09/08/2007|21:24] C:\Program Files\Nero 7.0.1.2 Premium
[08/09/2008|10:47] C:\Program Files\NetMeeting
[10/04/2008|10:58] C:\Program Files\Orange
[08/09/2008|10:47] C:\Program Files\Outlook Express
[04/06/2007|07:42] C:\Program Files\PC-Doctor 5 for Windows
[20/01/2007|11:12] C:\Program Files\PhotoFiltre
[03/06/2007|10:18] C:\Program Files\Player Tool
[19/11/2006|10:30] C:\Program Files\QuickZip4
[03/01/2005|05:30] C:\Program Files\Real
[10/04/2008|10:45] C:\Program Files\SAGEM
[10/04/2008|10:40] C:\Program Files\Securitoo
[03/01/2005|05:48] C:\Program Files\Services en ligne
[09/06/2007|07:15] C:\Program Files\Sonic
[10/06/2008|07:57] C:\Program Files\Spybot - Search & Destroy
[11/06/2008|02:15] C:\Program Files\Spyware Doctor
[13/06/2007|09:03] C:\Program Files\TomTom DesktopSuite
[29/07/2008|09:01] C:\Program Files\TomTom HOME
[29/07/2008|09:01] C:\Program Files\TomTom HOME 2
[26/06/2008|15:09] C:\Program Files\Trend Micro
[02/12/2006|20:04] C:\Program Files\VideoLAN
[20/03/2006|19:21] C:\Program Files\Viewpoint
[29/12/2006|16:06] C:\Program Files\WinASPI
[28/06/2008|00:39] C:\Program Files\Windows Live
[04/06/2007|07:42] C:\Program Files\Windows Media Connect 2
[26/05/2008|17:39] C:\Program Files\Windows Media Player
[08/09/2008|10:47] C:\Program Files\Windows NT
[18/10/2005|19:28] C:\Program Files\Windows Plus
[06/01/2007|12:23] C:\Program Files\WMV9_VCM
[18/10/2005|19:28] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[26/08/2008|09:57] C:\Program Files\Fichiers communs\Adobe
[13/01/2007|20:13] C:\Program Files\Fichiers communs\Ahead
[05/12/2007|12:00] C:\Program Files\Fichiers communs\AOL
[20/03/2006|19:22] C:\Program Files\Fichiers communs\aolback
[21/03/2006|17:53] C:\Program Files\Fichiers communs\Designer
[10/04/2008|10:54] C:\Program Files\Fichiers communs\France Telecom
[03/01/2005|05:21] C:\Program Files\Fichiers communs\Hewlett-Packard
[03/01/2005|05:22] C:\Program Files\Fichiers communs\HP
[09/06/2007|07:22] C:\Program Files\Fichiers communs\InstallShield
[03/01/2005|05:34] C:\Program Files\Fichiers communs\InterVideo
[03/01/2005|05:07] C:\Program Files\Fichiers communs\Java
[15/05/2008|17:18] C:\Program Files\Fichiers communs\Logishrd
[17/04/2008|19:44] C:\Program Files\Fichiers communs\Logitech
[25/07/2008|10:43] C:\Program Files\Fichiers communs\Look312P
[08/09/2007|07:59] C:\Program Files\Fichiers communs\MGI Shared
[22/10/2008|16:38] C:\Program Files\Fichiers communs\Micro Application Shared
[29/12/2007|15:32] C:\Program Files\Fichiers communs\Microsoft Shared
[18/10/2005|19:26] C:\Program Files\Fichiers communs\MSSoap
[03/01/2005|05:38] C:\Program Files\Fichiers communs\muvee Technologies
[20/03/2006|19:21] C:\Program Files\Fichiers communs\Nullsoft
[16/07/2007|08:25] C:\Program Files\Fichiers communs\ODBC
[18/04/2008|11:34] C:\Program Files\Fichiers communs\Real
[21/03/2006|20:04] C:\Program Files\Fichiers communs\Scanner
[01/02/2005|09:23] C:\Program Files\Fichiers communs\Services
[09/06/2007|07:23] C:\Program Files\Fichiers communs\Sonic Shared
[18/10/2005|19:26] C:\Program Files\Fichiers communs\SpeechEngines
[08/09/2008|10:47] C:\Program Files\Fichiers communs\System
[18/04/2008|11:35] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 68 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\second regs grim software
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Bitdownload
C:\DOCUME~1\HP_ADM~1\APPLIC~1\BitDownload
C:\DOCUME~1\HP_ADM~1\APPLIC~1\BitDownload\Data
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload\BitDownload.lnk
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload\Uninstall BitDownload.lnk
C:\Program Files\BitDownload
C:\Program Files\BitDownload\BitDownload.TRC
C:\Program Files\BitDownload\BitDownload_1.TRC
C:\Program Files\BitDownload\settings.ini
C:\Program Files\BitDownload\settings.stp
C:\Program Files\BitDownload\SkinCrafterDll.dll
C:\Program Files\BitDownload\Skins
C:\Program Files\BitDownload\Support
C:\Program Files\BitDownload\unins000.dat
C:\Program Files\BitDownload\unins000.exe
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\setup dead that]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\HP_ADM~1\\APPLIC~1\\SECTDE~1\\upload bat deaf.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 8706 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 11:42:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\VFOVuCdd.ini
C:\WINDOWS\system32\VFOVuCdd.ini2
[b]==> VUNDO <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF
C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\Crack.exe
C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\FFF.NFO


[F:23][D:3]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
[F:8][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies
[F:89][D:6]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 11/11/2008|11:43 - Option : [1]

--------------------\\ Fin du rapport a 11:43:53
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 nov. 2008 à 11:50
Ok maintenant :

▶ Relance Lop S&D

▶ Choisis cette fois-ci l'option 2 (Suppression)

▶ Ne ferme pas la fenêtre lors de la suppression !

▶ Poste le rapport généré (C:\lopR.txt)

* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)


ensuite supprimes ces cracks qui sont dans tes documents (supprime le dossier Crack) :

C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF
C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\Crack.exe
C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\FFF.NFO


Ensuite refais une analyse complète avec malwarebytes après avoir fait la mise à jour stp
0
Réponse 6 / 18
girafe25
11 nov. 2008 à 11:58
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : Phoenix - Award BIOS v6.00PG
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081110-1] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:179 Go (Free:48 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
E:\ (Local Disk) - FAT32 - Total:37 Go (Free:13 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 11/11/2008|11:54 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\BitDownload\Data
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload\BitDownload.lnk
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload\Uninstall BitDownload.lnk
Supprime! - C:\Program Files\BitDownload\BitDownload.TRC
Supprime! - C:\Program Files\BitDownload\BitDownload_1.TRC
Supprime! - C:\Program Files\BitDownload\settings.ini
Supprime! - C:\Program Files\BitDownload\settings.stp
Supprime! - C:\Program Files\BitDownload\SkinCrafterDll.dll
Supprime! - C:\Program Files\BitDownload\Skins
Supprime! - C:\Program Files\BitDownload\Support
Supprime! - C:\Program Files\BitDownload\unins000.dat
Supprime! - C:\Program Files\BitDownload\unins000.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\second regs grim software
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software rule flag owns
Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\Bitdownload
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\BitDownload
Supprime! - C:\Program Files\BitDownload
Supprime! - C:\Program Files\BitTorrent Fastest Tool
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[18/10/2005|19:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[03/01/2005|06:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[03/01/2005|05:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[03/01/2005|05:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[26/08/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/05/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe(2)
[05/05/2006|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[05/12/2007|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[09/11/2007|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[07/05/2007|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[29/12/2007|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/05/2008|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[09/06/2007|07:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[03/01/2005|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[08/11/2008|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[03/01/2005|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[27/06/2008|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[17/04/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[17/04/2008|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[09/11/2007|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[26/06/2008|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[14/08/2007|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[29/03/2006|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[26/03/2007|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[01/04/2006|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Otto
[27/03/2006|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[03/01/2005|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[03/01/2005|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[11/11/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[21/03/2006|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[11/06/2008|07:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[26/07/2006|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[05/07/2007|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[05/07/2007|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[22/05/2006|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[18/10/2005|19:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[14/10/2007|17:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[03/01/2005|06:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[03/01/2005|05:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[03/01/2005|05:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[07/05/2007|14:47] C:\DOCUME~1\HP_ADM~1\APPLIC~1\acccore
[11/04/2008|08:49] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Adobe
[23/04/2007|10:42] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
[13/01/2007|20:12] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ahead
[01/10/2007|09:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Anuman Interactive
[05/12/2007|11:56] C:\DOCUME~1\HP_ADM~1\APPLIC~1\AOL
[29/12/2007|17:48] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Apple Computer
[14/09/2008|15:41] C:\DOCUME~1\HP_ADM~1\APPLIC~1\dvdcss
[31/03/2006|15:20] C:\DOCUME~1\HP_ADM~1\APPLIC~1\eConf
[14/08/2007|14:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Google
[31/03/2006|13:46] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Help
[09/09/2006|12:34] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Hemera
[08/04/2006|17:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Hewlett-Packard
[31/03/2006|12:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\HP
[21/03/2006|17:22] C:\DOCUME~1\HP_ADM~1\APPLIC~1\HPQ
[18/10/2005|19:24] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Identities
[18/08/2007|13:48] C:\DOCUME~1\HP_ADM~1\APPLIC~1\IE7Pro
[26/03/2006|10:33] C:\DOCUME~1\HP_ADM~1\APPLIC~1\InterVideo
[02/04/2006|11:05] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Lavasoft
[21/03/2006|18:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
[08/12/2007|13:13] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Logitech
[20/03/2006|19:13] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Macromedia
[26/06/2008|15:30] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Malwarebytes
[23/10/2008|17:53] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Microsoft
[29/07/2008|09:01] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Mozilla
[31/03/2006|15:00] C:\DOCUME~1\HP_ADM~1\APPLIC~1\MSNInstaller
[06/07/2007|10:12] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Musicmatch
[29/10/2006|12:20] C:\DOCUME~1\HP_ADM~1\APPLIC~1\muvee Technologies
[01/04/2006|10:53] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Otto
[11/02/2007|10:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PC Tools
[03/01/2005|05:31] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
[21/03/2006|18:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
[26/03/2006|20:45] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sun
[21/03/2006|09:47] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec
[31/03/2006|13:00] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Template
[02/06/2008|19:55] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TmpRecentIcons
[29/07/2008|09:01] C:\DOCUME~1\HP_ADM~1\APPLIC~1\TomTom
[02/12/2006|20:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\vlc
[09/01/2007|12:14] C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso
[20/03/2006|19:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\You've Got Pictures Screensaver

[10/02/2007|12:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[03/01/2005|04:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/06/2008|15:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

[03/01/2005|04:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[08/06/2007 06:47][--ah-----] C:\WINDOWS\tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
[11/11/2008 09:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 20:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[26/08/2008|09:59] C:\Program Files\Adobe
[09/06/2007|07:11] C:\Program Files\Ahead
[26/06/2008|16:00] C:\Program Files\Alwil Software
[01/10/2007|09:51] C:\Program Files\Anuman Interactive
[07/07/2008|11:01] C:\Program Files\a-squared Free
[15/10/2006|16:38] C:\Program Files\AviSynth 2.5
[11/11/2008|09:20] C:\Program Files\AxBx
[28/06/2008|01:00] C:\Program Files\CCleaner
[25/07/2008|10:30] C:\Program Files\DD PlayCam
[09/06/2007|07:11] C:\Program Files\DivX
[11/11/2008|09:04] C:\Program Files\eMule
[29/05/2007|19:46] C:\Program Files\EZFace
[15/10/2006|16:30] C:\Program Files\ffdshow
[25/07/2008|10:43] C:\Program Files\Fichiers communs
[04/06/2007|07:42] C:\Program Files\FrenchOtto
[04/06/2007|07:42] C:\Program Files\GemMasterFrench
[22/10/2007|08:09] C:\Program Files\Google
[22/08/2008|04:41] C:\Program Files\Hewlett-Packard
[22/08/2008|04:41] C:\Program Files\HP
[18/08/2007|13:48] C:\Program Files\IE7Pro
[28/10/2008|11:34] C:\Program Files\InstallShield Installation Information
[28/10/2008|11:26] C:\Program Files\Internet Explorer
[03/01/2005|05:33] C:\Program Files\InterVideo
[07/10/2007|09:59] C:\Program Files\Java
[27/06/2008|15:57] C:\Program Files\Lavasoft
[20/03/2006|19:21] C:\Program Files\Learn2.com
[06/04/2007|14:34] C:\Program Files\LHSP
[08/12/2007|13:10] C:\Program Files\Logitech
[25/07/2008|10:43] C:\Program Files\Look 312P
[03/01/2005|05:17] C:\Program Files\MainConcept
[26/06/2008|15:30] C:\Program Files\Malwarebytes' Anti-Malware
[30/04/2006|11:30] C:\Program Files\McAfee.com
[08/09/2008|11:12] C:\Program Files\Messenger
[08/09/2007|07:59] C:\Program Files\MGI
[26/10/2008|17:49] C:\Program Files\Micro Application
[24/09/2007|11:19] C:\Program Files\Microsoft AutoRoute
[05/07/2007|13:41] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[18/10/2005|19:27] C:\Program Files\microsoft frontpage
[21/03/2006|17:57] C:\Program Files\Microsoft Money
[21/03/2006|17:56] C:\Program Files\Microsoft Office
[04/06/2007|07:42] C:\Program Files\Microsoft Picture It! 7
[02/04/2007|09:35] C:\Program Files\Microsoft Sites publics fran‡ais
[04/06/2007|07:42] C:\Program Files\Microsoft Works
[21/03/2006|17:49] C:\Program Files\Microsoft Works Suite 2003
[08/09/2008|10:52] C:\Program Files\Movie Maker
[11/11/2008|11:44] C:\Program Files\Mozilla Firefox
[30/04/2006|10:53] C:\Program Files\MP3Gain
[08/09/2008|10:52] C:\Program Files\MSN
[08/04/2006|17:03] C:\Program Files\MSN Apps
[18/10/2005|19:27] C:\Program Files\MSN Gaming Zone
[12/09/2008|14:31] C:\Program Files\MSN Messenger
[16/08/2007|08:04] C:\Program Files\MSXML 4.0
[06/07/2007|11:22] C:\Program Files\MUSICMATCH
[03/01/2005|05:38] C:\Program Files\muvee Technologies
[28/06/2008|00:21] C:\Program Files\Navilog1
[03/01/2007|18:01] C:\Program Files\NeoDivx Suite
[13/01/2007|20:11] C:\Program Files\Nero
[09/08/2007|21:24] C:\Program Files\Nero 7.0.1.2 Premium
[08/09/2008|10:47] C:\Program Files\NetMeeting
[10/04/2008|10:58] C:\Program Files\Orange
[08/09/2008|10:47] C:\Program Files\Outlook Express
[04/06/2007|07:42] C:\Program Files\PC-Doctor 5 for Windows
[20/01/2007|11:12] C:\Program Files\PhotoFiltre
[03/06/2007|10:18] C:\Program Files\Player Tool
[19/11/2006|10:30] C:\Program Files\QuickZip4
[03/01/2005|05:30] C:\Program Files\Real
[10/04/2008|10:45] C:\Program Files\SAGEM
[10/04/2008|10:40] C:\Program Files\Securitoo
[03/01/2005|05:48] C:\Program Files\Services en ligne
[09/06/2007|07:15] C:\Program Files\Sonic
[10/06/2008|07:57] C:\Program Files\Spybot - Search & Destroy
[11/06/2008|02:15] C:\Program Files\Spyware Doctor
[13/06/2007|09:03] C:\Program Files\TomTom DesktopSuite
[29/07/2008|09:01] C:\Program Files\TomTom HOME
[29/07/2008|09:01] C:\Program Files\TomTom HOME 2
[26/06/2008|15:09] C:\Program Files\Trend Micro
[02/12/2006|20:04] C:\Program Files\VideoLAN
[29/12/2006|16:06] C:\Program Files\WinASPI
[28/06/2008|00:39] C:\Program Files\Windows Live
[04/06/2007|07:42] C:\Program Files\Windows Media Connect 2
[26/05/2008|17:39] C:\Program Files\Windows Media Player
[08/09/2008|10:47] C:\Program Files\Windows NT
[18/10/2005|19:28] C:\Program Files\Windows Plus
[06/01/2007|12:23] C:\Program Files\WMV9_VCM
[18/10/2005|19:28] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[26/08/2008|09:57] C:\Program Files\Fichiers communs\Adobe
[13/01/2007|20:13] C:\Program Files\Fichiers communs\Ahead
[05/12/2007|12:00] C:\Program Files\Fichiers communs\AOL
[20/03/2006|19:22] C:\Program Files\Fichiers communs\aolback
[21/03/2006|17:53] C:\Program Files\Fichiers communs\Designer
[10/04/2008|10:54] C:\Program Files\Fichiers communs\France Telecom
[03/01/2005|05:21] C:\Program Files\Fichiers communs\Hewlett-Packard
[03/01/2005|05:22] C:\Program Files\Fichiers communs\HP
[09/06/2007|07:22] C:\Program Files\Fichiers communs\InstallShield
[03/01/2005|05:34] C:\Program Files\Fichiers communs\InterVideo
[03/01/2005|05:07] C:\Program Files\Fichiers communs\Java
[15/05/2008|17:18] C:\Program Files\Fichiers communs\Logishrd
[17/04/2008|19:44] C:\Program Files\Fichiers communs\Logitech
[25/07/2008|10:43] C:\Program Files\Fichiers communs\Look312P
[08/09/2007|07:59] C:\Program Files\Fichiers communs\MGI Shared
[22/10/2008|16:38] C:\Program Files\Fichiers communs\Micro Application Shared
[29/12/2007|15:32] C:\Program Files\Fichiers communs\Microsoft Shared
[18/10/2005|19:26] C:\Program Files\Fichiers communs\MSSoap
[03/01/2005|05:38] C:\Program Files\Fichiers communs\muvee Technologies
[20/03/2006|19:21] C:\Program Files\Fichiers communs\Nullsoft
[16/07/2007|08:25] C:\Program Files\Fichiers communs\ODBC
[18/04/2008|11:34] C:\Program Files\Fichiers communs\Real
[21/03/2006|20:04] C:\Program Files\Fichiers communs\Scanner
[01/02/2005|09:23] C:\Program Files\Fichiers communs\Services
[09/06/2007|07:23] C:\Program Files\Fichiers communs\Sonic Shared
[18/10/2005|19:26] C:\Program Files\Fichiers communs\SpeechEngines
[08/09/2008|10:47] C:\Program Files\Fichiers communs\System
[18/04/2008|11:35] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 65 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 11:55:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\VFOVuCdd.ini
C:\WINDOWS\system32\VFOVuCdd.ini2
[b]==> VUNDO <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF
C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\Crack.exe
C:\DOCUME~1\HP_ADM~1\Mes documents\Crack-FFF\FFF.NFO


[F:24][D:3]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
[F:8][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies
[F:89][D:6]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 11/11/2008|11:43 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 11/11/2008|11:57 - Option : [2]

--------------------\\ Fin du rapport a 11:57:06
0
Réponse 7 / 18
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 nov. 2008 à 12:00
Ok maintenant fais la suite stp
0
Réponse 8 / 18
girafe25
11 nov. 2008 à 13:11
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 3

11/11/2008 13:10:06
mbam-log-2008-11-11 (13-09-57).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 166254
Temps écoulé: 58 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~tmpb.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~tmpe.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\xxx1047.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> No action taken.
0
Réponse 9 / 18
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 nov. 2008 à 13:13
ok... Vas vider la quarantaine de malwarebytes et refais un nouveau rapport hijackthis stp
0
Réponse 10 / 18
girafe25
11 nov. 2008 à 13:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:19, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg65ctrl_windows_activex_ie.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://familybelinda.spaces.live.com/PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: jkkJyyaa - jkkJyyaa.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvcupnphost (WMPNetworkSvcupnphost) - Unknown owner - C:\WINDOWS\
0
Réponse 11 / 18
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 nov. 2008 à 13:30
ok maintenant fais ceci stp :

▶ Télécharge Combofix de sUBs


▶ et enregistre le sur le Bureau.


▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


ensuite envois le rapport et refais un nouveau rapport hijackthis stp
0
Réponse 12 / 18
girafe25
11 nov. 2008 à 13:55
ComboFix 08-11-10.01 - HP_Administrateur 2008-11-11 13:36:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.65 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache
c:\windows\system32\hqwxttdf.ini
c:\windows\system32\VFOVuCdd.ini
c:\windows\system32\VFOVuCdd.ini2
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-11 au 2008-11-11 ))))))))))))))))))))))))))))))))))))
.

2008-11-11 12:01 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-11 11:40 . 2008-11-11 11:57 <REP> d-------- C:\Lop SD
2008-11-09 21:29 . 2008-11-09 21:29 102,172 --a------ c:\windows\system32\cont_offersfortoday-remove.exe
2008-11-09 21:29 . 2008-11-09 21:29 79,085 --a------ c:\windows\system32\ccevtqhampspex.exe
2008-11-08 15:51 . 2008-11-08 15:51 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-10-26 17:49 . 1995-09-20 16:13 977,680 --a------ c:\windows\system32\msjt3032.dll
2008-10-26 17:49 . 1995-09-24 11:02 243,472 --a------ c:\windows\system32\vbar2232.dll
2008-10-26 17:49 . 1995-09-20 16:16 35,088 --a------ c:\windows\system32\msjint32.dll
2008-10-26 17:49 . 1995-09-20 16:16 23,824 --a------ c:\windows\system32\msjter32.dll
2008-10-24 12:03 . 2008-10-24 12:03 1,044,480 -ra------ c:\windows\system32\roboex32.dll
2008-10-24 12:03 . 2008-10-24 12:03 49,152 -ra------ c:\windows\system32\inetwh32.dll
2008-10-24 05:55 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 16:27 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 16:27 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-15 16:26 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 12:46 --------- d-----w c:\program files\eMule
2008-11-11 11:04 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-11 08:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-11 08:20 --------- d-----w c:\program files\AxBx
2008-11-07 09:07 38,386 ----a-w c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
2008-11-05 12:59 143,376 ----a-w c:\documents and settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2008-10-28 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-26 16:49 --------- d-----w c:\program files\Micro Application
2008-10-26 15:36 40,960 ----a-w C:\HTGD0003.exe
2008-10-22 15:38 --------- d-----w c:\program files\Fichiers communs\Micro Application Shared
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-09-14 14:41 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\dvdcss
2008-09-12 13:31 --------- d-----w c:\program files\MSN Messenger
2007-02-10 00:00 0 ----a-w c:\documents and settings\HP_Administrateur\svc012.exe
2007-01-09 11:14 81,920 ----a-w c:\documents and settings\HP_Administrateur\Application Data\ezpinst.exe
2007-01-09 11:14 47,360 ----a-w c:\documents and settings\HP_Administrateur\Application Data\pcouffin.sys
2006-03-29 11:49 251 -c--a-w c:\program files\wt3d.ini
2007-04-02 15:52 22 --sha-w c:\windows\SMINST\HPCD.sys
2004-08-10 12:00 253,952 --sha-w c:\windows\system32\msvcrt20.dll
2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2006-09-14 4964352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2005-11-04 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-03 27136]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-03 27136]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-17 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wgO43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpx64.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\eMule\\eMule0.45b\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-10-03 2799488]
R3 usbstor;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S0 wgO43;wgO43;c:\windows\system32\Drivers\wgO43.sys [ ]
S0 Winpx64;Winpx64;c:\windows\system32\Drivers\Winpx64.sys [ ]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\DRIVERS\MosIrUsb.sys [2004-04-14 20736]
S3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cf334f9-4389-11dd-a706-0013d3da2140}]
\Shell\AutoRun\command - K:\i.exe
\Shell\explore\Command - K:\i.exe
\Shell\open\Command - K:\i.exe
.
Contenu du dossier 'Tâches planifiées'

2007-06-08 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-jkkJyyaa - jkkJyyaa.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\b93b0srv.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 13:44:30
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvcupnphost]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\explorer.exe
-> c:\windows\system32\nview.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\snmp.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Orange\Launcher\Launcher.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Orange\Connectivity\ConnectivityManager.exe
c:\program files\Orange\Connectivity\corecom\CoreCom.exe
c:\windows\system32\wscntfy.exe
c:\program files\Orange\Connectivity\corecom\OraConfigRecover.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\[u]0/u\FTCOMModule.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-11-11 13:52:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-11 12:52:34

Avant-CF: 52 199 526 400 octets libres
Après-CF: 52,097,978,368 octets libres

202 --- E O F --- 2008-10-24 04:58:10
0
Réponse 13 / 18
girafe25
11 nov. 2008 à 13:58
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:29, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg65ctrl_windows_activex_ie.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://familybelinda.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvcupnphost (WMPNetworkSvcupnphost) - Unknown owner - C:\WINDOWS\
0
Réponse 14 / 18
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 nov. 2008 à 14:03
relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

puis tu cliques sur fix checked.

ensuite vas faire la mise à jour de java à cette adresse stp : https://www.java.com/fr/download/manual.jsp

et ensuite désinstalle la version antérieure.

est ce que tu as encore des problèmes ??
0
Réponse 15 / 18
girafe25
11 nov. 2008 à 14:28
Je pense que c'est résolu, mais n'étant pas une experte je ne peut confirmer.
Je n'ai pas revue de message signalant un problème de sécurité, alors je pense que cela est bon signe!!!
Je remercie toute les personne qui ont accordés de leur temps pour m'aider, vous faites un travail formidable, merci beaucoup!!

cordialement
0
Réponse 16 / 18
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 nov. 2008 à 14:29
Mais de rien, je t ai aidé avec plaisir ;-)

tu peux faire ceci pour terminer stp :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

▶ Télécharge Toolscleaner sur ton Bureau


▶ Double-clique sur ToolsCleaner2.exe et laisse le travailler
▶ Clique sur Recherche et laisse le scan se terminer.
▶ Clique sur Suppression pour finaliser.
▶ Tu peux, si tu le souhaites, te servir des Options facultatives.
▶ Clique sur Quitter, pour que le rapport puisse se créer.
▶ Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse




Désactive et réactive la Restauration du système :


Le fait de faire cette manipulation va supprimer tous les virus qui auraient pu se loger dans les
points de restauration que tu avais créé auparavant.. Il est donc recommandé de la faire :


1 Dans la barre des tâches de Windows, clique sur Démarrer.

2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.

5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration en cliquant sur démarrer => tous les programmes => accessoires =>

outils systeme => restauration du systeme => créer un point de restauration => tu mets un nom

(exemple : après désinfection sur CCM) puis tu valides.

pour XP : Voici un tutoriel en cas de problèmes.
0
Réponse 17 / 18
girafe25
11 nov. 2008 à 14:48
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\HP_Administrateur\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\HP_Administrateur\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !
Sauvegarde du registre crée !
0
Réponse 18 / 18
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
11 nov. 2008 à 14:50
Tu peux supprimer combofix qui est sur ton bureau..

Et fais bien la suite car c est tres important..

Bonne journée @+
0