Sujet Précédent Sujet Suivant

Infection page de demarrage

Résolu/Fermé
lardechois2 Messages postés 2 Date d'inscription lundi 1 décembre 2008 Statut Membre Dernière intervention 1 décembre 2008 - 1 déc. 2008 à 17:39
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 1 déc. 2008 à 22:51
Bonjour,
DEpuis le 25 novembre, j'ai des soucis. J'ai subi une attaque que j'ai traité avec malwarebyte, ccleaner et un outil appelé genproc utilisant une palette de ressources (navilog, etc..). Tout semble avoir été nettoyé, sauf que ma page de demarrage d'IE continue à être modifié vers un pseudo site dont voici la capture d'écran:
http://picasaweb.google.fr/lh/photo/FFeEbacd-NmkBltoFBVZxg

Je pensais m'en sortir seul, mais y'a pas moyen de me débarrasser de cette saloperie, malgrés sbybot (qui ne trouve rien). De plus Kapersky m'indique toute une ribambelle de messages d'alerte de processus PID dont le numero change à chaque ouverture de IE qui cherche à modifier les cles de registre ou je sais pas trop quoi.Exemple :
http://picasaweb.google.fr/lh/photo/iLuAPqHm8nFqt2KI70tJLA

Commme je découvre ce genre de souci, je ne sais plus ou donner de la tête. La machine ne semble pas ralenti, juste le surf, mais depuis deux jours j'ai suivi les conseils de la toile et j'utilise Firefox, plus rapide, je n'ai plus ces soucis de message Kapersky à chaque ouverture de page. Bon, je dois avouer que j'ai un peu les boules là, j'ai peur d'être espionner, y'a un truc qui est arrivé à passer kapersky (surement à cause d'une mauvaise manip de la part d'un utilisateur de l'ordi), alors je vous demande humblement de l'aide.
Je tourne sous windows Xp familliale pack 3, IE jusqu'à peut, et antivirus KApersky
Voici un rapport Hijackthis des fois que...

PS : j'ai essayer de fixer sans succés les lignes 09 marquées "no name" et ExplorerSecurity, mais elles reviennent sans cesse


Merci par avance de l'attention porté à ce post
Cordialement






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:12, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebMediaViewer\hpmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\WLAN Card Utilities\Center.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Fichiers communs\AOL\1169876785\ee\aolsoftware.exe
C:\Program Files\WebMediaViewer\hpmom.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Bertrand\Bureau\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/27.44/uploader2.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
A voir également:

16 réponses

Réponse 1 / 16
Utilisateur anonyme
1 déc. 2008 à 17:45
Salut!

Important! Désactive ton antivirus / antispyware résident / TeaTimer de Spybot (si présent et actif)

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.


Poste alors le rapport généré. Rapport qui se trouve également ici: C:\TB.txt

A++
0
Réponse 2 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 déc. 2008 à 17:48
salut,

Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

http://oldtimer.geekstogo.com/OTMoveIt3.exe

En mode sans échec:

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,


:Processes
explorer.exe

:Reg
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]

:Files
C:\Program Files\WebMediaViewer
c:\program files\google

:Commands
[emptytemp]
[start explorer]
[Reboot]

et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).

@+
0
Réponse 3 / 16
lardechois2
1 déc. 2008 à 18:25
Voici le rapport ToolBar SD,
Merci pour votre aide, c'est gave ?


-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : BIOS Date: 11/20/06 11:07:02 Ver: 08.00.10
USER : Bertrand ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 7.0.1.325 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:51 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT - Total:247 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 01/12/2008|18:21 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 01/12/2008|18:22 - Option : [1]

-----------\\ Fin du rapport a 18:22:06,14
0
Réponse 4 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 déc. 2008 à 18:27
y a rien dans le rapport, passe ot_move it 3 comme je te l´ai indiqué :)
@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
lardechois2
1 déc. 2008 à 18:44
Voilà le rapport ot_movie, merci Girly

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}\\ not found.
========== FILES ==========
C:\Program Files\WebMediaViewer moved successfully.
c:\program files\Google\Toolbar for Firefox moved successfully.
c:\program files\Google\Installers moved successfully.
c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462 moved successfully.
c:\program files\Google\GoogleToolbarNotifier moved successfully.
c:\program files\Google\Google Earth\xml moved successfully.
c:\program files\Google\Google Earth\res\zw.country moved successfully.
c:\program files\Google\Google Earth\res\zm.country moved successfully.
c:\program files\Google\Google Earth\res\zh-hant.locale moved successfully.
c:\program files\Google\Google Earth\res\za.country moved successfully.
c:\program files\Google\Google Earth\res\yt.country moved successfully.
c:\program files\Google\Google Earth\res\ye.country moved successfully.
c:\program files\Google\Google Earth\res\ws.country moved successfully.
c:\program files\Google\Google Earth\res\wf.country moved successfully.
c:\program files\Google\Google Earth\res\vu.country moved successfully.
c:\program files\Google\Google Earth\res\vn.country moved successfully.
c:\program files\Google\Google Earth\res\vi.country moved successfully.
c:\program files\Google\Google Earth\res\vg.country moved successfully.
c:\program files\Google\Google Earth\res\ve.country moved successfully.
c:\program files\Google\Google Earth\res\vc.country moved successfully.
c:\program files\Google\Google Earth\res\va.country moved successfully.
c:\program files\Google\Google Earth\res\uz.country moved successfully.
c:\program files\Google\Google Earth\res\uy.country moved successfully.
c:\program files\Google\Google Earth\res\us.country moved successfully.
c:\program files\Google\Google Earth\res\um.country moved successfully.
c:\program files\Google\Google Earth\res\ug.country moved successfully.
c:\program files\Google\Google Earth\res\ua.country moved successfully.
c:\program files\Google\Google Earth\res\tz.country moved successfully.
c:\program files\Google\Google Earth\res\tw.country moved successfully.
c:\program files\Google\Google Earth\res\tv.country moved successfully.
c:\program files\Google\Google Earth\res\tt.country moved successfully.
c:\program files\Google\Google Earth\res\tr.country moved successfully.
c:\program files\Google\Google Earth\res\to.country moved successfully.
c:\program files\Google\Google Earth\res\tn.country moved successfully.
c:\program files\Google\Google Earth\res\tm.country moved successfully.
c:\program files\Google\Google Earth\res\tl.country moved successfully.
c:\program files\Google\Google Earth\res\tk.country moved successfully.
c:\program files\Google\Google Earth\res\tj.country moved successfully.
c:\program files\Google\Google Earth\res\th.country moved successfully.
c:\program files\Google\Google Earth\res\tg.country moved successfully.
c:\program files\Google\Google Earth\res\tf.country moved successfully.
c:\program files\Google\Google Earth\res\td.country moved successfully.
c:\program files\Google\Google Earth\res\tc.country moved successfully.
c:\program files\Google\Google Earth\res\sz.country moved successfully.
c:\program files\Google\Google Earth\res\sy.country moved successfully.
c:\program files\Google\Google Earth\res\sv.country moved successfully.
c:\program files\Google\Google Earth\res\st.country moved successfully.
c:\program files\Google\Google Earth\res\sr.country moved successfully.
c:\program files\Google\Google Earth\res\so.country moved successfully.
c:\program files\Google\Google Earth\res\sn.country moved successfully.
c:\program files\Google\Google Earth\res\sm.country moved successfully.
c:\program files\Google\Google Earth\res\sl.country moved successfully.
c:\program files\Google\Google Earth\res\sk.country moved successfully.
c:\program files\Google\Google Earth\res\sj.country moved successfully.
c:\program files\Google\Google Earth\res\si.country moved successfully.
c:\program files\Google\Google Earth\res\shapes moved successfully.
c:\program files\Google\Google Earth\res\sh.country moved successfully.
c:\program files\Google\Google Earth\res\sg.country moved successfully.
c:\program files\Google\Google Earth\res\se.country moved successfully.
c:\program files\Google\Google Earth\res\sd.country moved successfully.
c:\program files\Google\Google Earth\res\sc.country moved successfully.
c:\program files\Google\Google Earth\res\sb.country moved successfully.
c:\program files\Google\Google Earth\res\sa.country moved successfully.
c:\program files\Google\Google Earth\res\rw.country moved successfully.
c:\program files\Google\Google Earth\res\ru.locale moved successfully.
c:\program files\Google\Google Earth\res\ru.country moved successfully.
c:\program files\Google\Google Earth\res\rs.country moved successfully.
c:\program files\Google\Google Earth\res\ro.country moved successfully.
c:\program files\Google\Google Earth\res\re.country moved successfully.
c:\program files\Google\Google Earth\res\qa.country moved successfully.
c:\program files\Google\Google Earth\res\py.country moved successfully.
c:\program files\Google\Google Earth\res\pw.country moved successfully.
c:\program files\Google\Google Earth\res\pushpin moved successfully.
c:\program files\Google\Google Earth\res\pt.country moved successfully.
c:\program files\Google\Google Earth\res\ps.country moved successfully.
c:\program files\Google\Google Earth\res\pr.country moved successfully.
c:\program files\Google\Google Earth\res\pn.country moved successfully.
c:\program files\Google\Google Earth\res\pm.country moved successfully.
c:\program files\Google\Google Earth\res\pl.country moved successfully.
c:\program files\Google\Google Earth\res\pk.country moved successfully.
c:\program files\Google\Google Earth\res\ph.country moved successfully.
c:\program files\Google\Google Earth\res\pg.country moved successfully.
c:\program files\Google\Google Earth\res\pf.country moved successfully.
c:\program files\Google\Google Earth\res\pe.country moved successfully.
c:\program files\Google\Google Earth\res\paddle moved successfully.
c:\program files\Google\Google Earth\res\pa.country moved successfully.
c:\program files\Google\Google Earth\res\om.country moved successfully.
c:\program files\Google\Google Earth\res\nz.country moved successfully.
c:\program files\Google\Google Earth\res\nu.country moved successfully.
c:\program files\Google\Google Earth\res\nr.country moved successfully.
c:\program files\Google\Google Earth\res\np.country moved successfully.
c:\program files\Google\Google Earth\res\no.country moved successfully.
c:\program files\Google\Google Earth\res\nl.country moved successfully.
c:\program files\Google\Google Earth\res\ni.country moved successfully.
c:\program files\Google\Google Earth\res\ng.country moved successfully.
c:\program files\Google\Google Earth\res\nf.country moved successfully.
c:\program files\Google\Google Earth\res\ne.country moved successfully.
c:\program files\Google\Google Earth\res\nc.country moved successfully.
c:\program files\Google\Google Earth\res\na.country moved successfully.
c:\program files\Google\Google Earth\res\mz.country moved successfully.
c:\program files\Google\Google Earth\res\my.country moved successfully.
c:\program files\Google\Google Earth\res\mx.country moved successfully.
c:\program files\Google\Google Earth\res\mw.country moved successfully.
c:\program files\Google\Google Earth\res\mv.country moved successfully.
c:\program files\Google\Google Earth\res\mu.country moved successfully.
c:\program files\Google\Google Earth\res\mt.country moved successfully.
c:\program files\Google\Google Earth\res\ms.country moved successfully.
c:\program files\Google\Google Earth\res\mr.country moved successfully.
c:\program files\Google\Google Earth\res\mq.country moved successfully.
c:\program files\Google\Google Earth\res\mp.country moved successfully.
c:\program files\Google\Google Earth\res\mo.country moved successfully.
c:\program files\Google\Google Earth\res\mn.country moved successfully.
c:\program files\Google\Google Earth\res\mm.country moved successfully.
c:\program files\Google\Google Earth\res\ml.country moved successfully.
c:\program files\Google\Google Earth\res\mk.country moved successfully.
c:\program files\Google\Google Earth\res\mh.country moved successfully.
c:\program files\Google\Google Earth\res\mg.country moved successfully.
c:\program files\Google\Google Earth\res\me.country moved successfully.
c:\program files\Google\Google Earth\res\md.country moved successfully.
c:\program files\Google\Google Earth\res\mc.country moved successfully.
c:\program files\Google\Google Earth\res\ma.country moved successfully.
c:\program files\Google\Google Earth\res\ly.country moved successfully.
c:\program files\Google\Google Earth\res\lv.country moved successfully.
c:\program files\Google\Google Earth\res\lu.country moved successfully.
c:\program files\Google\Google Earth\res\lt.country moved successfully.
c:\program files\Google\Google Earth\res\ls.country moved successfully.
c:\program files\Google\Google Earth\res\lr.country moved successfully.
c:\program files\Google\Google Earth\res\lk.country moved successfully.
c:\program files\Google\Google Earth\res\li.country moved successfully.
c:\program files\Google\Google Earth\res\lc.country moved successfully.
c:\program files\Google\Google Earth\res\lb.country moved successfully.
c:\program files\Google\Google Earth\res\la.country moved successfully.
c:\program files\Google\Google Earth\res\kz.country moved successfully.
c:\program files\Google\Google Earth\res\ky.country moved successfully.
c:\program files\Google\Google Earth\res\kw.country moved successfully.
c:\program files\Google\Google Earth\res\kr.country moved successfully.
c:\program files\Google\Google Earth\res\kp.country moved successfully.
c:\program files\Google\Google Earth\res\ko.locale moved successfully.
c:\program files\Google\Google Earth\res\kn.country moved successfully.
c:\program files\Google\Google Earth\res\km.country moved successfully.
c:\program files\Google\Google Earth\res\ki.country moved successfully.
c:\program files\Google\Google Earth\res\kh.country moved successfully.
c:\program files\Google\Google Earth\res\kg.country moved successfully.
c:\program files\Google\Google Earth\res\ke.country moved successfully.
c:\program files\Google\Google Earth\res\jp.country moved successfully.
c:\program files\Google\Google Earth\res\jo.country moved successfully.
c:\program files\Google\Google Earth\res\jm.country moved successfully.
c:\program files\Google\Google Earth\res\je.country moved successfully.
c:\program files\Google\Google Earth\res\it.country moved successfully.
c:\program files\Google\Google Earth\res\is.country moved successfully.
c:\program files\Google\Google Earth\res\ir.country moved successfully.
c:\program files\Google\Google Earth\res\iq.country moved successfully.
c:\program files\Google\Google Earth\res\io.country moved successfully.
c:\program files\Google\Google Earth\res\in.country moved successfully.
c:\program files\Google\Google Earth\res\im.country moved successfully.
c:\program files\Google\Google Earth\res\il.country moved successfully.
c:\program files\Google\Google Earth\res\ie.country moved successfully.
c:\program files\Google\Google Earth\res\id.country moved successfully.
c:\program files\Google\Google Earth\res\hu.country moved successfully.
c:\program files\Google\Google Earth\res\ht.country moved successfully.
c:\program files\Google\Google Earth\res\hr.country moved successfully.
c:\program files\Google\Google Earth\res\hn.country moved successfully.
c:\program files\Google\Google Earth\res\hm.country moved successfully.
c:\program files\Google\Google Earth\res\hk.country moved successfully.
c:\program files\Google\Google Earth\res\gy.country moved successfully.
c:\program files\Google\Google Earth\res\gw.country moved successfully.
c:\program files\Google\Google Earth\res\gu.country moved successfully.
c:\program files\Google\Google Earth\res\gt.country moved successfully.
c:\program files\Google\Google Earth\res\gs.country moved successfully.
c:\program files\Google\Google Earth\res\gr.country moved successfully.
c:\program files\Google\Google Earth\res\gq.country moved successfully.
c:\program files\Google\Google Earth\res\gp.country moved successfully.
c:\program files\Google\Google Earth\res\gn.country moved successfully.
c:\program files\Google\Google Earth\res\gm.country moved successfully.
c:\program files\Google\Google Earth\res\gl.country moved successfully.
c:\program files\Google\Google Earth\res\gi.country moved successfully.
c:\program files\Google\Google Earth\res\gh.country moved successfully.
c:\program files\Google\Google Earth\res\gg.country moved successfully.
c:\program files\Google\Google Earth\res\gf.country moved successfully.
c:\program files\Google\Google Earth\res\ge.country moved successfully.
c:\program files\Google\Google Earth\res\gd.country moved successfully.
c:\program files\Google\Google Earth\res\gb.country moved successfully.
c:\program files\Google\Google Earth\res\ga.country moved successfully.
c:\program files\Google\Google Earth\res\fr.country moved successfully.
c:\program files\Google\Google Earth\res\fo.country moved successfully.
c:\program files\Google\Google Earth\res\fm.country moved successfully.
c:\program files\Google\Google Earth\res\flightsim\planet moved successfully.
c:\program files\Google\Google Earth\res\flightsim\keyboard moved successfully.
c:\program files\Google\Google Earth\res\flightsim\hud moved successfully.
c:\program files\Google\Google Earth\res\flightsim\controller moved successfully.
c:\program files\Google\Google Earth\res\flightsim\aircraft moved successfully.
c:\program files\Google\Google Earth\res\flightsim moved successfully.
c:\program files\Google\Google Earth\res\fk.country moved successfully.
c:\program files\Google\Google Earth\res\fj.country moved successfully.
c:\program files\Google\Google Earth\res\fi.country moved successfully.
c:\program files\Google\Google Earth\res\et.country moved successfully.
c:\program files\Google\Google Earth\res\es.country moved successfully.
c:\program files\Google\Google Earth\res\er.country moved successfully.
c:\program files\Google\Google Earth\res\eh.country moved successfully.
c:\program files\Google\Google Earth\res\eg.country moved successfully.
c:\program files\Google\Google Earth\res\ee.country moved successfully.
c:\program files\Google\Google Earth\res\ec.country moved successfully.
c:\program files\Google\Google Earth\res\dz.country moved successfully.
c:\program files\Google\Google Earth\res\do.country moved successfully.
c:\program files\Google\Google Earth\res\dm.country moved successfully.
c:\program files\Google\Google Earth\res\dk.country moved successfully.
c:\program files\Google\Google Earth\res\dj.country moved successfully.
c:\program files\Google\Google Earth\res\de.country moved successfully.
c:\program files\Google\Google Earth\res\cz.country moved successfully.
c:\program files\Google\Google Earth\res\cy.country moved successfully.
c:\program files\Google\Google Earth\res\cx.country moved successfully.
c:\program files\Google\Google Earth\res\cv.country moved successfully.
c:\program files\Google\Google Earth\res\cu.country moved successfully.
c:\program files\Google\Google Earth\res\cr.country moved successfully.
c:\program files\Google\Google Earth\res\co.country moved successfully.
c:\program files\Google\Google Earth\res\cn.country moved successfully.
c:\program files\Google\Google Earth\res\cm.country moved successfully.
c:\program files\Google\Google Earth\res\cl.country moved successfully.
c:\program files\Google\Google Earth\res\ck.country moved successfully.
c:\program files\Google\Google Earth\res\ci.country moved successfully.
c:\program files\Google\Google Earth\res\ch.country moved successfully.
c:\program files\Google\Google Earth\res\cg.country moved successfully.
c:\program files\Google\Google Earth\res\cf.country moved successfully.
c:\program files\Google\Google Earth\res\cd.country moved successfully.
c:\program files\Google\Google Earth\res\cc.country moved successfully.
c:\program files\Google\Google Earth\res\ca.country moved successfully.
c:\program files\Google\Google Earth\res\bz.country moved successfully.
c:\program files\Google\Google Earth\res\by.country moved successfully.
c:\program files\Google\Google Earth\res\bw.country moved successfully.
c:\program files\Google\Google Earth\res\bv.country moved successfully.
c:\program files\Google\Google Earth\res\bt.country moved successfully.
c:\program files\Google\Google Earth\res\bs.country moved successfully.
c:\program files\Google\Google Earth\res\br.country moved successfully.
c:\program files\Google\Google Earth\res\bo.country moved successfully.
c:\program files\Google\Google Earth\res\bn.country moved successfully.
c:\program files\Google\Google Earth\res\bm.country moved successfully.
c:\program files\Google\Google Earth\res\bj.country moved successfully.
c:\program files\Google\Google Earth\res\bi.country moved successfully.
c:\program files\Google\Google Earth\res\bh.country moved successfully.
c:\program files\Google\Google Earth\res\bg.country moved successfully.
c:\program files\Google\Google Earth\res\bf.country moved successfully.
c:\program files\Google\Google Earth\res\be.country moved successfully.
c:\program files\Google\Google Earth\res\bd.country moved successfully.
c:\program files\Google\Google Earth\res\bb.country moved successfully.
c:\program files\Google\Google Earth\res\ba.country moved successfully.
c:\program files\Google\Google Earth\res\az.country moved successfully.
c:\program files\Google\Google Earth\res\ax.country moved successfully.
c:\program files\Google\Google Earth\res\aw.country moved successfully.
c:\program files\Google\Google Earth\res\au.country moved successfully.
c:\program files\Google\Google Earth\res\at.country moved successfully.
c:\program files\Google\Google Earth\res\as.country moved successfully.
c:\program files\Google\Google Earth\res\ar.locale moved successfully.
c:\program files\Google\Google Earth\res\ar.country moved successfully.
c:\program files\Google\Google Earth\res\aq.country moved successfully.
c:\program files\Google\Google Earth\res\ao.country moved successfully.
c:\program files\Google\Google Earth\res\an.country moved successfully.
c:\program files\Google\Google Earth\res\am.country moved successfully.
c:\program files\Google\Google Earth\res\al.country moved successfully.
c:\program files\Google\Google Earth\res\ai.country moved successfully.
c:\program files\Google\Google Earth\res\ag.country moved successfully.
c:\program files\Google\Google Earth\res\af.country moved successfully.
c:\program files\Google\Google Earth\res\ae.country moved successfully.
c:\program files\Google\Google Earth\res\ad.country moved successfully.
c:\program files\Google\Google Earth\res moved successfully.
c:\program files\Google\Google Earth\lang moved successfully.
c:\program files\Google\Google Earth\kvw moved successfully.
c:\program files\Google\Google Earth\alchemy\optimizations moved successfully.
c:\program files\Google\Google Earth\alchemy\ogl moved successfully.
c:\program files\Google\Google Earth\alchemy\dx moved successfully.
c:\program files\Google\Google Earth\alchemy moved successfully.
c:\program files\Google\Google Earth moved successfully.
c:\program files\Google\Common\Google Updater moved successfully.
c:\program files\Google\Common moved successfully.
c:\program files\Google moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12012008_183811
0
Réponse 6 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 déc. 2008 à 18:46
post un nouveau rapport hijack this stp

@+
0
Réponse 7 / 16
Utilisateur anonyme
1 déc. 2008 à 18:49
Bien vu G!rly!

Bonne continuation.

A++ ;))
0
Réponse 8 / 16
lardechois2
1 déc. 2008 à 18:52
Oups, désolé j'aurai pu y penser :)
Bon, pour info, quand j'ouvre IE j'ai retrouvé ma page de démarrage, c'est cool (même si je n'ouvrirai plus IE de longtemps)

Voilà le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:29, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\WLAN Card Utilities\Center.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\AOL\1169876785\ee\aolsoftware.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Bertrand\Bureau\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/27.44/uploader2.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 9 / 16
lardechois2
1 déc. 2008 à 18:54
par contre, Kapersky me signale toujours ça :

01/12/2008 18:52:32 Processus C:\WINDOWS\system32\services.exe (PID: 1024): action création composition des bibliothèques système chargées au démarrage du système d'exploitation (clé HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ASNDIS5, valeurs ImagePath, données \??\C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS) bloquée.
0
Réponse 10 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 déc. 2008 à 19:06
peux tu passer ceci :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.
0
lardechois2
1 déc. 2008 à 20:03
Bon, désolé le scan a duré longtemps, j'avais déjà insatallé Malwarebytes, j'ai fais une MAJ, et voilà le rapport, il n'a rien trouvé :
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 3

01/12/2008 20:02:05
mbam-log-2008-12-01 (20-02-05).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 121803
Temps écoulé: 35 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 11 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 déc. 2008 à 20:09
d´accord

a mon avis c´est un faux positif :

https://www.greatis.com/appdata/a/a/asndis5.sys.htm

https://www.broadcom.com/

http://www.prevx.com/filenames/103048015887488452-0/ASNDIS52ESYS.html

tu peux le faire analyser

Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

@+
0
lardechois2
1 déc. 2008 à 20:30
Et hop, encore un rapport :)

Last file scanned at least one scanner reported something about: Xinch.exe (MD5: 368ac338514e5c9189dbcc44495c8997, size: 24064 bytes), detected by:

Scanner Malware name
A-Squared Trojan-PWS.Win32.LdPinch!IK
AntiVir TR/Spy.Gen
ArcaVir X
Avast Win32:LdPinch-DEZ
AVG Antivirus X
BitDefender Generic.PWStealer.416489ED
ClamAV Trojan.LdPinch-133
CPsecure BackDoor.W32.Prorat.V
Dr.Web Trojan.PWS.LDPinch.2531
F-Prot Antivirus W32/LdPinch.E.gen!Eldorado
F-Secure Anti-Virus Trojan-PSW.Win32.PdPinch.gen
G DATA Win32:LdPinch-DEZ
Ikarus Trojan-PWS.Win32.LdPinch
Kaspersky Anti-Virus Trojan-PSW.Win32.PdPinch.gen
NOD32 a variant of Win32/PSW.LdPinch
Norman Virus Control Sandbox: W32/Malware
Panda Antivirus X
Sophos Antivirus Troj/LdPnch-Gen
VirusBuster X
VBA32 MalwareScope.Trojan-PSW.Pinch.1


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
0
Réponse 12 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 déc. 2008 à 20:32
ca c le rapport pour Xinch.exe? ou bien ?
0
lardechois2
1 déc. 2008 à 20:40
C'est le rapport Virusscan jotti du fichier ASNDIS5.sys , j'ai copieé coller le tableau du bas. J
Je viens de le refaire, mais cette fois je copie le résultat du scanner, désolé. Ils trouvent, est-ce que je peux le supprimer le bazard ASDIS5.sys ? Et comment ?
Scanner results
Scan taken on 01 Dec 2008 19:34:35 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
0
Réponse 13 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 déc. 2008 à 20:47
personne ne trouve rien...

on dirait que ce driver enfin d´apres ce que j´ai pu lire est en relation avec la veille du system...
0
lardechois2 Messages postés 2 Date d'inscription lundi 1 décembre 2008 Statut Membre Dernière intervention 1 décembre 2008
1 déc. 2008 à 21:03
en même temps, j'avais reinstaller Kapersky, et modifie un ou deux de ses paramètres, je vais tâcher de reprendre sa configuration "simple" pour voir s'il detecte encore le driver. Comme j'avais tendance à "refuser" toute les manip qu'il me proposait comme douteuses, il faut peut-être que j'autorise le travail de ce driver.
POSITIF +++++ et merci baucoup, car j'ai retrouvé la page de demarrage d'IE et je n'ai plus le message d'erreur à l'extinction de la babasse "hpmon.exe l'initialisation de la dll a échoué car la station est en train de s'etteindre". Donc ton intervention fut profitale. Merci baucoup, on va dire que c'est réparé :). Il y a une manoueuvre sur ce forum pour marquer les post résoluts ?
Bonne route à toi girly, qu'elle soit longue et heureuse.
Respectueuses salutations
0
Réponse 14 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 déc. 2008 à 21:16
de rien lardechois2

oui essaie de configurer kasperrsky peut être en étant moins parano :)

post un dernier rapport hijack this cependant pour enlever le superflu :)

@+
0
lardechois2
1 déc. 2008 à 21:31
Et voilà le rapport. J'ai autoriser la manip de ce driver, le pc est encore vivant, tout va bien se passer, c'est plus calme maintenant :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:21, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\WLAN Card Utilities\Center.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\AOL\1169876785\ee\aolsoftware.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bertrand\Bureau\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/27.44/uploader2.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 15 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 déc. 2008 à 21:44
ok

coche et fix :

O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/27.44/uploader2.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

puis

regarde ce tutorial pour mettre ta console java a jour :

https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...

un bonus :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/

pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.mozilla-europe.org/fr/

plugins :ad block plus, no script ect

https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

pour supprimer les outils utilisés :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

@+
0
lardechois2
1 déc. 2008 à 22:49
Bon, j'ai pas mis à jour Java, j'ai une mauvaise visibilité du truc, je m'y pencherai plus tard.
J'ai utilisé toolcleaner, il a fait le menage, mais j'ai pas retrouvé son rapport ????? désolé, mais ce qui est sûr c'est qu'il a bien fonctionné. Bon, y'a pas un petit outil pour nettoyer toolcleaner qui en plus se nettoie tout seul ARFF (c'est la fatigue, désolé). Merci pour ton aide, Firefox, je m'y suis mis depuis deux jours et je vais aussi arrêter de surfer avec mon compte administrateur, c'est un vrai risque de faire ça, et je savais pas. J'ai appris pleins de truc suite à cette infection :)
Encore merci
Bertrand
0
Réponse 16 / 16
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 déc. 2008 à 22:51
d´accord très bien Bertrand :)
oui c´est claire que surfer avec le compte administrateur c´est pas le top.
bonne continuation a toi`
bye`
Julie`
0

Discussions similaires

[PIX] Commencer chaque poème sur une nouvelle page
ETHAN -
Willzac -

19 réponses