Sujet Précédent Sujet Suivant

L'invasion des pubs

Fermé
karimosouli Messages postés 37 Date d'inscription dimanche 23 novembre 2008 Statut Membre Dernière intervention 12 décembre 2008 - 23 nov. 2008 à 12:35
 Utilisateur anonyme - 12 déc. 2008 à 21:31
Bonjour,
voila mon problème, depuis un certain moment quand je surf sur mozilla il y a des pubs qui n'arrete pas de venir, et ce n'est pas tout, malgré que je suis sur mozilla il y a aussi des pubs qui viennent d'internet explorer. Voila un rapport qu'a fait HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:05, on 23/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Prayer\Prayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2fc742d1-59f8-4524-aa4f-cd9c51d98747} - C:\WINDOWS\system32\zeyepome.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: islamuslim Toolbar - {fcd5ee58-54d8-4d33-aa8d-54ae85597966} - C:\Program Files\islamuslim\tbisl0.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: islamuslim Toolbar - {fcd5ee58-54d8-4d33-aa8d-54ae85597966} - C:\Program Files\islamuslim\tbisl0.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [AXIS TONS THE MP3] C:\Documents and Settings\All Users\Application Data\Readme Live Axis Tons\Amok team.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [fuyamawewu] Rundll32.exe "C:\WINDOWS\system32\meburaro.dll",s
O4 - HKLM\..\Run: [ecd85eae] rundll32.exe "C:\WINDOWS\system32\misiruvu.dll",b
O4 - HKLM\..\Run: [CPMefeb6d32] Rundll32.exe "c:\windows\system32\tuhuduta.dll",a
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [zweitgeist Assistant] "C:\Program Files\weblin\weblinAssistant.exe"
O4 - HKCU\..\Run: [Heartbags] C:\DOCUME~1\Djouher\APPLIC~1\ITCHSE~1\DASH BLEH.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [fuyamawewu] Rundll32.exe "C:\WINDOWS\system32\meburaro.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bilal.lnk = C:\Program Files\Prayer\Prayer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\WINDOWS\system32\wehojavi.dll c:\windows\system32\jojayuza.dll c:\windows\system32\tuhuduta.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tuhuduta.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tuhuduta.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
A voir également:

71 réponses

Précédent
Réponse 41 / 71
Utilisateur anonyme
26 nov. 2008 à 12:31
Bon, désactive et réactive la restauration du système : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

Refait un hijack ensuite !
0
Réponse 42 / 71
karimosouli Messages postés 37 Date d'inscription dimanche 23 novembre 2008 Statut Membre Dernière intervention 12 décembre 2008
26 nov. 2008 à 12:59
voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:52, on 26/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Prayer\Prayer.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: islamuslim Toolbar - {fcd5ee58-54d8-4d33-aa8d-54ae85597966} - C:\Program Files\islamuslim\tbisl0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: islamuslim Toolbar - {fcd5ee58-54d8-4d33-aa8d-54ae85597966} - C:\Program Files\islamuslim\tbisl0.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Heartbags] C:\DOCUME~1\Djouher\APPLIC~1\ITCHSE~1\DASH BLEH.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bilal.lnk = C:\Program Files\Prayer\Prayer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 43 / 71
Utilisateur anonyme
26 nov. 2008 à 13:04
Pour vérifier,
* Télécharger Lopxp : (by Moe) : http://sosvirus.changelog.fr/Green_day/Lopxpsetup
* Double-cliquer sur Lopxpsetup.exe pour lancer l'installation
* Au menu, choisir l'option 1
* Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
* Le contenu du rapport est situé dans : C:\Programfiles\Lopxp\cid.txt

Poste le rapport
0
Réponse 44 / 71
karimosouli Messages postés 37 Date d'inscription dimanche 23 novembre 2008 Statut Membre Dernière intervention 12 décembre 2008
26 nov. 2008 à 13:51
voila voila:

# Rapport Lopxp fait le 26/11/2008 à 13:48:06
# Exécuté dans : C:\Program Files\Lopxp
# Version 3.10 - Maj du 11/04/2008

Killing 'iexplore.exe'
"C:\Program Files\Internet Explorer\iexplore.exe" (3868)

========== Listing des dossiers Application Data

+- C:\Documents and Settings\All Users\Application Data

2008-05-18 à 19:02:42 - Adobe
2007-08-30 à 19:44:41 - AOL
2007-12-29 à 12:57:34 - Apple
2008-01-15 à 19:19:21 - Apple Computer
2008-04-08 à 07:26:32 - AVS4YOU
2008-04-29 à 18:15:06 - BVRP Software
2007-08-31 à 09:17:39 - CyberLink
2008-06-20 à 11:55:17 - Downloaded Installations
2008-11-01 à 18:22:06 - EPSON
2008-03-22 à 17:02:07 - ESET
2008-11-21 à 16:47:40 - Google
2008-11-21 à 08:54:48 - Lavasoft
2008-11-25 à 18:59:58 - Malwarebytes
2008-10-16 à 12:41:47 - Microsoft
2007-09-08 à 19:04:18 - QuickTime
2008-11-19 à 14:59:13 - Readme Live Axis Tons
2004-08-16 à 16:28:48 - SBSI
2008-10-27 à 18:38:55 - Skype
2008-06-14 à 18:01:17 - Spybot - Search & Destroy
2008-11-23 à 16:57:52 - Spyware Terminator
2008-11-22 à 12:07:38 - TEMP
2008-05-11 à 14:13:19 - Transparent
2008-04-22 à 15:30:30 - TuneUp Software
2008-11-01 à 18:19:32 - UDL
2008-04-06 à 16:36:08 - Ulead Systems
2007-11-14 à 21:51:35 - ViceVersa PRO 2
2007-08-30 à 19:45:03 - Viewpoint
2007-08-30 à 20:55:16 - Windows Genuine Advantage
2008-05-09 à 21:53:01 - WLInstaller
2008-05-09 à 19:09:56 - YAHOO
2007-09-17 à 14:22:37 - Yahoo!
2007-09-17 à 14:40:38 - Yahoo! Companion

+- C:\Documents and Settings\Djouher\Application Data

2008-05-21 à 17:12:34 - Adobe
2007-12-30 à 19:41:55 - AquaNox
2008-11-24 à 21:03:57 - Auslogics
2008-09-06 à 14:44:41 - Axialis
2008-01-04 à 12:46:37 - Babylon
2007-11-03 à 19:22:30 - CyberLink
2008-05-03 à 11:35:14 - DivX
2008-11-26 à 11:54:36 - DMCache
2008-09-25 à 17:02:36 - e frontier
2008-11-03 à 09:39:59 - Epson
2008-04-19 à 19:16:02 - Google
2008-04-22 à 15:47:12 - Help
2004-08-16 à 16:19:22 - Identities
2008-09-21 à 17:49:53 - IDM
2007-09-25 à 15:21:14 - InstallShield
2007-09-25 à 15:21:22 - InstallShield Installation Information
2008-11-22 à 11:27:48 - Itch seek
2008-05-21 à 17:12:43 - Leadertech
2007-11-02 à 16:40:02 - LogProtect
2007-10-07 à 15:03:44 - Macromedia
2008-11-25 à 19:00:12 - Malwarebytes
2008-11-24 à 19:10:40 - Microsoft
2008-06-19 à 17:17:57 - Mozilla
2007-10-08 à 16:36:53 - MusicNet
2008-05-05 à 18:34:43 - OmniPokedex
2008-11-02 à 20:25:14 - OpenOffice.org2
2008-11-22 à 12:03:57 - Phoenix
2007-11-05 à 13:05:54 - Real
2007-09-25 à 15:21:22 - sixteen tons entertainment
2007-12-02 à 17:35:05 - Sonic
2008-06-14 à 14:49:37 - SPAMfighter
2008-11-23 à 16:58:57 - Spyware Terminator
2008-05-17 à 17:42:42 - Styler
2007-08-30 à 19:40:22 - Sun
2007-08-30 à 19:47:12 - Symantec
2008-04-23 à 13:04:07 - Thinstall
2008-04-22 à 15:30:43 - TuneUp Software
2008-03-22 à 16:43:38 - URSoft
2008-09-10 à 17:29:17 - Viewpoint
2008-03-22 à 17:47:33 - vlc
2008-04-09 à 15:13:22 - WinRAR
2007-08-30 à 19:45:04 - You've Got Pictures Screensaver
2008-11-21 à 18:58:07 - zweitgeist

+- C:\Documents and Settings\Djouher\Local Settings\Application Data

2008-11-23 à 16:39:58 - Adobe
2007-12-29 à 12:57:38 - Apple
2008-08-27 à 16:09:12 - Apple Computer
2007-08-30 à 19:03:28 - ApplicationHistory
2008-09-07 à 17:23:19 - Axialis
2008-01-04 à 12:26:03 - Babylon
2008-03-22 à 17:36:44 - ESET
2008-05-16 à 16:57:13 - Google
2008-04-22 à 15:47:12 - Help
2007-11-06 à 17:32:54 - Identities
2008-11-23 à 11:10:53 - islamuslim
2008-11-16 à 17:05:57 - Microsoft
2007-09-22 à 16:32:59 - Mozilla
2007-11-03 à 19:21:44 - PowerCinema
2008-07-11 à 17:54:15 - speed-bit
2007-10-20 à 09:27:35 - Winamp Toolbar
2008-05-08 à 17:28:21 - Yahoo
2007-08-30 à 19:40:12 - {7148F0A6-6813-11D6-A77B-00B0D0142050}

+- C:\Documents and Settings\Mohamed-Amine\Application Data

2008-09-24 à 18:44:50 - Adobe
2008-06-14 à 15:25:01 - Apple Computer
2008-11-01 à 19:53:53 - Epson
2008-03-10 à 20:24:38 - Google
2004-08-16 à 16:19:22 - Identities
2007-12-03 à 17:49:01 - InstallShield
2007-11-03 à 18:50:04 - LogProtect
2007-11-04 à 09:46:12 - Macromedia
2008-11-20 à 08:13:06 - Microsoft
2008-06-19 à 15:25:50 - Mozilla
2007-12-04 à 09:28:36 - MusicNet
2008-05-08 à 14:27:17 - Real
2008-06-14 à 13:39:33 - SPAMfighter
2007-08-30 à 19:40:22 - Sun
2007-08-30 à 19:47:12 - Symantec
2008-09-10 à 18:18:14 - Viewpoint
2007-08-30 à 19:45:04 - You've Got Pictures Screensaver

+- C:\Documents and Settings\Mohamed-Amine\Local Settings\Application Data

2008-09-24 à 18:45:13 - Adobe
2008-10-18 à 08:28:17 - Apple Computer
2007-08-30 à 19:03:28 - ApplicationHistory
2008-03-10 à 17:10:23 - Google
2007-11-11 à 09:58:26 - Identities
2008-11-23 à 10:04:30 - islamuslim
2008-11-20 à 08:13:02 - Microsoft
2007-11-04 à 09:44:18 - Mozilla
2007-08-30 à 19:49:38 - PowerCinema
2008-07-13 à 15:15:01 - speed-bit
2007-08-30 à 19:40:12 - {7148F0A6-6813-11D6-A77B-00B0D0142050}

+- C:\Documents and Settings\Propri‚taire\Application Data

2007-10-15 à 18:57:53 - You've Got Pictures Screensaver

========== Listing du dossier Program Files

+- C:\Program Files

2008-03-04 à 05:20:42 - 7-Zip
2008-11-23 à 18:35:21 - Ad-remover
2008-06-27 à 05:55:12 - Adobe
2008-11-21 à 08:40:10 - Ahead
2007-09-17 à 12:36:51 - Alwil Software
2008-01-17 à 18:20:38 - aod
2007-08-30 à 19:45:05 - AOL 9.0
2007-08-30 à 19:45:04 - AOL Compagnon
2007-10-10 à 19:10:42 - ArcSoft
2008-07-13 à 13:20:23 - Athan
2008-11-24 à 21:03:50 - Auslogics
2008-11-21 à 09:07:06 - AVS4YOU
2008-11-21 à 09:08:12 - Axialis
2008-01-05 à 10:43:48 - Babylon
2008-10-15 à 17:35:00 - Bonjour
2007-10-10 à 19:11:10 - Caere
2008-04-09 à 15:13:44 - Common Files
2004-08-16 à 16:05:16 - ComPlus Applications
2008-03-22 à 17:38:52 - Conjugaison
2007-08-30 à 19:49:15 - CyberLink
2008-02-10 à 10:49:21 - DAP
2007-12-24 à 15:00:11 - DicoRime
2007-11-20 à 22:51:27 - Dictionnaire
2008-10-16 à 19:46:56 - DivX
2007-09-22 à 10:49:34 - DK
2008-03-22 à 17:44:59 - DMV
2007-10-20 à 15:18:43 - EA Games
2008-09-22 à 16:42:32 - Empire Interactive
2008-11-01 à 18:18:44 - EPSON
2008-11-01 à 18:18:59 - Epson Software
2008-04-04 à 18:22:43 - ESET
2008-11-23 à 18:32:17 - Fichiers communs
2007-11-16 à 12:50:07 - Foreignword
2007-08-30 à 20:56:56 - Foxit Software
2008-03-28 à 22:08:50 - Generalia Multimedia
2008-05-17 à 10:27:25 - GOA
2008-11-21 à 16:47:43 - Google
2008-05-11 à 13:38:44 - Harf
2008-11-21 à 09:43:00 - InstallShield Installation Information
2007-08-30 à 20:34:28 - Intel
2008-10-16 à 19:49:41 - Internet Explorer
2007-12-31 à 11:21:01 - islamuslim
2008-11-19 à 14:58:19 - Itch seek
2008-11-21 à 17:19:34 - iTunes
2008-11-21 à 16:39:35 - Java
2007-09-27 à 11:32:06 - Lame MP3 Codec
2008-11-21 à 16:31:33 - Lavasoft
2007-08-30 à 19:45:04 - Learn2.com
2007-11-12 à 23:29:54 - LeConjugueur
2008-11-21 à 18:56:48 - Legacy Interactive
2008-01-10 à 19:48:58 - Ligos
2008-11-21 à 17:16:45 - LogProtect
2008-11-26 à 12:48:16 - Lopxp
2008-11-25 à 19:00:10 - Malwarebytes' Anti-Malware
2007-09-27 à 11:30:37 - MarkAny
2008-11-21 à 19:11:26 - Mes Vacances en Photo
2008-08-16 à 09:18:04 - Messenger
2008-01-10 à 19:51:50 - metagenia
2008-10-16 à 12:38:35 - Microsoft
2008-09-21 à 12:17:54 - Microsoft ActiveSync
2004-08-16 à 16:11:16 - microsoft frontpage
2007-11-17 à 15:54:32 - Microsoft Games
2008-05-05 à 11:15:03 - Microsoft Office
2008-10-16 à 12:48:20 - Microsoft Office Outlook Connector
2008-10-27 à 19:14:27 - Microsoft Silverlight
2008-01-15 à 17:50:48 - Microsoft SQL Server Compact Edition
2008-05-05 à 11:14:24 - Microsoft.NET
2008-04-29 à 18:09:58 - mobile PhoneTools
2004-08-16 à 16:06:24 - Movie Maker
2008-11-26 à 12:41:18 - Mozilla Firefox
2004-08-16 à 16:03:08 - MSN
2004-08-16 à 16:03:38 - MSN Gaming Zone
2007-08-31 à 11:20:55 - MSXML 4.0
2008-04-04 à 11:16:12 - MUSICMATCH
2007-09-27 à 11:40:36 - MyFree Codec
2008-11-23 à 14:24:38 - Navilog1
2004-08-16 à 16:06:14 - NetMeeting
2007-11-17 à 16:46:23 - Nobilis
2007-11-01 à 10:07:10 - nouf.org
2008-04-23 à 13:15:43 - Omni Pokedex
2004-08-16 à 16:03:54 - Online Services
2008-05-01 à 21:49:38 - OpenOffice.org 2.4
2007-08-31 à 11:18:22 - Outlook Express
2008-10-20 à 07:04:34 - Picasa2
2008-06-29 à 13:17:56 - PopUp Destroy
2008-11-26 à 11:54:48 - Prayer
2008-04-22 à 16:27:29 - Proxomitron Naoko v4.5
2008-10-15 à 18:19:26 - QuickTime
2008-06-01 à 17:57:38 - QuickZip4
2008-05-31 à 13:45:50 - Quran_AR
2007-11-02 à 18:27:19 - RaimaRadio
2007-11-12 à 16:57:44 - Real
2008-11-21 à 09:59:21 - Registry Mechanic
2008-09-21 à 12:17:39 - Ressources Windows Mobile
2007-11-01 à 09:27:04 - RM to MP3 Converter
2008-10-15 à 17:43:58 - Safari
2007-09-27 à 11:30:30 - Samsung
2004-08-16 à 16:07:34 - Services en ligne
2008-07-12 à 10:26:58 - sixteen tons entertainment
2008-04-05 à 14:39:34 - Small Rockets
2007-08-30 à 19:51:26 - Sonic
2008-11-21 à 17:00:25 - speed-bit
2008-11-23 à 16:58:30 - Spyware Terminator
2007-09-12 à 13:43:01 - Strategy First
2008-11-21 à 16:58:24 - Time4Worker
2008-11-21 à 09:09:39 - Transparent
2007-11-17 à 15:40:08 - Ubi Soft
2004-08-16 à 16:19:06 - Uninstall Information
2008-06-16 à 18:09:22 - UNYK
2007-11-14 à 21:56:55 - ViceVersa Pro 2
2008-11-09 à 10:12:08 - VideoLAN
2007-08-30 à 19:45:03 - Viewpoint
2008-05-17 à 09:02:54 - Vstep
2008-11-21 à 18:58:06 - weblin
2008-04-29 à 16:55:04 - WIDCOMM
2007-08-30 à 20:58:01 - Windows Defender
2008-10-16 à 12:48:00 - Windows Live
2008-01-15 à 17:52:51 - Windows Live Favorites
2008-10-16 à 12:41:59 - Windows Live Toolbar
2007-09-08 à 16:50:21 - Windows Media Connect 2
2008-11-13 à 07:34:15 - Windows Media Player
2004-08-16 à 16:03:06 - Windows NT
2004-08-16 à 16:07:42 - WindowsUpdate
2008-04-22 à 15:47:30 - WinRAR
2008-06-13 à 18:45:28 - WorkTime
2004-08-16 à 16:11:16 - xerox
2007-09-27 à 11:31:57 - XviD
2008-05-09 à 19:09:53 - Yahoo!
2007-11-16 à 12:38:26 - ZikiTranslator

========== Tâches planifiées

1-Click Maintenance.job: C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe /schedulestart
8B841DC78F879383.job: c:\docume~1\djouher\applic~1\itchse~1\DELETE MEMO TONS.exe
MP Scheduled Scan.job: C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges
Rappel d'enregistrement 2.job: C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /r /n:2

========== Clés registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Heartbags"="C:\DOCUME~1\Djouher\APPLIC~1\ITCHSE~1\DASH BLEH.exe"


========== Bloqueur popups Internet Explorer


========== Suggestion ( /!\ Nécessite une interprétation.) ==========

C:\Documents and Settings\All Users\Application Data\Readme Live Axis Tons
C:\Documents and Settings\Djouher\Application Data\Itch seek
C:\Program Files\Itch seek
C:\WINDOWS\tasks\8B841DC78F879383.job

+- Registre:

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Heartbags"=-




- Fin du rapport -
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 71
Utilisateur anonyme
26 nov. 2008 à 14:02
J'en étais sur...
Télécharge LopSD : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Installe le, lance le et tape 1 et valide, attend........ le bloc-note s'ouvrira, copie colle le contenue et poste le ici

Tutoriel si problème : http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/lopsd-eliminez-les-pubs-cid-353105/messages-1.html
0
Réponse 46 / 71
karimosouli Messages postés 37 Date d'inscription dimanche 23 novembre 2008 Statut Membre Dernière intervention 12 décembre 2008
26 nov. 2008 à 14:38
tien:

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Award Medallion BIOS v6.00PG
USER : Djouher ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:97 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 26/11/2008|14:33 )

--------------------\\ Listing des dossiers dans APPLIC~1

[18/05/2008|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[30/08/2007|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[29/12/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[15/01/2008|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[08/04/2008|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[29/04/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[31/08/2007|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[20/06/2008|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[01/11/2008|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[22/03/2008|18:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[21/11/2008|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[21/11/2008|09:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[25/11/2008|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[16/10/2008|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/09/2007|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[25/11/2008|23:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Readme Live Axis Tons
[16/08/2004|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/10/2008|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[14/06/2008|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/11/2008|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[26/11/2008|13:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/05/2008|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Transparent
[22/04/2008|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[01/11/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[06/04/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[14/11/2007|22:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ViceVersa PRO 2
[30/08/2007|20:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[30/08/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/05/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[09/05/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAHOO
[17/09/2007|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[17/09/2007|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[16/08/2004|17:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[16/08/2004|16:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[30/08/2007|20:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[30/08/2007|20:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[30/08/2007|20:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[30/08/2007|20:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[21/05/2008|18:12] C:\DOCUME~1\Djouher\APPLIC~1\Adobe
[30/12/2007|20:41] C:\DOCUME~1\Djouher\APPLIC~1\AquaNox
[24/11/2008|22:03] C:\DOCUME~1\Djouher\APPLIC~1\Auslogics
[06/09/2008|15:44] C:\DOCUME~1\Djouher\APPLIC~1\Axialis
[04/01/2008|13:46] C:\DOCUME~1\Djouher\APPLIC~1\Babylon
[03/11/2007|20:22] C:\DOCUME~1\Djouher\APPLIC~1\CyberLink
[03/05/2008|12:35] C:\DOCUME~1\Djouher\APPLIC~1\DivX
[26/11/2008|12:58] C:\DOCUME~1\Djouher\APPLIC~1\DMCache
[25/09/2008|18:02] C:\DOCUME~1\Djouher\APPLIC~1\e frontier
[03/11/2008|10:39] C:\DOCUME~1\Djouher\APPLIC~1\Epson
[19/04/2008|20:16] C:\DOCUME~1\Djouher\APPLIC~1\Google
[22/04/2008|16:47] C:\DOCUME~1\Djouher\APPLIC~1\Help
[16/08/2004|17:19] C:\DOCUME~1\Djouher\APPLIC~1\Identities
[21/09/2008|18:49] C:\DOCUME~1\Djouher\APPLIC~1\IDM
[25/09/2007|16:21] C:\DOCUME~1\Djouher\APPLIC~1\InstallShield
[25/09/2007|16:21] C:\DOCUME~1\Djouher\APPLIC~1\InstallShield Installation Information
[22/11/2008|12:27] C:\DOCUME~1\Djouher\APPLIC~1\Itch seek
[21/05/2008|18:12] C:\DOCUME~1\Djouher\APPLIC~1\Leadertech
[02/11/2007|17:40] C:\DOCUME~1\Djouher\APPLIC~1\LogProtect
[07/10/2007|16:03] C:\DOCUME~1\Djouher\APPLIC~1\Macromedia
[25/11/2008|20:00] C:\DOCUME~1\Djouher\APPLIC~1\Malwarebytes
[24/11/2008|20:10] C:\DOCUME~1\Djouher\APPLIC~1\Microsoft
[19/06/2008|18:17] C:\DOCUME~1\Djouher\APPLIC~1\Mozilla
[08/10/2007|17:36] C:\DOCUME~1\Djouher\APPLIC~1\MusicNet
[05/05/2008|19:34] C:\DOCUME~1\Djouher\APPLIC~1\OmniPokedex
[02/11/2008|21:25] C:\DOCUME~1\Djouher\APPLIC~1\OpenOffice.org2
[22/11/2008|13:03] C:\DOCUME~1\Djouher\APPLIC~1\Phoenix
[05/11/2007|14:05] C:\DOCUME~1\Djouher\APPLIC~1\Real
[25/09/2007|16:21] C:\DOCUME~1\Djouher\APPLIC~1\sixteen tons entertainment
[02/12/2007|18:35] C:\DOCUME~1\Djouher\APPLIC~1\Sonic
[14/06/2008|15:49] C:\DOCUME~1\Djouher\APPLIC~1\SPAMfighter
[23/11/2008|17:58] C:\DOCUME~1\Djouher\APPLIC~1\Spyware Terminator
[17/05/2008|18:42] C:\DOCUME~1\Djouher\APPLIC~1\Styler
[30/08/2007|20:40] C:\DOCUME~1\Djouher\APPLIC~1\Sun
[30/08/2007|20:47] C:\DOCUME~1\Djouher\APPLIC~1\Symantec
[23/04/2008|14:04] C:\DOCUME~1\Djouher\APPLIC~1\Thinstall
[22/04/2008|16:30] C:\DOCUME~1\Djouher\APPLIC~1\TuneUp Software
[22/03/2008|17:43] C:\DOCUME~1\Djouher\APPLIC~1\URSoft
[10/09/2008|18:29] C:\DOCUME~1\Djouher\APPLIC~1\Viewpoint
[22/03/2008|18:47] C:\DOCUME~1\Djouher\APPLIC~1\vlc
[09/04/2008|16:13] C:\DOCUME~1\Djouher\APPLIC~1\WinRAR
[30/08/2007|20:45] C:\DOCUME~1\Djouher\APPLIC~1\You've Got Pictures Screensaver
[21/11/2008|19:58] C:\DOCUME~1\Djouher\APPLIC~1\zweitgeist


[08/09/2007|17:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[24/09/2008|19:44] C:\DOCUME~1\MOHAME~1\APPLIC~1\Adobe
[14/06/2008|16:25] C:\DOCUME~1\MOHAME~1\APPLIC~1\Apple Computer
[01/11/2008|20:53] C:\DOCUME~1\MOHAME~1\APPLIC~1\Epson
[10/03/2008|21:24] C:\DOCUME~1\MOHAME~1\APPLIC~1\Google
[16/08/2004|17:19] C:\DOCUME~1\MOHAME~1\APPLIC~1\Identities
[03/12/2007|18:49] C:\DOCUME~1\MOHAME~1\APPLIC~1\InstallShield
[03/11/2007|19:50] C:\DOCUME~1\MOHAME~1\APPLIC~1\LogProtect
[04/11/2007|10:46] C:\DOCUME~1\MOHAME~1\APPLIC~1\Macromedia
[20/11/2008|09:13] C:\DOCUME~1\MOHAME~1\APPLIC~1\Microsoft
[19/06/2008|16:25] C:\DOCUME~1\MOHAME~1\APPLIC~1\Mozilla
[04/12/2007|10:28] C:\DOCUME~1\MOHAME~1\APPLIC~1\MusicNet
[08/05/2008|15:27] C:\DOCUME~1\MOHAME~1\APPLIC~1\Real
[14/06/2008|14:39] C:\DOCUME~1\MOHAME~1\APPLIC~1\SPAMfighter
[30/08/2007|20:40] C:\DOCUME~1\MOHAME~1\APPLIC~1\Sun
[30/08/2007|20:47] C:\DOCUME~1\MOHAME~1\APPLIC~1\Symantec
[10/09/2008|19:18] C:\DOCUME~1\MOHAME~1\APPLIC~1\Viewpoint
[30/08/2007|20:45] C:\DOCUME~1\MOHAME~1\APPLIC~1\You've Got Pictures Screensaver

[08/09/2007|17:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[15/10/2007|19:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[26/11/2008 14:00][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[26/11/2008 14:00][--ah-----] C:\WINDOWS\tasks\8B841DC78F879383.job
[26/11/2008 14:00][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job
[26/11/2008 09:29][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[30/08/2007 20:58][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
[26/11/2008 09:26][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( 8B841DC78F879383.job )=( c:\docume~1\djouher\applic~1\itchse~1\DELETEMEMOTONS.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[04/03/2008|06:20] C:\Program Files\7-Zip
[27/06/2008|06:55] C:\Program Files\Adobe
[23/11/2008|19:35] C:\Program Files\Ad-remover
[21/11/2008|09:40] C:\Program Files\Ahead
[17/09/2007|13:36] C:\Program Files\Alwil Software
[17/01/2008|19:20] C:\Program Files\aod
[30/08/2007|20:45] C:\Program Files\AOL 9.0
[30/08/2007|20:45] C:\Program Files\AOL Compagnon
[10/10/2007|20:10] C:\Program Files\ArcSoft
[13/07/2008|14:20] C:\Program Files\Athan
[24/11/2008|22:03] C:\Program Files\Auslogics
[21/11/2008|10:07] C:\Program Files\AVS4YOU
[21/11/2008|10:08] C:\Program Files\Axialis
[05/01/2008|11:43] C:\Program Files\Babylon
[15/10/2008|18:35] C:\Program Files\Bonjour
[10/10/2007|20:11] C:\Program Files\Caere
[09/04/2008|16:13] C:\Program Files\Common Files
[16/08/2004|17:05] C:\Program Files\ComPlus Applications
[22/03/2008|18:38] C:\Program Files\Conjugaison
[30/08/2007|20:49] C:\Program Files\CyberLink
[10/02/2008|11:49] C:\Program Files\DAP
[24/12/2007|16:00] C:\Program Files\DicoRime
[20/11/2007|23:51] C:\Program Files\Dictionnaire
[16/10/2008|20:46] C:\Program Files\DivX
[22/09/2007|11:49] C:\Program Files\DK
[22/03/2008|18:44] C:\Program Files\DMV
[20/10/2007|16:18] C:\Program Files\EA Games
[22/09/2008|17:42] C:\Program Files\Empire Interactive
[01/11/2008|19:18] C:\Program Files\EPSON
[01/11/2008|19:18] C:\Program Files\Epson Software
[04/04/2008|19:22] C:\Program Files\ESET
[23/11/2008|19:32] C:\Program Files\Fichiers communs
[16/11/2007|13:50] C:\Program Files\Foreignword
[30/08/2007|21:56] C:\Program Files\Foxit Software
[28/03/2008|23:08] C:\Program Files\Generalia Multimedia
[17/05/2008|11:27] C:\Program Files\GOA
[21/11/2008|17:47] C:\Program Files\Google
[11/05/2008|14:38] C:\Program Files\Harf
[21/11/2008|10:43] C:\Program Files\InstallShield Installation Information
[30/08/2007|21:34] C:\Program Files\Intel
[16/10/2008|20:49] C:\Program Files\Internet Explorer
[31/12/2007|12:21] C:\Program Files\islamuslim
[19/11/2008|15:58] C:\Program Files\Itch seek
[21/11/2008|18:19] C:\Program Files\iTunes
[21/11/2008|17:39] C:\Program Files\Java
[27/09/2007|12:32] C:\Program Files\Lame MP3 Codec
[21/11/2008|17:31] C:\Program Files\Lavasoft
[30/08/2007|20:45] C:\Program Files\Learn2.com
[13/11/2007|00:29] C:\Program Files\LeConjugueur
[21/11/2008|19:56] C:\Program Files\Legacy Interactive
[10/01/2008|20:48] C:\Program Files\Ligos
[21/11/2008|18:16] C:\Program Files\LogProtect
[26/11/2008|13:48] C:\Program Files\Lopxp
[25/11/2008|20:00] C:\Program Files\Malwarebytes' Anti-Malware
[27/09/2007|12:30] C:\Program Files\MarkAny
[21/11/2008|20:11] C:\Program Files\Mes Vacances en Photo
[16/08/2008|10:18] C:\Program Files\Messenger
[10/01/2008|20:51] C:\Program Files\metagenia
[16/10/2008|13:38] C:\Program Files\Microsoft
[21/09/2008|13:17] C:\Program Files\Microsoft ActiveSync
[16/08/2004|17:11] C:\Program Files\microsoft frontpage
[17/11/2007|16:54] C:\Program Files\Microsoft Games
[05/05/2008|12:15] C:\Program Files\Microsoft Office
[16/10/2008|13:48] C:\Program Files\Microsoft Office Outlook Connector
[27/10/2008|20:14] C:\Program Files\Microsoft Silverlight
[15/01/2008|18:50] C:\Program Files\Microsoft SQL Server Compact Edition
[05/05/2008|12:14] C:\Program Files\Microsoft.NET
[29/04/2008|19:09] C:\Program Files\mobile PhoneTools
[16/08/2004|17:06] C:\Program Files\Movie Maker
[26/11/2008|14:21] C:\Program Files\Mozilla Firefox
[16/08/2004|17:03] C:\Program Files\MSN
[16/08/2004|17:03] C:\Program Files\MSN Gaming Zone
[31/08/2007|12:20] C:\Program Files\MSXML 4.0
[04/04/2008|12:16] C:\Program Files\MUSICMATCH
[27/09/2007|12:40] C:\Program Files\MyFree Codec
[23/11/2008|15:24] C:\Program Files\Navilog1
[16/08/2004|17:06] C:\Program Files\NetMeeting
[17/11/2007|17:46] C:\Program Files\Nobilis
[01/11/2007|11:07] C:\Program Files\nouf.org
[23/04/2008|14:15] C:\Program Files\Omni Pokedex
[16/08/2004|17:03] C:\Program Files\Online Services
[01/05/2008|22:49] C:\Program Files\OpenOffice.org 2.4
[31/08/2007|12:18] C:\Program Files\Outlook Express
[20/10/2008|08:04] C:\Program Files\Picasa2
[29/06/2008|14:17] C:\Program Files\PopUp Destroy
[26/11/2008|12:54] C:\Program Files\Prayer
[22/04/2008|17:27] C:\Program Files\Proxomitron Naoko v4.5
[15/10/2008|19:19] C:\Program Files\QuickTime
[01/06/2008|18:57] C:\Program Files\QuickZip4
[31/05/2008|14:45] C:\Program Files\Quran_AR
[02/11/2007|19:27] C:\Program Files\RaimaRadio
[12/11/2007|17:57] C:\Program Files\Real
[21/11/2008|10:59] C:\Program Files\Registry Mechanic
[21/09/2008|13:17] C:\Program Files\Ressources Windows Mobile
[01/11/2007|10:27] C:\Program Files\RM to MP3 Converter
[15/10/2008|18:43] C:\Program Files\Safari
[27/09/2007|12:30] C:\Program Files\Samsung
[16/08/2004|17:07] C:\Program Files\Services en ligne
[12/07/2008|11:26] C:\Program Files\sixteen tons entertainment
[05/04/2008|15:39] C:\Program Files\Small Rockets
[30/08/2007|20:51] C:\Program Files\Sonic
[21/11/2008|18:00] C:\Program Files\speed-bit
[23/11/2008|17:58] C:\Program Files\Spyware Terminator
[12/09/2007|14:43] C:\Program Files\Strategy First
[21/11/2008|17:58] C:\Program Files\Time4Worker
[21/11/2008|10:09] C:\Program Files\Transparent
[17/11/2007|16:40] C:\Program Files\Ubi Soft
[16/08/2004|17:19] C:\Program Files\Uninstall Information
[16/06/2008|19:09] C:\Program Files\UNYK
[14/11/2007|22:56] C:\Program Files\ViceVersa Pro 2
[09/11/2008|11:12] C:\Program Files\VideoLAN
[30/08/2007|20:45] C:\Program Files\Viewpoint
[17/05/2008|10:02] C:\Program Files\Vstep
[21/11/2008|19:58] C:\Program Files\weblin
[29/04/2008|17:55] C:\Program Files\WIDCOMM
[30/08/2007|21:58] C:\Program Files\Windows Defender
[16/10/2008|13:48] C:\Program Files\Windows Live
[15/01/2008|18:52] C:\Program Files\Windows Live Favorites
[16/10/2008|13:41] C:\Program Files\Windows Live Toolbar
[08/09/2007|17:50] C:\Program Files\Windows Media Connect 2
[13/11/2008|08:34] C:\Program Files\Windows Media Player
[16/08/2004|17:03] C:\Program Files\Windows NT
[16/08/2004|17:07] C:\Program Files\WindowsUpdate
[22/04/2008|16:47] C:\Program Files\WinRAR
[13/06/2008|19:45] C:\Program Files\WorkTime
[16/08/2004|17:11] C:\Program Files\xerox
[27/09/2007|12:31] C:\Program Files\XviD
[09/05/2008|20:09] C:\Program Files\Yahoo!
[16/11/2007|13:38] C:\Program Files\ZikiTranslator

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[18/05/2008|19:49] C:\Program Files\Fichiers communs\Adobe
[30/08/2007|20:45] C:\Program Files\Fichiers communs\AOL
[30/08/2007|20:45] C:\Program Files\Fichiers communs\aolshare
[15/10/2008|19:18] C:\Program Files\Fichiers communs\Apple
[01/10/2007|22:56] C:\Program Files\Fichiers communs\AVSMedia
[10/10/2007|20:11] C:\Program Files\Fichiers communs\Caere
[05/05/2008|12:15] C:\Program Files\Fichiers communs\DESIGNER
[09/09/2007|17:13] C:\Program Files\Fichiers communs\DirectX
[01/11/2008|19:18] C:\Program Files\Fichiers communs\InstallShield
[16/10/2008|13:38] C:\Program Files\Fichiers communs\Microsoft Shared
[16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap
[30/08/2007|20:44] C:\Program Files\Fichiers communs\Nullsoft
[16/08/2004|16:57] C:\Program Files\Fichiers communs\ODBC
[29/01/2008|23:12] C:\Program Files\Fichiers communs\Real
[16/08/2004|17:06] C:\Program Files\Fichiers communs\Services
[30/08/2007|20:51] C:\Program Files\Fichiers communs\Sonic Shared
[16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines
[09/05/2008|20:09] C:\Program Files\Fichiers communs\SureThing Shared
[17/09/2007|20:17] C:\Program Files\Fichiers communs\Symantec Shared
[16/10/2008|13:48] C:\Program Files\Fichiers communs\System
[16/10/2008|13:26] C:\Program Files\Fichiers communs\Windows Live
[15/01/2008|18:47] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[21/11/2008|17:31] C:\Program Files\Fichiers communs\Wise Installation Wizard
[29/01/2008|23:13] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 49 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Readme Live Axis Tons
C:\DOCUME~1\Djouher\APPLIC~1\itchse~1
C:\DOCUME~1\Djouher\APPLIC~1\itchse~1\acesafemixfast.exe
C:\DOCUME~1\Djouher\APPLIC~1\itchse~1\DASH BLEH.exe
C:\DOCUME~1\Djouher\APPLIC~1\itchse~1\DELETE MEMO TONS.exe
C:\DOCUME~1\Djouher\APPLIC~1\itchse~1\veujjiow.exe
C:\DOCUME~1\Djouher\APPLIC~1\itchse~1\xxxwdmis.exe
C:\Program Files\itchse~1
C:\DOCUME~1\Djouher\Cookies\djouher@advertising[2].txt
C:\DOCUME~1\Djouher\Cookies\djouher@adin.bigpoint[2].txt
C:\DOCUME~1\Djouher\Cookies\djouher@bigpoint[2].txt
C:\DOCUME~1\Djouher\Cookies\djouher@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\Djouher\Cookies\djouher@adopt.euroclick[1].txt
C:\DOCUME~1\Djouher\Cookies\djouher@fr1.seafight.bigpoint[2].txt
C:\WINDOWS\Tasks\8B841DC78F879383.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Heartbags"="C:\\DOCUME~1\\Djouher\\APPLIC~1\\ITCHSE~1\\DASH BLEH.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 14:34:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 12

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:118][D:26]-> C:\DOCUME~1\Djouher\LOCALS~1\Temp
[F:141][D:0]-> C:\DOCUME~1\Djouher\Cookies
[F:282][D:4]-> C:\DOCUME~1\Djouher\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 26/11/2008|14:35 - Option : [1]

--------------------\\ Fin du rapport a 14:35:56
0
Réponse 47 / 71
Utilisateur anonyme
26 nov. 2008 à 14:40
Relance LopS&D option 2 et montre le rapport
0
Réponse 48 / 71
karimosouli Messages postés 37 Date d'inscription dimanche 23 novembre 2008 Statut Membre Dernière intervention 12 décembre 2008
26 nov. 2008 à 15:21
tien:

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Award Medallion BIOS v6.00PG
USER : Djouher ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:97 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 26/11/2008|15:17 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Djouher\APPLIC~1\itchse~1\acesafemixfast.exe
Supprime! - C:\DOCUME~1\Djouher\APPLIC~1\itchse~1\DASH BLEH.exe
Supprime! - C:\DOCUME~1\Djouher\APPLIC~1\itchse~1\DELETE MEMO TONS.exe
Supprime! - C:\DOCUME~1\Djouher\APPLIC~1\itchse~1\veujjiow.exe
Supprime! - C:\DOCUME~1\Djouher\APPLIC~1\itchse~1\xxxwdmis.exe
Supprime! - C:\DOCUME~1\Djouher\Cookies\djouher@advertising[2].txt
Supprime! - C:\DOCUME~1\Djouher\Cookies\djouher@adin.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Djouher\Cookies\djouher@bigpoint[2].txt
Supprime! - C:\DOCUME~1\Djouher\Cookies\djouher@fr1.seafight.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Djouher\Cookies\djouher@adopt.euroclick[1].txt
Supprime! - C:\WINDOWS\Tasks\8B841DC78F879383.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Readme Live Axis Tons
Supprime! - C:\DOCUME~1\Djouher\APPLIC~1\itchse~1
Supprime! - C:\Program Files\itchse~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\Djouher\APPLIC~1\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[18/05/2008|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[30/08/2007|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[29/12/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[15/01/2008|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[08/04/2008|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[29/04/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[31/08/2007|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[20/06/2008|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[01/11/2008|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[22/03/2008|18:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[21/11/2008|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[21/11/2008|09:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[25/11/2008|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[16/10/2008|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/09/2007|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[16/08/2004|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/10/2008|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[14/06/2008|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/11/2008|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[26/11/2008|13:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/05/2008|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Transparent
[22/04/2008|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[01/11/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[06/04/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[14/11/2007|22:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ViceVersa PRO 2
[30/08/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/05/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[09/05/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAHOO
[17/09/2007|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[17/09/2007|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[16/08/2004|17:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[16/08/2004|16:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[30/08/2007|20:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[30/08/2007|20:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[30/08/2007|20:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[30/08/2007|20:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[21/05/2008|18:12] C:\DOCUME~1\Djouher\APPLIC~1\Adobe
[30/12/2007|20:41] C:\DOCUME~1\Djouher\APPLIC~1\AquaNox
[24/11/2008|22:03] C:\DOCUME~1\Djouher\APPLIC~1\Auslogics
[06/09/2008|15:44] C:\DOCUME~1\Djouher\APPLIC~1\Axialis
[04/01/2008|13:46] C:\DOCUME~1\Djouher\APPLIC~1\Babylon
[03/11/2007|20:22] C:\DOCUME~1\Djouher\APPLIC~1\CyberLink
[03/05/2008|12:35] C:\DOCUME~1\Djouher\APPLIC~1\DivX
[26/11/2008|12:58] C:\DOCUME~1\Djouher\APPLIC~1\DMCache
[25/09/2008|18:02] C:\DOCUME~1\Djouher\APPLIC~1\e frontier
[03/11/2008|10:39] C:\DOCUME~1\Djouher\APPLIC~1\Epson
[19/04/2008|20:16] C:\DOCUME~1\Djouher\APPLIC~1\Google
[22/04/2008|16:47] C:\DOCUME~1\Djouher\APPLIC~1\Help
[16/08/2004|17:19] C:\DOCUME~1\Djouher\APPLIC~1\Identities
[21/09/2008|18:49] C:\DOCUME~1\Djouher\APPLIC~1\IDM
[25/09/2007|16:21] C:\DOCUME~1\Djouher\APPLIC~1\InstallShield
[25/09/2007|16:21] C:\DOCUME~1\Djouher\APPLIC~1\InstallShield Installation Information
[21/05/2008|18:12] C:\DOCUME~1\Djouher\APPLIC~1\Leadertech
[02/11/2007|17:40] C:\DOCUME~1\Djouher\APPLIC~1\LogProtect
[07/10/2007|16:03] C:\DOCUME~1\Djouher\APPLIC~1\Macromedia
[25/11/2008|20:00] C:\DOCUME~1\Djouher\APPLIC~1\Malwarebytes
[24/11/2008|20:10] C:\DOCUME~1\Djouher\APPLIC~1\Microsoft
[19/06/2008|18:17] C:\DOCUME~1\Djouher\APPLIC~1\Mozilla
[08/10/2007|17:36] C:\DOCUME~1\Djouher\APPLIC~1\MusicNet
[05/05/2008|19:34] C:\DOCUME~1\Djouher\APPLIC~1\OmniPokedex
[02/11/2008|21:25] C:\DOCUME~1\Djouher\APPLIC~1\OpenOffice.org2
[22/11/2008|13:03] C:\DOCUME~1\Djouher\APPLIC~1\Phoenix
[05/11/2007|14:05] C:\DOCUME~1\Djouher\APPLIC~1\Real
[25/09/2007|16:21] C:\DOCUME~1\Djouher\APPLIC~1\sixteen tons entertainment
[02/12/2007|18:35] C:\DOCUME~1\Djouher\APPLIC~1\Sonic
[14/06/2008|15:49] C:\DOCUME~1\Djouher\APPLIC~1\SPAMfighter
[23/11/2008|17:58] C:\DOCUME~1\Djouher\APPLIC~1\Spyware Terminator
[17/05/2008|18:42] C:\DOCUME~1\Djouher\APPLIC~1\Styler
[30/08/2007|20:40] C:\DOCUME~1\Djouher\APPLIC~1\Sun
[30/08/2007|20:47] C:\DOCUME~1\Djouher\APPLIC~1\Symantec
[23/04/2008|14:04] C:\DOCUME~1\Djouher\APPLIC~1\Thinstall
[22/04/2008|16:30] C:\DOCUME~1\Djouher\APPLIC~1\TuneUp Software
[22/03/2008|17:43] C:\DOCUME~1\Djouher\APPLIC~1\URSoft
[22/03/2008|18:47] C:\DOCUME~1\Djouher\APPLIC~1\vlc
[09/04/2008|16:13] C:\DOCUME~1\Djouher\APPLIC~1\WinRAR
[30/08/2007|20:45] C:\DOCUME~1\Djouher\APPLIC~1\You've Got Pictures Screensaver
[21/11/2008|19:58] C:\DOCUME~1\Djouher\APPLIC~1\zweitgeist


[08/09/2007|17:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[24/09/2008|19:44] C:\DOCUME~1\MOHAME~1\APPLIC~1\Adobe
[14/06/2008|16:25] C:\DOCUME~1\MOHAME~1\APPLIC~1\Apple Computer
[01/11/2008|20:53] C:\DOCUME~1\MOHAME~1\APPLIC~1\Epson
[10/03/2008|21:24] C:\DOCUME~1\MOHAME~1\APPLIC~1\Google
[16/08/2004|17:19] C:\DOCUME~1\MOHAME~1\APPLIC~1\Identities
[03/12/2007|18:49] C:\DOCUME~1\MOHAME~1\APPLIC~1\InstallShield
[03/11/2007|19:50] C:\DOCUME~1\MOHAME~1\APPLIC~1\LogProtect
[04/11/2007|10:46] C:\DOCUME~1\MOHAME~1\APPLIC~1\Macromedia
[20/11/2008|09:13] C:\DOCUME~1\MOHAME~1\APPLIC~1\Microsoft
[19/06/2008|16:25] C:\DOCUME~1\MOHAME~1\APPLIC~1\Mozilla
[04/12/2007|10:28] C:\DOCUME~1\MOHAME~1\APPLIC~1\MusicNet
[08/05/2008|15:27] C:\DOCUME~1\MOHAME~1\APPLIC~1\Real
[14/06/2008|14:39] C:\DOCUME~1\MOHAME~1\APPLIC~1\SPAMfighter
[30/08/2007|20:40] C:\DOCUME~1\MOHAME~1\APPLIC~1\Sun
[30/08/2007|20:47] C:\DOCUME~1\MOHAME~1\APPLIC~1\Symantec
[10/09/2008|19:18] C:\DOCUME~1\MOHAME~1\APPLIC~1\Viewpoint
[30/08/2007|20:45] C:\DOCUME~1\MOHAME~1\APPLIC~1\You've Got Pictures Screensaver

[08/09/2007|17:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[15/10/2007|19:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[26/11/2008 14:49][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[26/11/2008 15:00][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job
[26/11/2008 09:29][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[30/08/2007 20:58][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
[26/11/2008 09:26][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[04/03/2008|06:20] C:\Program Files\7-Zip
[27/06/2008|06:55] C:\Program Files\Adobe
[23/11/2008|19:35] C:\Program Files\Ad-remover
[21/11/2008|09:40] C:\Program Files\Ahead
[17/09/2007|13:36] C:\Program Files\Alwil Software
[17/01/2008|19:20] C:\Program Files\aod
[30/08/2007|20:45] C:\Program Files\AOL 9.0
[30/08/2007|20:45] C:\Program Files\AOL Compagnon
[10/10/2007|20:10] C:\Program Files\ArcSoft
[13/07/2008|14:20] C:\Program Files\Athan
[24/11/2008|22:03] C:\Program Files\Auslogics
[21/11/2008|10:07] C:\Program Files\AVS4YOU
[21/11/2008|10:08] C:\Program Files\Axialis
[05/01/2008|11:43] C:\Program Files\Babylon
[15/10/2008|18:35] C:\Program Files\Bonjour
[10/10/2007|20:11] C:\Program Files\Caere
[09/04/2008|16:13] C:\Program Files\Common Files
[16/08/2004|17:05] C:\Program Files\ComPlus Applications
[22/03/2008|18:38] C:\Program Files\Conjugaison
[30/08/2007|20:49] C:\Program Files\CyberLink
[10/02/2008|11:49] C:\Program Files\DAP
[24/12/2007|16:00] C:\Program Files\DicoRime
[20/11/2007|23:51] C:\Program Files\Dictionnaire
[16/10/2008|20:46] C:\Program Files\DivX
[22/09/2007|11:49] C:\Program Files\DK
[22/03/2008|18:44] C:\Program Files\DMV
[20/10/2007|16:18] C:\Program Files\EA Games
[22/09/2008|17:42] C:\Program Files\Empire Interactive
[01/11/2008|19:18] C:\Program Files\EPSON
[01/11/2008|19:18] C:\Program Files\Epson Software
[04/04/2008|19:22] C:\Program Files\ESET
[23/11/2008|19:32] C:\Program Files\Fichiers communs
[16/11/2007|13:50] C:\Program Files\Foreignword
[30/08/2007|21:56] C:\Program Files\Foxit Software
[28/03/2008|23:08] C:\Program Files\Generalia Multimedia
[17/05/2008|11:27] C:\Program Files\GOA
[21/11/2008|17:47] C:\Program Files\Google
[11/05/2008|14:38] C:\Program Files\Harf
[21/11/2008|10:43] C:\Program Files\InstallShield Installation Information
[30/08/2007|21:34] C:\Program Files\Intel
[16/10/2008|20:49] C:\Program Files\Internet Explorer
[31/12/2007|12:21] C:\Program Files\islamuslim
[21/11/2008|18:19] C:\Program Files\iTunes
[21/11/2008|17:39] C:\Program Files\Java
[27/09/2007|12:32] C:\Program Files\Lame MP3 Codec
[21/11/2008|17:31] C:\Program Files\Lavasoft
[30/08/2007|20:45] C:\Program Files\Learn2.com
[13/11/2007|00:29] C:\Program Files\LeConjugueur
[21/11/2008|19:56] C:\Program Files\Legacy Interactive
[10/01/2008|20:48] C:\Program Files\Ligos
[21/11/2008|18:16] C:\Program Files\LogProtect
[26/11/2008|13:48] C:\Program Files\Lopxp
[25/11/2008|20:00] C:\Program Files\Malwarebytes' Anti-Malware
[27/09/2007|12:30] C:\Program Files\MarkAny
[21/11/2008|20:11] C:\Program Files\Mes Vacances en Photo
[16/08/2008|10:18] C:\Program Files\Messenger
[10/01/2008|20:51] C:\Program Files\metagenia
[16/10/2008|13:38] C:\Program Files\Microsoft
[21/09/2008|13:17] C:\Program Files\Microsoft ActiveSync
[16/08/2004|17:11] C:\Program Files\microsoft frontpage
[17/11/2007|16:54] C:\Program Files\Microsoft Games
[05/05/2008|12:15] C:\Program Files\Microsoft Office
[16/10/2008|13:48] C:\Program Files\Microsoft Office Outlook Connector
[27/10/2008|20:14] C:\Program Files\Microsoft Silverlight
[15/01/2008|18:50] C:\Program Files\Microsoft SQL Server Compact Edition
[05/05/2008|12:14] C:\Program Files\Microsoft.NET
[29/04/2008|19:09] C:\Program Files\mobile PhoneTools
[16/08/2004|17:06] C:\Program Files\Movie Maker
[26/11/2008|14:21] C:\Program Files\Mozilla Firefox
[16/08/2004|17:03] C:\Program Files\MSN
[16/08/2004|17:03] C:\Program Files\MSN Gaming Zone
[31/08/2007|12:20] C:\Program Files\MSXML 4.0
[04/04/2008|12:16] C:\Program Files\MUSICMATCH
[27/09/2007|12:40] C:\Program Files\MyFree Codec
[23/11/2008|15:24] C:\Program Files\Navilog1
[16/08/2004|17:06] C:\Program Files\NetMeeting
[17/11/2007|17:46] C:\Program Files\Nobilis
[01/11/2007|11:07] C:\Program Files\nouf.org
[23/04/2008|14:15] C:\Program Files\Omni Pokedex
[16/08/2004|17:03] C:\Program Files\Online Services
[01/05/2008|22:49] C:\Program Files\OpenOffice.org 2.4
[31/08/2007|12:18] C:\Program Files\Outlook Express
[20/10/2008|08:04] C:\Program Files\Picasa2
[29/06/2008|14:17] C:\Program Files\PopUp Destroy
[26/11/2008|12:54] C:\Program Files\Prayer
[22/04/2008|17:27] C:\Program Files\Proxomitron Naoko v4.5
[15/10/2008|19:19] C:\Program Files\QuickTime
[01/06/2008|18:57] C:\Program Files\QuickZip4
[31/05/2008|14:45] C:\Program Files\Quran_AR
[02/11/2007|19:27] C:\Program Files\RaimaRadio
[12/11/2007|17:57] C:\Program Files\Real
[21/11/2008|10:59] C:\Program Files\Registry Mechanic
[21/09/2008|13:17] C:\Program Files\Ressources Windows Mobile
[01/11/2007|10:27] C:\Program Files\RM to MP3 Converter
[15/10/2008|18:43] C:\Program Files\Safari
[27/09/2007|12:30] C:\Program Files\Samsung
[16/08/2004|17:07] C:\Program Files\Services en ligne
[12/07/2008|11:26] C:\Program Files\sixteen tons entertainment
[05/04/2008|15:39] C:\Program Files\Small Rockets
[30/08/2007|20:51] C:\Program Files\Sonic
[21/11/2008|18:00] C:\Program Files\speed-bit
[23/11/2008|17:58] C:\Program Files\Spyware Terminator
[12/09/2007|14:43] C:\Program Files\Strategy First
[21/11/2008|17:58] C:\Program Files\Time4Worker
[21/11/2008|10:09] C:\Program Files\Transparent
[17/11/2007|16:40] C:\Program Files\Ubi Soft
[16/08/2004|17:19] C:\Program Files\Uninstall Information
[16/06/2008|19:09] C:\Program Files\UNYK
[14/11/2007|22:56] C:\Program Files\ViceVersa Pro 2
[09/11/2008|11:12] C:\Program Files\VideoLAN
[17/05/2008|10:02] C:\Program Files\Vstep
[21/11/2008|19:58] C:\Program Files\weblin
[29/04/2008|17:55] C:\Program Files\WIDCOMM
[30/08/2007|21:58] C:\Program Files\Windows Defender
[16/10/2008|13:48] C:\Program Files\Windows Live
[15/01/2008|18:52] C:\Program Files\Windows Live Favorites
[16/10/2008|13:41] C:\Program Files\Windows Live Toolbar
[08/09/2007|17:50] C:\Program Files\Windows Media Connect 2
[13/11/2008|08:34] C:\Program Files\Windows Media Player
[16/08/2004|17:03] C:\Program Files\Windows NT
[16/08/2004|17:07] C:\Program Files\WindowsUpdate
[22/04/2008|16:47] C:\Program Files\WinRAR
[13/06/2008|19:45] C:\Program Files\WorkTime
[16/08/2004|17:11] C:\Program Files\xerox
[27/09/2007|12:31] C:\Program Files\XviD
[09/05/2008|20:09] C:\Program Files\Yahoo!
[16/11/2007|13:38] C:\Program Files\ZikiTranslator

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[18/05/2008|19:49] C:\Program Files\Fichiers communs\Adobe
[30/08/2007|20:45] C:\Program Files\Fichiers communs\AOL
[30/08/2007|20:45] C:\Program Files\Fichiers communs\aolshare
[15/10/2008|19:18] C:\Program Files\Fichiers communs\Apple
[01/10/2007|22:56] C:\Program Files\Fichiers communs\AVSMedia
[10/10/2007|20:11] C:\Program Files\Fichiers communs\Caere
[05/05/2008|12:15] C:\Program Files\Fichiers communs\DESIGNER
[09/09/2007|17:13] C:\Program Files\Fichiers communs\DirectX
[01/11/2008|19:18] C:\Program Files\Fichiers communs\InstallShield
[16/10/2008|13:38] C:\Program Files\Fichiers communs\Microsoft Shared
[16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap
[30/08/2007|20:44] C:\Program Files\Fichiers communs\Nullsoft
[16/08/2004|16:57] C:\Program Files\Fichiers communs\ODBC
[29/01/2008|23:12] C:\Program Files\Fichiers communs\Real
[16/08/2004|17:06] C:\Program Files\Fichiers communs\Services
[30/08/2007|20:51] C:\Program Files\Fichiers communs\Sonic Shared
[16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines
[09/05/2008|20:09] C:\Program Files\Fichiers communs\SureThing Shared
[17/09/2007|20:17] C:\Program Files\Fichiers communs\Symantec Shared
[16/10/2008|13:48] C:\Program Files\Fichiers communs\System
[16/10/2008|13:26] C:\Program Files\Fichiers communs\Windows Live
[15/01/2008|18:47] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[21/11/2008|17:31] C:\Program Files\Fichiers communs\Wise Installation Wizard
[29/01/2008|23:13] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 48 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 15:18:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 12

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:113][D:26]-> C:\DOCUME~1\Djouher\LOCALS~1\Temp
[F:136][D:0]-> C:\DOCUME~1\Djouher\Cookies
[F:288][D:4]-> C:\DOCUME~1\Djouher\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 26/11/2008|14:35 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 26/11/2008|15:19 - Option : [2]

--------------------\\ Fin du rapport a 15:19:53
0
Réponse 49 / 71
Utilisateur anonyme
26 nov. 2008 à 18:05
Refait un hijack
0
Réponse 50 / 71
karimosouli Messages postés 37 Date d'inscription dimanche 23 novembre 2008 Statut Membre Dernière intervention 12 décembre 2008
26 nov. 2008 à 19:32
voila:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:54, on 26/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Djouher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Prayer\Prayer.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: islamuslim Toolbar - {fcd5ee58-54d8-4d33-aa8d-54ae85597966} - C:\Program Files\islamuslim\tbisl0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: islamuslim Toolbar - {fcd5ee58-54d8-4d33-aa8d-54ae85597966} - C:\Program Files\islamuslim\tbisl0.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Djouher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1006\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'HADJAB')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1006\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User 'HADJAB')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'HADJAB')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'HADJAB')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1006\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'HADJAB')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1006\..\Run: [EPSON PX800FW Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEME.EXE /FU "C:\WINDOWS\TEMP\E_S5D7.tmp" /EF "HKCU" (User 'HADJAB')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1006\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe" (User 'HADJAB')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1006\..\Run: [Heartbags] C:\DOCUME~1\HADJAB\APPLIC~1\ITCHSE~1\DASH BLEH.exe (User 'HADJAB')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2227724090-2535785734-815230075-1006 Startup: OpenOffice.org 2.4.lnk (User 'HADJAB')
O4 - S-1-5-21-2227724090-2535785734-815230075-1006 User Startup: OpenOffice.org 2.4.lnk (User 'HADJAB')
O4 - Global Startup: Bilal.lnk = C:\Program Files\Prayer\Prayer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 51 / 71
Utilisateur anonyme
26 nov. 2008 à 19:37
Comment va ton ordi ?
Fait comme même ça :
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
***Si le lien ne fonctionne pas, essaie celui-ci :
http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***

Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\).
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
· Redémarre ton ordinateur
· Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (F5 sur certains PC), une pression par seconde.
· A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
· Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
· Choisis ton compte.
Déroule la liste des instructions ci-dessous :
· Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
· Appuie sur Y pour commencer le processus de nettoyage.
· Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
· Appuie sur une touche pour redémarrer le PC.
· Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
· Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
· Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
· Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
· Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
0
Réponse 52 / 71
karimosouli Messages postés 37 Date d'inscription dimanche 23 novembre 2008 Statut Membre Dernière intervention 12 décembre 2008
26 nov. 2008 à 21:45
tien:


[b]SDFix: Version 1.240 [/b]
Run by Djouher on 26/11/2008 at 21:21

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 21:40:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b01219e]
"001a1bc8134d"=hex:b8,51,37,8e,ff,b9,a4,98,64,ec,4a,ad,08,c4,c3,a9
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b01219e]
"001a1bc8134d"=hex:b8,51,37,8e,ff,b9,a4,98,64,ec,4a,ad,08,c4,c3,a9

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\sixteen tons entertainment\\Emergency 4\\Em4.exe"="C:\\Program Files\\sixteen tons entertainment\\Emergency 4\\Em4.exe:*:Enabled:Em4"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe:*:Enabled:tu_logonui"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Fri 12 Mar 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Fri 12 Mar 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Fri 12 Mar 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Thu 16 Oct 2008 6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 12 Mar 2004 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

[b]Finished![/b]
0
Réponse 53 / 71
Utilisateur anonyme
27 nov. 2008 à 18:35
Refait un hijackthis
0
Réponse 54 / 71
karimosouli Messages postés 37 Date d'inscription dimanche 23 novembre 2008 Statut Membre Dernière intervention 12 décembre 2008
28 nov. 2008 à 19:50
tien:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:27, on 28/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Djouher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Prayer\Prayer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEMonitor.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: islamuslim Toolbar - {fcd5ee58-54d8-4d33-aa8d-54ae85597966} - C:\Program Files\islamuslim\tbisl0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: islamuslim Toolbar - {fcd5ee58-54d8-4d33-aa8d-54ae85597966} - C:\Program Files\islamuslim\tbisl0.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Djouher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Mohamed-Amine')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Mohamed-Amine')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Mohamed-Amine')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1008\..\Run: [EPSON PX800FW Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEME.EXE /FU "C:\DOCUME~1\MOHAME~1\LOCALS~1\Temp\E_S253.tmp" /EF "HKCU" (User 'Mohamed-Amine')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1008\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart (User 'Mohamed-Amine')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1008\..\Run: [ecd85eae] rundll32.exe "C:\WINDOWS\system32\hewurogo.dll",b (User 'Mohamed-Amine')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1008\..\Run: [fuyamawewu] Rundll32.exe "C:\WINDOWS\system32\meburaro.dll",s (User 'Mohamed-Amine')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1008\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Mohamed-Amine')
O4 - HKUS\S-1-5-21-2227724090-2535785734-815230075-1008\..\Run: [CPMefeb6d32] Rundll32.exe "c:\windows\system32\jojayuza.dll",a (User 'Mohamed-Amine')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bilal.lnk = C:\Program Files\Prayer\Prayer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 55 / 71
Utilisateur anonyme
28 nov. 2008 à 19:56
Télécharge FindyKill (Merci à Chiquitine29 !!)

Fais un clic droit sur le lien, enregister sous .....sur le bureau
=> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

Dézippe le sur le bureau

Entre dans le dossier FindyKill
Double clique sur FindyKill.exe
Choisis l'option 1 (recherche)
Un rapport va s'ouvrir, poste le dans ta prochaine réponse stp

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque (C:\FindyKill.txt)
0
Réponse 56 / 71
karimosouli Messages postés 37 Date d'inscription dimanche 23 novembre 2008 Statut Membre Dernière intervention 12 décembre 2008
28 nov. 2008 à 20:35
chaud devant:



----------------- FindyKill V4.706 ------------------

* User : Djouher - SN104681400316
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 27/11/08 par Chiquitine29
* Recherche effectuée à 20:30:54 le 28/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Djouher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Prayer\Prayer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEMonitor.exe
C:\Program Files\Windows Live\Mail\wlmail.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Djouher\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\Djouher\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Djouher\Local Settings\Temporary Internet Files\Content.IE5

Found ! [29/04/2008 18:24] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

IDMan=C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
MsnMsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Google Update="C:\Documents and Settings\Djouher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
EEventManager=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
egui="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
<NO NAME>=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
<NO NAME>=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
<NO NAME>=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Samsung Media Studio]

--------------- [ Registre / Clés infectieuses ] ----------------



--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

Ip6Fw - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

WinDefend - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 57 / 71
Utilisateur anonyme
28 nov. 2008 à 21:39
Relance findykill option 2 et montre le rapport
0
Réponse 58 / 71
karimosouli Messages postés 37 Date d'inscription dimanche 23 novembre 2008 Statut Membre Dernière intervention 12 décembre 2008
29 nov. 2008 à 12:42
voici le rapport:



----------------- FindyKill V4.706 ------------------

* User : Djouher - SN104681400316
* executed from : C:\Program Files\FindyKill
* Update on 27/11/08 par Chiquitine29
* Start at 12:36:35 the 29/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\Djouher\Application Data


»»»» Supression files in C:\DOCUME~1\Djouher\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Djouher\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg

--------------- [ Registry / Infected keys ] ----------------


--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------
0
Réponse 59 / 71
Utilisateur anonyme
29 nov. 2008 à 12:48
On va supprimer tout les fix et en réinstaller quelque un comme hijackthis

-Télécharge ToolsCleaner sur ton bureau : http://pc-system.fr/
-Double-clique sur « Toolscleaner.exe »
-Clique sur "restauration" pour créer un point de restauration.
-Puis clique sur « recherche »
-Quand la recherche sera terminée, clique sur "suppression".
-A la fin (il y aura des indications dans le cadre en-dessous), clique sur "quitter" et poste le rapport qui se trouve dans %systemdrive%\Tcleaner.txt
0
Réponse 60 / 71
karimosouli Messages postés 37 Date d'inscription dimanche 23 novembre 2008 Statut Membre Dernière intervention 12 décembre 2008
29 nov. 2008 à 13:28
le voici:

[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\SDFIX: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Djouher\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Djouher\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\LopSD.exe: trouvé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\SdFix.exe: trouvé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\Navilog1.exe: trouvé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\ComboFix.exe: trouvé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\HijackThis.exe: trouvé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\hijackthis.log: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\lopxp: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Djouher\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Djouher\Mes documents\Downloads\LopSD.exe: supprimé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\SdFix.exe: supprimé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\Navilog1.exe: supprimé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\ComboFix.exe: supprimé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\HijackThis.exe: supprimé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\ToolBarSD.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Documents and Settings\Djouher\Mes documents\Downloads\Programs\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\Djouher\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\lopxp: supprimé !
C:\Program Files\FindyKill: ERREUR DE SUPPRESSION !!
0

Discussions similaires

apparation intempestives de pub type site de rencontre et photo dans le même ton
Crokino -
Crokino -

6 réponses
Publicités : même son coupé, elles sont à fond
Leboss104 -
loisou17 -

5 réponses
Les épisodes speciaux de Noël du docteur Who
Utilisateur anonyme -
coco-du-52 -

24 réponses
Candy crush
eric2850 -
MPMP10 -

6 réponses
Probleme les Sims 2 Ds
Gwen52s -
Mama.jj -

82 réponses