Infection page de demarrage

Résolu
lardechois2 Messages postés 2 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
DEpuis le 25 novembre, j'ai des soucis. J'ai subi une attaque que j'ai traité avec malwarebyte, ccleaner et un outil appelé genproc utilisant une palette de ressources (navilog, etc..). Tout semble avoir été nettoyé, sauf que ma page de demarrage d'IE continue à être modifié vers un pseudo site dont voici la capture d'écran:
http://picasaweb.google.fr/lh/photo/FFeEbacd-NmkBltoFBVZxg

Je pensais m'en sortir seul, mais y'a pas moyen de me débarrasser de cette saloperie, malgrés sbybot (qui ne trouve rien). De plus Kapersky m'indique toute une ribambelle de messages d'alerte de processus PID dont le numero change à chaque ouverture de IE qui cherche à modifier les cles de registre ou je sais pas trop quoi.Exemple :
http://picasaweb.google.fr/lh/photo/iLuAPqHm8nFqt2KI70tJLA

Commme je découvre ce genre de souci, je ne sais plus ou donner de la tête. La machine ne semble pas ralenti, juste le surf, mais depuis deux jours j'ai suivi les conseils de la toile et j'utilise Firefox, plus rapide, je n'ai plus ces soucis de message Kapersky à chaque ouverture de page. Bon, je dois avouer que j'ai un peu les boules là, j'ai peur d'être espionner, y'a un truc qui est arrivé à passer kapersky (surement à cause d'une mauvaise manip de la part d'un utilisateur de l'ordi), alors je vous demande humblement de l'aide.
Je tourne sous windows Xp familliale pack 3, IE jusqu'à peut, et antivirus KApersky
Voici un rapport Hijackthis des fois que...

PS : j'ai essayer de fixer sans succés les lignes 09 marquées "no name" et ExplorerSecurity, mais elles reviennent sans cesse

Merci par avance de l'attention porté à ce post
Cordialement

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:12, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebMediaViewer\hpmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\WLAN Card Utilities\Center.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Fichiers communs\AOL\1169876785\ee\aolsoftware.exe
C:\Program Files\WebMediaViewer\hpmom.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Bertrand\Bureau\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/27.44/uploader2.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7669 bytes
Configuration: Windows XP
Firefox 3.0

16 réponses

  1. ric025
     
    Salut!

    Important! Désactive ton antivirus / antispyware résident / TeaTimer de Spybot (si présent et actif)

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    Lance l'installation du programme en exécutant le fichier téléchargé.
    Double-clique maintenant sur le raccourci de Toolbar-S&D.
    Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

    Poste alors le rapport généré. Rapport qui se trouve également ici: C:\TB.txt

    A++
    0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    En mode sans échec:

    Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
    Puis copies ce qui se trouve en citation ci-dessous,

    :Processes
    explorer.exe

    :Reg
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]

    :Files
    C:\Program Files\WebMediaViewer
    c:\program files\google

    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]

    et colles le dans le cadre de gauche de OTMoveIt3 :
    Paste Instructions for items to be moved.
    (ne touche à rien d'autre !)

    -> cliques sur MoveIt! pour lancer la suppression.
    -> laisses travailler l'outil ...

    ( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

    -> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

    Ton PC va redémarrer de lui même ...

    -->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
    ( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).

    @+
    0
  3. lardechois2
     
    Voici le rapport ToolBar SD,
    Merci pour votre aide, c'est gave ?

    -----------\\ ToolBar S&D 1.2.5 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
    BIOS : BIOS Date: 11/20/06 11:07:02 Ver: 08.00.10
    USER : Bertrand ( Administrator )
    BOOT : Normal boot
    Antivirus : Kaspersky Anti-Virus 7.0.1.325 (Not Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:74 Go (Free:51 Go)
    D:\ (CD or DVD)
    E:\ (USB) - FAT - Total:247 Mo (Free:0 Go)

    "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
    Option : [1] ( 01/12/2008|18:21 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Url"="http://www.microsoft.com/athome/community/rss.xml"
    "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
    "Url"="http://www.microsoft.com/atwork/community/rss.xml"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 01/12/2008|18:22 - Option : [1]

    -----------\\ Fin du rapport a 18:22:06,14
    0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    y a rien dans le rapport, passe ot_move it 3 comme je te l´ai indiqué :)
    @+
    0

  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lardechois2
     
    Voilà le rapport ot_movie, merci Girly

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}\\ not found.
    ========== FILES ==========
    C:\Program Files\WebMediaViewer moved successfully.
    c:\program files\Google\Toolbar for Firefox moved successfully.
    c:\program files\Google\Installers moved successfully.
    c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462 moved successfully.
    c:\program files\Google\GoogleToolbarNotifier moved successfully.
    c:\program files\Google\Google Earth\xml moved successfully.
    c:\program files\Google\Google Earth\res\zw.country moved successfully.
    c:\program files\Google\Google Earth\res\zm.country moved successfully.
    c:\program files\Google\Google Earth\res\zh-hant.locale moved successfully.
    c:\program files\Google\Google Earth\res\za.country moved successfully.
    c:\program files\Google\Google Earth\res\yt.country moved successfully.
    c:\program files\Google\Google Earth\res\ye.country moved successfully.
    c:\program files\Google\Google Earth\res\ws.country moved successfully.
    c:\program files\Google\Google Earth\res\wf.country moved successfully.
    c:\program files\Google\Google Earth\res\vu.country moved successfully.
    c:\program files\Google\Google Earth\res\vn.country moved successfully.
    c:\program files\Google\Google Earth\res\vi.country moved successfully.
    c:\program files\Google\Google Earth\res\vg.country moved successfully.
    c:\program files\Google\Google Earth\res\ve.country moved successfully.
    c:\program files\Google\Google Earth\res\vc.country moved successfully.
    c:\program files\Google\Google Earth\res\va.country moved successfully.
    c:\program files\Google\Google Earth\res\uz.country moved successfully.
    c:\program files\Google\Google Earth\res\uy.country moved successfully.
    c:\program files\Google\Google Earth\res\us.country moved successfully.
    c:\program files\Google\Google Earth\res\um.country moved successfully.
    c:\program files\Google\Google Earth\res\ug.country moved successfully.
    c:\program files\Google\Google Earth\res\ua.country moved successfully.
    c:\program files\Google\Google Earth\res\tz.country moved successfully.
    c:\program files\Google\Google Earth\res\tw.country moved successfully.
    c:\program files\Google\Google Earth\res\tv.country moved successfully.
    c:\program files\Google\Google Earth\res\tt.country moved successfully.
    c:\program files\Google\Google Earth\res\tr.country moved successfully.
    c:\program files\Google\Google Earth\res\to.country moved successfully.
    c:\program files\Google\Google Earth\res\tn.country moved successfully.
    c:\program files\Google\Google Earth\res\tm.country moved successfully.
    c:\program files\Google\Google Earth\res\tl.country moved successfully.
    c:\program files\Google\Google Earth\res\tk.country moved successfully.
    c:\program files\Google\Google Earth\res\tj.country moved successfully.
    c:\program files\Google\Google Earth\res\th.country moved successfully.
    c:\program files\Google\Google Earth\res\tg.country moved successfully.
    c:\program files\Google\Google Earth\res\tf.country moved successfully.
    c:\program files\Google\Google Earth\res\td.country moved successfully.
    c:\program files\Google\Google Earth\res\tc.country moved successfully.
    c:\program files\Google\Google Earth\res\sz.country moved successfully.
    c:\program files\Google\Google Earth\res\sy.country moved successfully.
    c:\program files\Google\Google Earth\res\sv.country moved successfully.
    c:\program files\Google\Google Earth\res\st.country moved successfully.
    c:\program files\Google\Google Earth\res\sr.country moved successfully.
    c:\program files\Google\Google Earth\res\so.country moved successfully.
    c:\program files\Google\Google Earth\res\sn.country moved successfully.
    c:\program files\Google\Google Earth\res\sm.country moved successfully.
    c:\program files\Google\Google Earth\res\sl.country moved successfully.
    c:\program files\Google\Google Earth\res\sk.country moved successfully.
    c:\program files\Google\Google Earth\res\sj.country moved successfully.
    c:\program files\Google\Google Earth\res\si.country moved successfully.
    c:\program files\Google\Google Earth\res\shapes moved successfully.
    c:\program files\Google\Google Earth\res\sh.country moved successfully.
    c:\program files\Google\Google Earth\res\sg.country moved successfully.
    c:\program files\Google\Google Earth\res\se.country moved successfully.
    c:\program files\Google\Google Earth\res\sd.country moved successfully.
    c:\program files\Google\Google Earth\res\sc.country moved successfully.
    c:\program files\Google\Google Earth\res\sb.country moved successfully.
    c:\program files\Google\Google Earth\res\sa.country moved successfully.
    c:\program files\Google\Google Earth\res\rw.country moved successfully.
    c:\program files\Google\Google Earth\res\ru.locale moved successfully.
    c:\program files\Google\Google Earth\res\ru.country moved successfully.
    c:\program files\Google\Google Earth\res\rs.country moved successfully.
    c:\program files\Google\Google Earth\res\ro.country moved successfully.
    c:\program files\Google\Google Earth\res\re.country moved successfully.
    c:\program files\Google\Google Earth\res\qa.country moved successfully.
    c:\program files\Google\Google Earth\res\py.country moved successfully.
    c:\program files\Google\Google Earth\res\pw.country moved successfully.
    c:\program files\Google\Google Earth\res\pushpin moved successfully.
    c:\program files\Google\Google Earth\res\pt.country moved successfully.
    c:\program files\Google\Google Earth\res\ps.country moved successfully.
    c:\program files\Google\Google Earth\res\pr.country moved successfully.
    c:\program files\Google\Google Earth\res\pn.country moved successfully.
    c:\program files\Google\Google Earth\res\pm.country moved successfully.
    c:\program files\Google\Google Earth\res\pl.country moved successfully.
    c:\program files\Google\Google Earth\res\pk.country moved successfully.
    c:\program files\Google\Google Earth\res\ph.country moved successfully.
    c:\program files\Google\Google Earth\res\pg.country moved successfully.
    c:\program files\Google\Google Earth\res\pf.country moved successfully.
    c:\program files\Google\Google Earth\res\pe.country moved successfully.
    c:\program files\Google\Google Earth\res\paddle moved successfully.
    c:\program files\Google\Google Earth\res\pa.country moved successfully.
    c:\program files\Google\Google Earth\res\om.country moved successfully.
    c:\program files\Google\Google Earth\res\nz.country moved successfully.
    c:\program files\Google\Google Earth\res\nu.country moved successfully.
    c:\program files\Google\Google Earth\res\nr.country moved successfully.
    c:\program files\Google\Google Earth\res\np.country moved successfully.
    c:\program files\Google\Google Earth\res\no.country moved successfully.
    c:\program files\Google\Google Earth\res\nl.country moved successfully.
    c:\program files\Google\Google Earth\res\ni.country moved successfully.
    c:\program files\Google\Google Earth\res\ng.country moved successfully.
    c:\program files\Google\Google Earth\res\nf.country moved successfully.
    c:\program files\Google\Google Earth\res\ne.country moved successfully.
    c:\program files\Google\Google Earth\res\nc.country moved successfully.
    c:\program files\Google\Google Earth\res\na.country moved successfully.
    c:\program files\Google\Google Earth\res\mz.country moved successfully.
    c:\program files\Google\Google Earth\res\my.country moved successfully.
    c:\program files\Google\Google Earth\res\mx.country moved successfully.
    c:\program files\Google\Google Earth\res\mw.country moved successfully.
    c:\program files\Google\Google Earth\res\mv.country moved successfully.
    c:\program files\Google\Google Earth\res\mu.country moved successfully.
    c:\program files\Google\Google Earth\res\mt.country moved successfully.
    c:\program files\Google\Google Earth\res\ms.country moved successfully.
    c:\program files\Google\Google Earth\res\mr.country moved successfully.
    c:\program files\Google\Google Earth\res\mq.country moved successfully.
    c:\program files\Google\Google Earth\res\mp.country moved successfully.
    c:\program files\Google\Google Earth\res\mo.country moved successfully.
    c:\program files\Google\Google Earth\res\mn.country moved successfully.
    c:\program files\Google\Google Earth\res\mm.country moved successfully.
    c:\program files\Google\Google Earth\res\ml.country moved successfully.
    c:\program files\Google\Google Earth\res\mk.country moved successfully.
    c:\program files\Google\Google Earth\res\mh.country moved successfully.
    c:\program files\Google\Google Earth\res\mg.country moved successfully.
    c:\program files\Google\Google Earth\res\me.country moved successfully.
    c:\program files\Google\Google Earth\res\md.country moved successfully.
    c:\program files\Google\Google Earth\res\mc.country moved successfully.
    c:\program files\Google\Google Earth\res\ma.country moved successfully.
    c:\program files\Google\Google Earth\res\ly.country moved successfully.
    c:\program files\Google\Google Earth\res\lv.country moved successfully.
    c:\program files\Google\Google Earth\res\lu.country moved successfully.
    c:\program files\Google\Google Earth\res\lt.country moved successfully.
    c:\program files\Google\Google Earth\res\ls.country moved successfully.
    c:\program files\Google\Google Earth\res\lr.country moved successfully.
    c:\program files\Google\Google Earth\res\lk.country moved successfully.
    c:\program files\Google\Google Earth\res\li.country moved successfully.
    c:\program files\Google\Google Earth\res\lc.country moved successfully.
    c:\program files\Google\Google Earth\res\lb.country moved successfully.
    c:\program files\Google\Google Earth\res\la.country moved successfully.
    c:\program files\Google\Google Earth\res\kz.country moved successfully.
    c:\program files\Google\Google Earth\res\ky.country moved successfully.
    c:\program files\Google\Google Earth\res\kw.country moved successfully.
    c:\program files\Google\Google Earth\res\kr.country moved successfully.
    c:\program files\Google\Google Earth\res\kp.country moved successfully.
    c:\program files\Google\Google Earth\res\ko.locale moved successfully.
    c:\program files\Google\Google Earth\res\kn.country moved successfully.
    c:\program files\Google\Google Earth\res\km.country moved successfully.
    c:\program files\Google\Google Earth\res\ki.country moved successfully.
    c:\program files\Google\Google Earth\res\kh.country moved successfully.
    c:\program files\Google\Google Earth\res\kg.country moved successfully.
    c:\program files\Google\Google Earth\res\ke.country moved successfully.
    c:\program files\Google\Google Earth\res\jp.country moved successfully.
    c:\program files\Google\Google Earth\res\jo.country moved successfully.
    c:\program files\Google\Google Earth\res\jm.country moved successfully.
    c:\program files\Google\Google Earth\res\je.country moved successfully.
    c:\program files\Google\Google Earth\res\it.country moved successfully.
    c:\program files\Google\Google Earth\res\is.country moved successfully.
    c:\program files\Google\Google Earth\res\ir.country moved successfully.
    c:\program files\Google\Google Earth\res\iq.country moved successfully.
    c:\program files\Google\Google Earth\res\io.country moved successfully.
    c:\program files\Google\Google Earth\res\in.country moved successfully.
    c:\program files\Google\Google Earth\res\im.country moved successfully.
    c:\program files\Google\Google Earth\res\il.country moved successfully.
    c:\program files\Google\Google Earth\res\ie.country moved successfully.
    c:\program files\Google\Google Earth\res\id.country moved successfully.
    c:\program files\Google\Google Earth\res\hu.country moved successfully.
    c:\program files\Google\Google Earth\res\ht.country moved successfully.
    c:\program files\Google\Google Earth\res\hr.country moved successfully.
    c:\program files\Google\Google Earth\res\hn.country moved successfully.
    c:\program files\Google\Google Earth\res\hm.country moved successfully.
    c:\program files\Google\Google Earth\res\hk.country moved successfully.
    c:\program files\Google\Google Earth\res\gy.country moved successfully.
    c:\program files\Google\Google Earth\res\gw.country moved successfully.
    c:\program files\Google\Google Earth\res\gu.country moved successfully.
    c:\program files\Google\Google Earth\res\gt.country moved successfully.
    c:\program files\Google\Google Earth\res\gs.country moved successfully.
    c:\program files\Google\Google Earth\res\gr.country moved successfully.
    c:\program files\Google\Google Earth\res\gq.country moved successfully.
    c:\program files\Google\Google Earth\res\gp.country moved successfully.
    c:\program files\Google\Google Earth\res\gn.country moved successfully.
    c:\program files\Google\Google Earth\res\gm.country moved successfully.
    c:\program files\Google\Google Earth\res\gl.country moved successfully.
    c:\program files\Google\Google Earth\res\gi.country moved successfully.
    c:\program files\Google\Google Earth\res\gh.country moved successfully.
    c:\program files\Google\Google Earth\res\gg.country moved successfully.
    c:\program files\Google\Google Earth\res\gf.country moved successfully.
    c:\program files\Google\Google Earth\res\ge.country moved successfully.
    c:\program files\Google\Google Earth\res\gd.country moved successfully.
    c:\program files\Google\Google Earth\res\gb.country moved successfully.
    c:\program files\Google\Google Earth\res\ga.country moved successfully.
    c:\program files\Google\Google Earth\res\fr.country moved successfully.
    c:\program files\Google\Google Earth\res\fo.country moved successfully.
    c:\program files\Google\Google Earth\res\fm.country moved successfully.
    c:\program files\Google\Google Earth\res\flightsim\planet moved successfully.
    c:\program files\Google\Google Earth\res\flightsim\keyboard moved successfully.
    c:\program files\Google\Google Earth\res\flightsim\hud moved successfully.
    c:\program files\Google\Google Earth\res\flightsim\controller moved successfully.
    c:\program files\Google\Google Earth\res\flightsim\aircraft moved successfully.
    c:\program files\Google\Google Earth\res\flightsim moved successfully.
    c:\program files\Google\Google Earth\res\fk.country moved successfully.
    c:\program files\Google\Google Earth\res\fj.country moved successfully.
    c:\program files\Google\Google Earth\res\fi.country moved successfully.
    c:\program files\Google\Google Earth\res\et.country moved successfully.
    c:\program files\Google\Google Earth\res\es.country moved successfully.
    c:\program files\Google\Google Earth\res\er.country moved successfully.
    c:\program files\Google\Google Earth\res\eh.country moved successfully.
    c:\program files\Google\Google Earth\res\eg.country moved successfully.
    c:\program files\Google\Google Earth\res\ee.country moved successfully.
    c:\program files\Google\Google Earth\res\ec.country moved successfully.
    c:\program files\Google\Google Earth\res\dz.country moved successfully.
    c:\program files\Google\Google Earth\res\do.country moved successfully.
    c:\program files\Google\Google Earth\res\dm.country moved successfully.
    c:\program files\Google\Google Earth\res\dk.country moved successfully.
    c:\program files\Google\Google Earth\res\dj.country moved successfully.
    c:\program files\Google\Google Earth\res\de.country moved successfully.
    c:\program files\Google\Google Earth\res\cz.country moved successfully.
    c:\program files\Google\Google Earth\res\cy.country moved successfully.
    c:\program files\Google\Google Earth\res\cx.country moved successfully.
    c:\program files\Google\Google Earth\res\cv.country moved successfully.
    c:\program files\Google\Google Earth\res\cu.country moved successfully.
    c:\program files\Google\Google Earth\res\cr.country moved successfully.
    c:\program files\Google\Google Earth\res\co.country moved successfully.
    c:\program files\Google\Google Earth\res\cn.country moved successfully.
    c:\program files\Google\Google Earth\res\cm.country moved successfully.
    c:\program files\Google\Google Earth\res\cl.country moved successfully.
    c:\program files\Google\Google Earth\res\ck.country moved successfully.
    c:\program files\Google\Google Earth\res\ci.country moved successfully.
    c:\program files\Google\Google Earth\res\ch.country moved successfully.
    c:\program files\Google\Google Earth\res\cg.country moved successfully.
    c:\program files\Google\Google Earth\res\cf.country moved successfully.
    c:\program files\Google\Google Earth\res\cd.country moved successfully.
    c:\program files\Google\Google Earth\res\cc.country moved successfully.
    c:\program files\Google\Google Earth\res\ca.country moved successfully.
    c:\program files\Google\Google Earth\res\bz.country moved successfully.
    c:\program files\Google\Google Earth\res\by.country moved successfully.
    c:\program files\Google\Google Earth\res\bw.country moved successfully.
    c:\program files\Google\Google Earth\res\bv.country moved successfully.
    c:\program files\Google\Google Earth\res\bt.country moved successfully.
    c:\program files\Google\Google Earth\res\bs.country moved successfully.
    c:\program files\Google\Google Earth\res\br.country moved successfully.
    c:\program files\Google\Google Earth\res\bo.country moved successfully.
    c:\program files\Google\Google Earth\res\bn.country moved successfully.
    c:\program files\Google\Google Earth\res\bm.country moved successfully.
    c:\program files\Google\Google Earth\res\bj.country moved successfully.
    c:\program files\Google\Google Earth\res\bi.country moved successfully.
    c:\program files\Google\Google Earth\res\bh.country moved successfully.
    c:\program files\Google\Google Earth\res\bg.country moved successfully.
    c:\program files\Google\Google Earth\res\bf.country moved successfully.
    c:\program files\Google\Google Earth\res\be.country moved successfully.
    c:\program files\Google\Google Earth\res\bd.country moved successfully.
    c:\program files\Google\Google Earth\res\bb.country moved successfully.
    c:\program files\Google\Google Earth\res\ba.country moved successfully.
    c:\program files\Google\Google Earth\res\az.country moved successfully.
    c:\program files\Google\Google Earth\res\ax.country moved successfully.
    c:\program files\Google\Google Earth\res\aw.country moved successfully.
    c:\program files\Google\Google Earth\res\au.country moved successfully.
    c:\program files\Google\Google Earth\res\at.country moved successfully.
    c:\program files\Google\Google Earth\res\as.country moved successfully.
    c:\program files\Google\Google Earth\res\ar.locale moved successfully.
    c:\program files\Google\Google Earth\res\ar.country moved successfully.
    c:\program files\Google\Google Earth\res\aq.country moved successfully.
    c:\program files\Google\Google Earth\res\ao.country moved successfully.
    c:\program files\Google\Google Earth\res\an.country moved successfully.
    c:\program files\Google\Google Earth\res\am.country moved successfully.
    c:\program files\Google\Google Earth\res\al.country moved successfully.
    c:\program files\Google\Google Earth\res\ai.country moved successfully.
    c:\program files\Google\Google Earth\res\ag.country moved successfully.
    c:\program files\Google\Google Earth\res\af.country moved successfully.
    c:\program files\Google\Google Earth\res\ae.country moved successfully.
    c:\program files\Google\Google Earth\res\ad.country moved successfully.
    c:\program files\Google\Google Earth\res moved successfully.
    c:\program files\Google\Google Earth\lang moved successfully.
    c:\program files\Google\Google Earth\kvw moved successfully.
    c:\program files\Google\Google Earth\alchemy\optimizations moved successfully.
    c:\program files\Google\Google Earth\alchemy\ogl moved successfully.
    c:\program files\Google\Google Earth\alchemy\dx moved successfully.
    c:\program files\Google\Google Earth\alchemy moved successfully.
    c:\program files\Google\Google Earth moved successfully.
    c:\program files\Google\Common\Google Updater moved successfully.
    c:\program files\Google\Common moved successfully.
    c:\program files\Google moved successfully.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12012008_183811
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    post un nouveau rapport hijack this stp

    @+
    0
  8. ric025
     
    Bien vu G!rly!

    Bonne continuation.

    A++ ;))
    0
  9. lardechois2
     
    Oups, désolé j'aurai pu y penser :)
    Bon, pour info, quand j'ouvre IE j'ai retrouvé ma page de démarrage, c'est cool (même si je n'ouvrirai plus IE de longtemps)

    Voilà le rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:50:29, on 01/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Classic PhoneTools\CapFax.EXE
    C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\WLAN Card Utilities\Center.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\AOL\1169876785\ee\aolsoftware.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Documents and Settings\Bertrand\Bureau\HiJackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
    O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/27.44/uploader2.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    0
  10. lardechois2
     
    par contre, Kapersky me signale toujours ça :

    01/12/2008 18:52:32 Processus C:\WINDOWS\system32\services.exe (PID: 1024): action création composition des bibliothèques système chargées au démarrage du système d'exploitation (clé HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ASNDIS5, valeurs ImagePath, données \??\C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS) bloquée.
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    peux tu passer ceci :

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.
    0
    1. lardechois2
       
      Bon, désolé le scan a duré longtemps, j'avais déjà insatallé Malwarebytes, j'ai fais une MAJ, et voilà le rapport, il n'a rien trouvé :
      Malwarebytes' Anti-Malware 1.30
      Version de la base de données: 1306
      Windows 5.1.2600 Service Pack 3

      01/12/2008 20:02:05
      mbam-log-2008-12-01 (20-02-05).txt

      Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
      Eléments examinés: 121803
      Temps écoulé: 35 minute(s), 27 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    d´accord

    a mon avis c´est un faux positif :

    https://www.greatis.com/appdata/a/a/asndis5.sys.htm

    https://www.broadcom.com/

    http://www.prevx.com/filenames/103048015887488452-0/ASNDIS52ESYS.html

    tu peux le faire analyser

    Vas sur le site https://virusscan.jotti.org/
    - Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
    C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS
    - Clic sur submit toujours en haut à droite
    - Le scan va se lancer, ça va prendre un petit instant
    - En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
    Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

    @+
    0
    1. lardechois2
       
      Et hop, encore un rapport :)

      Last file scanned at least one scanner reported something about: Xinch.exe (MD5: 368ac338514e5c9189dbcc44495c8997, size: 24064 bytes), detected by:

      Scanner Malware name
      A-Squared Trojan-PWS.Win32.LdPinch!IK
      AntiVir TR/Spy.Gen
      ArcaVir X
      Avast Win32:LdPinch-DEZ
      AVG Antivirus X
      BitDefender Generic.PWStealer.416489ED
      ClamAV Trojan.LdPinch-133
      CPsecure BackDoor.W32.Prorat.V
      Dr.Web Trojan.PWS.LDPinch.2531
      F-Prot Antivirus W32/LdPinch.E.gen!Eldorado
      F-Secure Anti-Virus Trojan-PSW.Win32.PdPinch.gen
      G DATA Win32:LdPinch-DEZ
      Ikarus Trojan-PWS.Win32.LdPinch
      Kaspersky Anti-Virus Trojan-PSW.Win32.PdPinch.gen
      NOD32 a variant of Win32/PSW.LdPinch
      Norman Virus Control Sandbox: W32/Malware
      Panda Antivirus X
      Sophos Antivirus Troj/LdPnch-Gen
      VirusBuster X
      VBA32 MalwareScope.Trojan-PSW.Pinch.1


      You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
      We are not affiliated with any third parties that conduct tests using this service.
      0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    ca c le rapport pour Xinch.exe? ou bien ?
    0
    1. lardechois2
       
      C'est le rapport Virusscan jotti du fichier ASNDIS5.sys , j'ai copieé coller le tableau du bas. J
      Je viens de le refaire, mais cette fois je copie le résultat du scanner, désolé. Ils trouvent, est-ce que je peux le supprimer le bazard ASDIS5.sys ? Et comment ?
      Scanner results
      Scan taken on 01 Dec 2008 19:34:35 (GMT)
      A-Squared
      Found nothing
      AntiVir
      Found nothing
      ArcaVir
      Found nothing
      Avast
      Found nothing
      AVG Antivirus
      Found nothing
      BitDefender
      Found nothing
      ClamAV
      Found nothing
      CPsecure
      Found nothing
      Dr.Web
      Found nothing
      F-Prot Antivirus
      Found nothing
      F-Secure Anti-Virus
      Found nothing
      G DATA
      Found nothing
      Ikarus
      Found nothing
      Kaspersky Anti-Virus
      Found nothing
      NOD32
      Found nothing
      Norman Virus Control
      Found nothing
      Panda Antivirus
      Found nothing
      Sophos Antivirus
      Found nothing
      VirusBuster
      Found nothing
      VBA32
      Found nothing
      0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    personne ne trouve rien...

    on dirait que ce driver enfin d´apres ce que j´ai pu lire est en relation avec la veille du system...
    0
    1. lardechois2 Messages postés 2 Statut Membre
       
      en même temps, j'avais reinstaller Kapersky, et modifie un ou deux de ses paramètres, je vais tâcher de reprendre sa configuration "simple" pour voir s'il detecte encore le driver. Comme j'avais tendance à "refuser" toute les manip qu'il me proposait comme douteuses, il faut peut-être que j'autorise le travail de ce driver.
      POSITIF +++++ et merci baucoup, car j'ai retrouvé la page de demarrage d'IE et je n'ai plus le message d'erreur à l'extinction de la babasse "hpmon.exe l'initialisation de la dll a échoué car la station est en train de s'etteindre". Donc ton intervention fut profitale. Merci baucoup, on va dire que c'est réparé :). Il y a une manoueuvre sur ce forum pour marquer les post résoluts ?
      Bonne route à toi girly, qu'elle soit longue et heureuse.
      Respectueuses salutations
      0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    de rien lardechois2

    oui essaie de configurer kasperrsky peut être en étant moins parano :)

    post un dernier rapport hijack this cependant pour enlever le superflu :)

    @+
    0
    1. lardechois2
       
      Et voilà le rapport. J'ai autoriser la manip de ce driver, le pc est encore vivant, tout va bien se passer, c'est plus calme maintenant :)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:29:21, on 01/12/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Classic PhoneTools\CapFax.EXE
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\WLAN Card Utilities\Center.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Fichiers communs\AOL\1169876785\ee\aolsoftware.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\wanmpsvc.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Bertrand\Bureau\HiJackThis.exe

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
      O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll (file missing)
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
      O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech SetPoint.lnk = ?
      O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
      O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
      O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
      O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
      O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/27.44/uploader2.cab
      O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
      O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
      0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    coche et fix :

    O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll (file missing)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll (file missing)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
    O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/27.44/uploader2.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    puis

    regarde ce tutorial pour mettre ta console java a jour :

    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

    ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...

    un bonus :

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    tuto : https://www.malekal.com/tutorial-spywareblaster/

    pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

    http://www.mozilla-europe.org/fr/

    plugins :ad block plus, no script ect

    https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

    pour supprimer les outils utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    @+
    0
    1. lardechois2
       
      Bon, j'ai pas mis à jour Java, j'ai une mauvaise visibilité du truc, je m'y pencherai plus tard.
      J'ai utilisé toolcleaner, il a fait le menage, mais j'ai pas retrouvé son rapport ????? désolé, mais ce qui est sûr c'est qu'il a bien fonctionné. Bon, y'a pas un petit outil pour nettoyer toolcleaner qui en plus se nettoie tout seul ARFF (c'est la fatigue, désolé). Merci pour ton aide, Firefox, je m'y suis mis depuis deux jours et je vais aussi arrêter de surfer avec mon compte administrateur, c'est un vrai risque de faire ça, et je savais pas. J'ai appris pleins de truc suite à cette infection :)
      Encore merci
      Bertrand
      0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    d´accord très bien Bertrand :)
    oui c´est claire que surfer avec le compte administrateur c´est pas le top.
    bonne continuation a toi`
    bye`
    Julie`
    0