Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

bonjour help me please problème avec pub CID intenpestive

jean philippe
 Partager

Messages recommandés

jean philippe Junior Member

jean philippe

Posté(e)
Posté(e)

bonjour à tous

depuis quelque temps je suis ennuyé avec l'apparition de pub CID

que je n arrive pas a érradiquer

j'aurais besoin d'aide merci à vous

 

je post un rapport HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:42:01, on 02/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HPQ\shared\hpqwmi.exe

C:\Documents and Settings\sebastien\Mes documents\logiciel de desinfection ne pas toucher\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Funk poke.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Holdinside] C:\DOCUME~1\SEBAST~1\APPLIC~1\BASHOW~1\More Part View.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1198430931875

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198751848281

O17 - HKLM\System\CCS\Services\Tcpip\..\{63DB3960-7185-4C82-BF1E-B8832CFBC04F}: NameServer = 213.36.80.1

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 9922 bytes

jean philippe Junior Member

jean philippe

Posté(e)
  • Auteur
Posté(e)
Bonjour

 

Je vous conseil de changer d'antivirus

 

Suivez ce tuto mais au lieu de supprimer Antivir gardez le et supprimez Avast

http://forum.zebulon.fr/index.php?showtopic=83986

 

Postez le rapport antivir et un nouveau HJT

 

Cordialement

 

 

bonjour regis56

merci pour votre aide

comme vous me l avez demandé voici le rapport antivir et HJT

 

rapport Antivir

 

 

 

AntiVir PersonalEdition Classic

Report file date: dimanche 2 mars 2008 15:33

 

Scanning for 1129035 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: sebastien

Computer name: SEBASTIE-0C9140

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 14:12:16

ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 14:12:16

ANTIVIR3.VDF : 7.0.2.215 117248 Bytes 29/02/2008 14:12:16

AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 02/03/2008 14:12:17

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 02/03/2008 14:12:17

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Manual Selection

Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: delete

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: dimanche 2 mars 2008 15:33

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

12 processes with 12 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '43' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\sebastien\Application Data\BashOwnsLoad\izlwpjgx.exe

[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

[iNFO] A backup was created as '4836bb76.qua' ( QUARANTINE )

[iNFO] The file was deleted!

C:\Documents and Settings\sebastien\Application Data\BashOwnsLoad\lkjqgfxx.exe

[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

[iNFO] A backup was created as '4834bb67.qua' ( QUARANTINE )

[iNFO] The file was deleted!

C:\Documents and Settings\sebastien\Application Data\BashOwnsLoad\lpdnnnui.exe

[DETECTION] Is the Trojan horse TR/Obfusgen.A.5355

[iNFO] A backup was created as '482ebb6d.qua' ( QUARANTINE )

[iNFO] The file was deleted!

C:\Documents and Settings\sebastien\Application Data\BashOwnsLoad\rudunmbd.exe

[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

[iNFO] A backup was created as '482ebb72.qua' ( QUARANTINE )

[iNFO] The file was deleted!

C:\Documents and Settings\sebastien\Application Data\BashOwnsLoad\vqclqffm.exe

[DETECTION] Is the Trojan horse TR/Obfusgen.A.5342

[iNFO] A backup was created as '482dbb6f.qua' ( QUARANTINE )

[iNFO] The file was deleted!

C:\WINDOWS\system32\service.MSNFix

[DETECTION] Is the Trojan horse TR/Agent.90112.G

[iNFO] A backup was created as '483ccb63.qua' ( QUARANTINE )

[iNFO] The file was deleted!

 

 

End of the scan: dimanche 2 mars 2008 16:51

Used time: 1:18:08 min

 

The scan has been done completely.

 

4689 Scanning directories

181865 Files were scanned

6 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

6 files were deleted

0 files were repaired

6 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

181859 Files not concerned

751 Archives were scanned

1 Warnings

1 Notes

 

 

ainsi que le rapport HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:15:38, on 02/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HPQ\shared\hpqwmi.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\sebastien\Mes documents\logiciel de desinfection ne pas toucher\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Funk poke.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Holdinside] C:\DOCUME~1\SEBAST~1\APPLIC~1\BASHOW~1\More Part View.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1198430931875

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198751848281

O17 - HKLM\System\CCS\Services\Tcpip\..\{63DB3960-7185-4C82-BF1E-B8832CFBC04F}: NameServer = 213.36.80.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{B4889C1D-1380-49B5-B793-5CCCDDEBF86E}: NameServer = 212.27.32.176,212.27.32.177

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 10057 bytes

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonsoir,

 

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.

Déroule la liste des instructions ci-dessous :

  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

N.B.:

- Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.

 

Attends confirmation d'un membre de la sécurité ou de Regis56 pour l'interprétation des rapports, mais cela devrait suffire à éradiquer l'infection restante.

 

Après, il faudra penser à mettre la console Java à jour puis désinstaller les anciennes versions via ajout/suppression de programmes:

 

http://www.filehippo.com/download_java_runtime/

 

Bonne soirée à vous deux. :P

jean philippe Junior Member

jean philippe

Posté(e)
  • Auteur
Posté(e)

merci à vous de me consacrer un peux de votre temp

 

voici le rapport SDFIX

 

SDFix: Version 1.150

 

Run by sebastien on 02/03/2008 at 18:26

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\SEBAST~1\Bureau\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-02 18:43:02

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 5

 

 

Remaining Services :

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Thu 5 Aug 2004 65,024 A.SH. --- "C:\WINDOWS\system32\asycfilt.dll"

Fri 25 Aug 2006 617,472 A.SH. --- "C:\WINDOWS\system32\comctl32.dll"

Thu 5 Aug 2004 1,028,096 A.SH. --- "C:\WINDOWS\system32\mfc42.dll"

Thu 5 Aug 2004 57,344 A.SH. --- "C:\WINDOWS\system32\mfc42loc.dll"

Wed 20 Sep 1995 35,088 A.SH. --- "C:\WINDOWS\system32\msjint32.dll"

Wed 20 Sep 1995 977,680 A.SH. --- "C:\WINDOWS\system32\msjt3032.dll"

Wed 20 Sep 1995 23,824 A.SH. --- "C:\WINDOWS\system32\msjter32.dll"

Thu 5 Aug 2004 413,696 A.SH. --- "C:\WINDOWS\system32\msvcp60.dll"

Thu 5 Aug 2004 343,040 A.SH. --- "C:\WINDOWS\system32\msvcrt.dll"

Thu 5 Aug 2004 253,952 A.SH. --- "C:\WINDOWS\system32\msvcrt20.dll"

Tue 4 Dec 2007 550,912 A.SH. --- "C:\WINDOWS\system32\oleaut32.dll"

Thu 5 Aug 2004 83,456 A.SH. --- "C:\WINDOWS\system32\olepro32.dll"

Thu 5 Aug 2004 30,749 A.SH. --- "C:\WINDOWS\system32\vbajet32.dll"

Sun 24 Sep 1995 243,472 A.SH. --- "C:\WINDOWS\system32\vbar2232.dll"

Mon 18 May 1998 368,912 A.SH. --- "C:\WINDOWS\system32\vbar332.dll"

Tue 27 Feb 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Tue 13 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Wed 11 Jul 2007 83,456 A..H. --- "C:\Documents and Settings\sebastien\Mes documents\Mes eBooks\~WRL0004.tmp"

Tue 3 Jul 2007 196,096 A..H. --- "C:\Documents and Settings\sebastien\Mes documents\Mes eBooks\~WRL0986.tmp"

Wed 11 Jul 2007 52,224 A..H. --- "C:\Documents and Settings\sebastien\Mes documents\Mes eBooks\~WRL1547.tmp"

Fri 27 Jul 2007 192,512 ...H. --- "C:\Documents and Settings\sebastien\Mes documents\Mes eBooks\~WRL2601.tmp"

Fri 6 Jul 2007 183,296 A..H. --- "C:\Documents and Settings\sebastien\Mes documents\Mes eBooks\~WRL3552.tmp"

 

Finished!

 

ainsi que le nouveau rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:55:24, on 02/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\sebastien\Mes documents\logiciel de desinfection ne pas toucher\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Funk poke.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Holdinside] C:\DOCUME~1\SEBAST~1\APPLIC~1\BASHOW~1\More Part View.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1198430931875

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198751848281

O17 - HKLM\System\CCS\Services\Tcpip\..\{63DB3960-7185-4C82-BF1E-B8832CFBC04F}: NameServer = 213.36.80.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{B4889C1D-1380-49B5-B793-5CCCDDEBF86E}: NameServer = 212.27.32.176,212.27.32.177

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 9919 bytes

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonsoir,

 

Pouvez vous faire ceci

 

-Télécharger findlop de Metallica :P ici

http://metallica.geekstogo.com/findlop.zip

 

Créer un répertoire ici :

C:\findlop

Dézipper le dedans et lancer le en double cliquant sur findlop.bat

cela va générer un rapport qui se trouve ici

=> C:\findlop.txt

 

Coller le rapport dans la prochaine réponse.

jean philippe Junior Member

jean philippe

Posté(e)
  • Auteur
Posté(e)
Bonsoir,

 

Pouvez vous faire ceci

 

-Télécharger findlop de Metallica :P ici

http://metallica.geekstogo.com/findlop.zip

 

Créer un répertoire ici :

C:\findlop

Dézipper le dedans et lancer le en double cliquant sur findlop.bat

cela va générer un rapport qui se trouve ici

=> C:\findlop.txt

 

Coller le rapport dans la prochaine réponse.

 

bonsoir

voici le rapport generé avec findlop

 

[TRACE] Enumerating jobs and queues

[TRACE] Activating job 'A1EBD9FB91884A9B.job'

[TRACE] Printing all job properties

 

ApplicationName: 'c:\docume~1\sebast~1\applic~1\bashow~1\close sign axis.exe'

Parameters: ''

WorkingDirectory: ''

Comment: ''

Creator: 'sebastien'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 03/02/2008 20:00:00

NextRun: 03/02/2008 21:00:00

StartError: S_OK

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 10/27/1998

EndDate: 00/00/0000

StartTime: 00:00

MinutesDuration: 1440

MinutesInterval: 60

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonsoir

 

Très bien faite ceci :

 

 

*Redémarrer en mode sans échec.

(au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] ou [F5] jusqu'à l'affichage du menu des options avancées de Windows. Sélectionner "Mode sans échec" et appuyer sur [Entrée].)

 

*Désinstaller via "panneau de configuration/ajout-suppression de programmes"

  • CiD
  • BitGrabber
  • Bitdownload
  • Messengerplus

*Fixer les lignes correspondant à l infection :

 

Lancer un scan HijackThis, cliquer sur "Do a system scan only" et cocher la ligne ci-dessous (si présentes) :

 

O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Funk poke.exe

O4 - HKCU\..\Run: [Holdinside] C:\DOCUME~1\SEBAST~1\APPLIC~1\BASHOW~1\More Part View.exe

 

Fermer toutes les fenêtres sauf HijackThis et "Fix Checked".

 

Cliquez sur démarrer/executer/

Copiez/collez

Rentrez le chemin indiqué en rouge C:\Documents and Settings\All Users\Application Data\file joy proc deaf\

Le dossier va s'ouvrir

Reviennez dessus et supprimez le !

 

Faite de même pour

C:\DOCUME~1\SEBAST~1\APPLIC~1\BASHOW~1\

 

Copier ce qui apparait dans la boîte ci-dessous (touches CTRL+C)

Ouvrir Notepad, menu Edition -> coller (ou directement CTRL+V).

Puis menu Fichier -> sauvegarder sous... choisir Bureau.

Nom du fichier : remlop.bat et dans type , choisir "tous les fichiers".

 

@echo off

cd C:\WINDOWS\Tasks

attrib -r -s -h A1EBD9FB91884A9B.job

del A1EBD9FB91884A9B.job

exit

 

Double-cliquer sur remlop.bat (présent sur le Bureau)

Une fenêtre s'ouvrira et se fermera très rapidement, c'est normal.

 

Redémarrez en mode normal

 

Ensuite faite ceci

 

Téléchargez Lop S&D de Angeldark et Eric71 sur ton bureau.

  • Décompressez l'archive obtenue en faisant un clic-droit et 'Extraire tout'.
  • Double-cliquez sur le nouveau répertoire Lop S&D obtenu et double-cliquez sur Scan.bat (il est possible que l'extension .bat n'apparaisse pas suivant les options d'affichage définies).
  • Tape R pour Rechercher et validez votre choix par la touche Entrée.
  • Laissez l'outil travailler, il va générer un rapport, postez le à la suite.

* Si votre antivirus réagit, autorisez l'outil à s'installer et travailler.

 

Faite un deuxième passage :

  • S pour suppression.
  • Postez le rapport généré.

Et enfin remettez un rapport hijackthis et indiquez nous comment se comporte votre pc

 

Cordialement

jean philippe Junior Member

jean philippe

Posté(e)
  • Auteur
Posté(e)

bonjour désolé du retard je rentre du boulot

je viens d effectuer les dernieres manip demandé plus haut voici les rapports générés

 

rapport LopS&D option recherche

 

 

-----------------------------[ Lop S&D 4.0.3 ]---------------------------

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : sebastien ] [ "C:\Lop SD" ]

[ 03/03/2008 | 16:58:48,84 ] [ PC : SEBASTIE-0C9140 ]

[ MAJ : 02-03-2008 | 20:16 ]

 

-------------[ Listing des dossiers dans Application Data ]------------

 

[20/02/2007|19:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\.

[20/02/2007|19:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\..

[20/02/2007|19:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini

[20/02/2007|18:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

 

[02/03/2008|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.

[02/03/2008|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..

[27/01/2008|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\120 118300.34

[02/03/2008|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html

[14/10/2007|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[20/02/2007|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[02/03/2008|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[20/02/2007|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[29/09/2007|08:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations

[03/03/2008|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\file joy proc deaf

[27/02/2008|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[20/02/2008|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft

[20/02/2007|20:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard

[20/02/2007|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpqwmi

[20/02/2007|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log

[28/08/2007|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations

[20/02/2007|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[28/01/2008|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[11/01/2008|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

[28/01/2008|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[30/09/2007|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla

[28/09/2007|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies

[29/11/2007|06:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite

[28/03/2007|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[03/11/2007|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor

[03/11/2007|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sansendommagement

[18/02/2008|22:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony

[18/02/2008|21:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[20/02/2007|23:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[27/02/2008|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[21/02/2007|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[28/03/2007|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

 

[20/02/2007|19:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.

[20/02/2007|19:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..

[20/02/2007|19:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[20/02/2007|18:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[31/05/2007|17:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[31/05/2007|17:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\..

[20/02/2007|19:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[31/05/2007|17:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\PC Suite

 

[14/06/2007|19:23] C:\DOCUME~1\NETWOR~1\APPLIC~1\.

[14/06/2007|19:23] C:\DOCUME~1\NETWOR~1\APPLIC~1\..

[20/02/2007|19:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[14/06/2007|19:23] C:\DOCUME~1\NETWOR~1\APPLIC~1\PC Suite

 

[27/02/2008|20:03] C:\DOCUME~1\SEBAST~1\APPLIC~1\.

[27/02/2008|20:03] C:\DOCUME~1\SEBAST~1\APPLIC~1\..

[18/01/2008|16:52] C:\DOCUME~1\SEBAST~1\APPLIC~1\Adobe

[28/02/2007|19:17] C:\DOCUME~1\SEBAST~1\APPLIC~1\AdobeUM

[09/11/2007|21:57] C:\DOCUME~1\SEBAST~1\APPLIC~1\Anuman Interactive

[20/02/2007|20:31] C:\DOCUME~1\SEBAST~1\APPLIC~1\Apple Computer

[03/03/2008|16:47] C:\DOCUME~1\SEBAST~1\APPLIC~1\BashOwnsLoad

[28/08/2007|09:13] C:\DOCUME~1\SEBAST~1\APPLIC~1\COWON

[21/02/2007|08:24] C:\DOCUME~1\SEBAST~1\APPLIC~1\DataLayer

[20/02/2007|19:42] C:\DOCUME~1\SEBAST~1\APPLIC~1\desktop.ini

[01/10/2007|06:03] C:\DOCUME~1\SEBAST~1\APPLIC~1\DivX

[27/02/2008|19:53] C:\DOCUME~1\SEBAST~1\APPLIC~1\Google

[20/02/2007|23:19] C:\DOCUME~1\SEBAST~1\APPLIC~1\Help

[20/02/2007|19:07] C:\DOCUME~1\SEBAST~1\APPLIC~1\Identities

[23/02/2007|15:52] C:\DOCUME~1\SEBAST~1\APPLIC~1\InterVideo

[28/01/2008|18:57] C:\DOCUME~1\SEBAST~1\APPLIC~1\Lavasoft

[26/02/2007|21:01] C:\DOCUME~1\SEBAST~1\APPLIC~1\Leadertech

[30/01/2008|22:15] C:\DOCUME~1\SEBAST~1\APPLIC~1\LimeWire

[20/02/2007|22:15] C:\DOCUME~1\SEBAST~1\APPLIC~1\Macromedia

[10/07/2007|08:04] C:\DOCUME~1\SEBAST~1\APPLIC~1\Media Player Classic

[27/12/2007|11:50] C:\DOCUME~1\SEBAST~1\APPLIC~1\Microsoft

[27/04/2007|15:50] C:\DOCUME~1\SEBAST~1\APPLIC~1\Microsoft Web Folders

[30/09/2007|13:17] C:\DOCUME~1\SEBAST~1\APPLIC~1\Mozilla

[28/02/2007|18:25] C:\DOCUME~1\SEBAST~1\APPLIC~1\MSNInstaller

[30/09/2007|13:29] C:\DOCUME~1\SEBAST~1\APPLIC~1\muvee Technologies

[18/02/2008|22:26] C:\DOCUME~1\SEBAST~1\APPLIC~1\NetMedia Providers

[29/09/2007|08:52] C:\DOCUME~1\SEBAST~1\APPLIC~1\Nokia

[31/05/2007|18:29] C:\DOCUME~1\SEBAST~1\APPLIC~1\Nokia Multimedia Player

[19/03/2007|17:59] C:\DOCUME~1\SEBAST~1\APPLIC~1\PC Suite

[18/02/2008|22:26] C:\DOCUME~1\SEBAST~1\APPLIC~1\Publish Providers

[03/11/2007|12:41] C:\DOCUME~1\SEBAST~1\APPLIC~1\sansendommagement

[18/04/2007|10:00] C:\DOCUME~1\SEBAST~1\APPLIC~1\Screenshot Sender

[28/02/2007|22:06] C:\DOCUME~1\SEBAST~1\APPLIC~1\Sonic

[18/02/2008|22:26] C:\DOCUME~1\SEBAST~1\APPLIC~1\Sony

[04/04/2007|16:49] C:\DOCUME~1\SEBAST~1\APPLIC~1\Sun

[30/09/2007|13:17] C:\DOCUME~1\SEBAST~1\APPLIC~1\Talkback

[21/02/2007|19:39] C:\DOCUME~1\SEBAST~1\APPLIC~1\Template

[24/02/2008|17:29] C:\DOCUME~1\SEBAST~1\APPLIC~1\uTorrent

[27/12/2007|09:12] C:\DOCUME~1\SEBAST~1\APPLIC~1\542 wklnhst.dat

 

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

 

[03/03/2008 16:51][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[02/03/2008|15:04] C:\Program Files\.

[02/03/2008|15:04] C:\Program Files\..

[02/11/2007|10:55] C:\Program Files\AC3Filter

[14/10/2007|22:33] C:\Program Files\Adobe

[26/02/2007|19:16] C:\Program Files\Ahead

[18/02/2008|21:11] C:\Program Files\ALCATech

[12/03/2007|18:02] C:\Program Files\Alice

[11/08/2007|19:08] C:\Program Files\Alwil Software

[20/02/2007|20:19] C:\Program Files\Analog Devices

[30/12/2007|11:14] C:\Program Files\Apoint2K

[30/09/2007|12:53] C:\Program Files\Autofr

[02/03/2008|15:04] C:\Program Files\Avira

[13/01/2008|11:23] C:\Program Files\Casperlab Software

[04/05/2007|16:34] C:\Program Files\ColiPoste

[29/10/2007|20:10] C:\Program Files\Cr‚ditCalc

[29/09/2007|08:47] C:\Program Files\DIFX

[06/12/2007|06:55] C:\Program Files\DivX

[24/02/2008|18:02] C:\Program Files\eMule

[26/02/2007|18:04] C:\Program Files\ffdshow

[28/01/2008|19:00] C:\Program Files\Fichiers communs

[03/03/2008|16:32] C:\Program Files\Google

[20/02/2007|20:28] C:\Program Files\Hewlett-Packard

[20/02/2007|20:54] C:\Program Files\Hp

[20/02/2007|20:44] C:\Program Files\HPQ

[27/01/2008|14:43] C:\Program Files\InstallShield Installation Information

[20/02/2007|20:44] C:\Program Files\Intel

[13/02/2008|15:35] C:\Program Files\Internet Explorer

[20/02/2007|20:27] C:\Program Files\InterVideo

[20/02/2007|20:29] C:\Program Files\iPod

[26/06/2007|22:26] C:\Program Files\iTunes

[20/02/2007|21:07] C:\Program Files\Jasc Software Inc

[08/11/2007|18:23] C:\Program Files\Java

[28/01/2008|18:57] C:\Program Files\Lavasoft

[20/03/2007|19:04] C:\Program Files\Messenger

[27/12/2007|11:44] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[27/04/2007|15:49] C:\Program Files\microsoft frontpage

[27/04/2007|15:50] C:\Program Files\Microsoft Office

[24/01/2008|07:31] C:\Program Files\Microsoft Silverlight

[18/02/2008|22:15] C:\Program Files\Microsoft SQL Server

[20/02/2007|20:15] C:\Program Files\Microsoft Works

[20/02/2007|18:53] C:\Program Files\Movie Maker

[27/02/2008|21:24] C:\Program Files\Mozilla Firefox

[03/11/2007|17:40] C:\Program Files\MSBuild

[29/03/2007|18:05] C:\Program Files\MSECache

[28/02/2007|18:23] C:\Program Files\MSN

[20/02/2007|18:51] C:\Program Files\MSN Gaming Zone

[23/12/2007|19:28] C:\Program Files\MSN Messenger

[01/02/2008|19:16] C:\Program Files\MSNFix

[03/11/2007|17:42] C:\Program Files\MSXML 6.0

[02/03/2008|21:49] C:\Program Files\Navilog1

[20/02/2007|18:53] C:\Program Files\NetMeeting

[29/09/2007|08:47] C:\Program Files\Nokia

[20/02/2007|21:23] C:\Program Files\Olivetti

[20/02/2007|18:51] C:\Program Files\Online Services

[14/06/2007|19:38] C:\Program Files\Outlook Express

[29/09/2007|08:46] C:\Program Files\PC Connectivity Solution

[26/06/2007|22:29] C:\Program Files\QuickTime

[03/11/2007|17:34] C:\Program Files\Reference Assemblies

[20/02/2007|18:54] C:\Program Files\Services en ligne

[28/08/2007|08:57] C:\Program Files\SLD Codec Pack

[20/02/2007|20:35] C:\Program Files\Sonic

[18/02/2008|22:14] C:\Program Files\Sony

[18/02/2008|22:12] C:\Program Files\Sony Setup

[18/02/2008|19:41] C:\Program Files\Spybot - Search & Destroy

[18/02/2008|22:16] C:\Program Files\Uninstall Information

[24/01/2008|06:50] C:\Program Files\uTorrent

[31/12/2007|17:38] C:\Program Files\VirtualDJ

[18/02/2008|22:27] C:\Program Files\Vstplugins

[01/10/2007|17:09] C:\Program Files\Windows Live Safety Center

[31/01/2008|20:31] C:\Program Files\Windows Live Toolbar

[27/03/2007|21:07] C:\Program Files\Windows Media Connect 2

[26/06/2007|22:29] C:\Program Files\Windows Media Player

[20/02/2007|18:51] C:\Program Files\Windows NT

[20/02/2007|18:54] C:\Program Files\WindowsUpdate

[10/11/2007|16:06] C:\Program Files\WinRAR

[20/02/2007|18:56] C:\Program Files\xerox

[11/11/2007|09:50] C:\Program Files\XviD

[31/01/2008|18:05] C:\Program Files\Zone Labs

 

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

 

[28/01/2008|19:00] C:\Program Files\Fichiers communs\.

[28/01/2008|19:00] C:\Program Files\Fichiers communs\..

[14/10/2007|22:34] C:\Program Files\Fichiers communs\Adobe

[27/04/2007|15:52] C:\Program Files\Fichiers communs\Designer

[20/02/2007|20:56] C:\Program Files\Fichiers communs\HP

[20/02/2007|20:37] C:\Program Files\Fichiers communs\InstallShield

[20/02/2007|21:07] C:\Program Files\Fichiers communs\Jasc Software Inc

[20/02/2007|20:38] C:\Program Files\Fichiers communs\Java

[27/04/2007|15:52] C:\Program Files\Fichiers communs\Microsoft Shared

[20/02/2007|18:53] C:\Program Files\Fichiers communs\MSSoap

[29/09/2007|08:47] C:\Program Files\Fichiers communs\Nokia

[20/02/2007|19:44] C:\Program Files\Fichiers communs\ODBC

[29/09/2007|08:47] C:\Program Files\Fichiers communs\PCSuite

[20/02/2007|18:53] C:\Program Files\Fichiers communs\Services

[20/02/2007|20:34] C:\Program Files\Fichiers communs\Sonic Shared

[20/02/2007|19:44] C:\Program Files\Fichiers communs\SpeechEngines

[20/02/2007|20:35] C:\Program Files\Fichiers communs\SureThing Shared

[14/06/2007|19:38] C:\Program Files\Fichiers communs\System

[20/02/2007|20:35] C:\Program Files\Fichiers communs\TiVo Shared

[28/01/2008|19:00] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

----------------------[ Recherche avec S_Lop ]---------------------

 

Aucun fichier / dossier Lop trouvé !

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf

 

----------------------[ Verification du Registre ]----------------------

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------[ Verification du fichier Hosts ]---------------------

 

Fichier Hosts PROPRE

 

 

----------------[ Recherche de fichiers avec Catchme ]-----------------

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-03 17:00:21

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully

hidden files: 0

 

--------------------[ Recherche d'autres infections ]---------------------

 

Aucune autre infection trouvée !

 

/!\ [Fich:6][Doss:12] C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp

/!\ [Fich:15][Doss:0] C:\DOCUME~1\SEBAST~1\Cookies

/!\ [Fich:412][Doss:12] C:\DOCUME~1\SEBAST~1\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------[ Fin du rapport a 17:00:42,73 ]----------------------

 

 

rapport LopS&D option suppression

 

 

-----------------------------[ Lop S&D 4.0.3 ]---------------------------

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : sebastien ] [ "C:\Lop SD" ]

[ 03/03/2008 | 17:02:14,14 ] [ PC : SEBASTIE-0C9140 ]

[ MAJ : 02-03-2008 | 20:16 ]

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

 

Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf

Restauré! - Fichier Hosts

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

-------------[ Listing des dossiers dans Application Data ]------------

 

[20/02/2007|19:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\.

[20/02/2007|19:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\..

[20/02/2007|19:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini

[20/02/2007|18:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

 

[03/03/2008|17:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.

[03/03/2008|17:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..

[27/01/2008|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\120 118300.34

[02/03/2008|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html

[14/10/2007|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[20/02/2007|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[02/03/2008|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[20/02/2007|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[29/09/2007|08:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations

[27/02/2008|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[20/02/2008|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft

[20/02/2007|20:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard

[20/02/2007|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpqwmi

[20/02/2007|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log

[28/08/2007|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations

[20/02/2007|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[28/01/2008|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[11/01/2008|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

[28/01/2008|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[30/09/2007|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla

[28/09/2007|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies

[29/11/2007|06:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite

[28/03/2007|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[03/11/2007|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor

[03/11/2007|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sansendommagement

[18/02/2008|22:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony

[18/02/2008|21:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[20/02/2007|23:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[27/02/2008|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[21/02/2007|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[28/03/2007|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

 

[20/02/2007|19:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.

[20/02/2007|19:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..

[20/02/2007|19:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[20/02/2007|18:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[31/05/2007|17:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[31/05/2007|17:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\..

[20/02/2007|19:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[31/05/2007|17:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\PC Suite

 

[14/06/2007|19:23] C:\DOCUME~1\NETWOR~1\APPLIC~1\.

[14/06/2007|19:23] C:\DOCUME~1\NETWOR~1\APPLIC~1\..

[20/02/2007|19:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[14/06/2007|19:23] C:\DOCUME~1\NETWOR~1\APPLIC~1\PC Suite

 

[27/02/2008|20:03] C:\DOCUME~1\SEBAST~1\APPLIC~1\.

[27/02/2008|20:03] C:\DOCUME~1\SEBAST~1\APPLIC~1\..

[18/01/2008|16:52] C:\DOCUME~1\SEBAST~1\APPLIC~1\Adobe

[28/02/2007|19:17] C:\DOCUME~1\SEBAST~1\APPLIC~1\AdobeUM

[09/11/2007|21:57] C:\DOCUME~1\SEBAST~1\APPLIC~1\Anuman Interactive

[20/02/2007|20:31] C:\DOCUME~1\SEBAST~1\APPLIC~1\Apple Computer

[03/03/2008|16:47] C:\DOCUME~1\SEBAST~1\APPLIC~1\BashOwnsLoad

[28/08/2007|09:13] C:\DOCUME~1\SEBAST~1\APPLIC~1\COWON

[21/02/2007|08:24] C:\DOCUME~1\SEBAST~1\APPLIC~1\DataLayer

[20/02/2007|19:42] C:\DOCUME~1\SEBAST~1\APPLIC~1\desktop.ini

[01/10/2007|06:03] C:\DOCUME~1\SEBAST~1\APPLIC~1\DivX

[27/02/2008|19:53] C:\DOCUME~1\SEBAST~1\APPLIC~1\Google

[20/02/2007|23:19] C:\DOCUME~1\SEBAST~1\APPLIC~1\Help

[20/02/2007|19:07] C:\DOCUME~1\SEBAST~1\APPLIC~1\Identities

[23/02/2007|15:52] C:\DOCUME~1\SEBAST~1\APPLIC~1\InterVideo

[28/01/2008|18:57] C:\DOCUME~1\SEBAST~1\APPLIC~1\Lavasoft

[26/02/2007|21:01] C:\DOCUME~1\SEBAST~1\APPLIC~1\Leadertech

[30/01/2008|22:15] C:\DOCUME~1\SEBAST~1\APPLIC~1\LimeWire

[20/02/2007|22:15] C:\DOCUME~1\SEBAST~1\APPLIC~1\Macromedia

[10/07/2007|08:04] C:\DOCUME~1\SEBAST~1\APPLIC~1\Media Player Classic

[27/12/2007|11:50] C:\DOCUME~1\SEBAST~1\APPLIC~1\Microsoft

[27/04/2007|15:50] C:\DOCUME~1\SEBAST~1\APPLIC~1\Microsoft Web Folders

[30/09/2007|13:17] C:\DOCUME~1\SEBAST~1\APPLIC~1\Mozilla

[28/02/2007|18:25] C:\DOCUME~1\SEBAST~1\APPLIC~1\MSNInstaller

[30/09/2007|13:29] C:\DOCUME~1\SEBAST~1\APPLIC~1\muvee Technologies

[18/02/2008|22:26] C:\DOCUME~1\SEBAST~1\APPLIC~1\NetMedia Providers

[29/09/2007|08:52] C:\DOCUME~1\SEBAST~1\APPLIC~1\Nokia

[31/05/2007|18:29] C:\DOCUME~1\SEBAST~1\APPLIC~1\Nokia Multimedia Player

[19/03/2007|17:59] C:\DOCUME~1\SEBAST~1\APPLIC~1\PC Suite

[18/02/2008|22:26] C:\DOCUME~1\SEBAST~1\APPLIC~1\Publish Providers

[03/11/2007|12:41] C:\DOCUME~1\SEBAST~1\APPLIC~1\sansendommagement

[18/04/2007|10:00] C:\DOCUME~1\SEBAST~1\APPLIC~1\Screenshot Sender

[28/02/2007|22:06] C:\DOCUME~1\SEBAST~1\APPLIC~1\Sonic

[18/02/2008|22:26] C:\DOCUME~1\SEBAST~1\APPLIC~1\Sony

[04/04/2007|16:49] C:\DOCUME~1\SEBAST~1\APPLIC~1\Sun

[30/09/2007|13:17] C:\DOCUME~1\SEBAST~1\APPLIC~1\Talkback

[21/02/2007|19:39] C:\DOCUME~1\SEBAST~1\APPLIC~1\Template

[24/02/2008|17:29] C:\DOCUME~1\SEBAST~1\APPLIC~1\uTorrent

[27/12/2007|09:12] C:\DOCUME~1\SEBAST~1\APPLIC~1\542 wklnhst.dat

 

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

 

[03/03/2008 16:51][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[02/03/2008|15:04] C:\Program Files\.

[02/03/2008|15:04] C:\Program Files\..

[02/11/2007|10:55] C:\Program Files\AC3Filter

[14/10/2007|22:33] C:\Program Files\Adobe

[26/02/2007|19:16] C:\Program Files\Ahead

[18/02/2008|21:11] C:\Program Files\ALCATech

[12/03/2007|18:02] C:\Program Files\Alice

[11/08/2007|19:08] C:\Program Files\Alwil Software

[20/02/2007|20:19] C:\Program Files\Analog Devices

[30/12/2007|11:14] C:\Program Files\Apoint2K

[30/09/2007|12:53] C:\Program Files\Autofr

[02/03/2008|15:04] C:\Program Files\Avira

[13/01/2008|11:23] C:\Program Files\Casperlab Software

[04/05/2007|16:34] C:\Program Files\ColiPoste

[29/10/2007|20:10] C:\Program Files\Cr‚ditCalc

[29/09/2007|08:47] C:\Program Files\DIFX

[06/12/2007|06:55] C:\Program Files\DivX

[24/02/2008|18:02] C:\Program Files\eMule

[26/02/2007|18:04] C:\Program Files\ffdshow

[28/01/2008|19:00] C:\Program Files\Fichiers communs

[03/03/2008|16:32] C:\Program Files\Google

[20/02/2007|20:28] C:\Program Files\Hewlett-Packard

[20/02/2007|20:54] C:\Program Files\Hp

[20/02/2007|20:44] C:\Program Files\HPQ

[27/01/2008|14:43] C:\Program Files\InstallShield Installation Information

[20/02/2007|20:44] C:\Program Files\Intel

[13/02/2008|15:35] C:\Program Files\Internet Explorer

[20/02/2007|20:27] C:\Program Files\InterVideo

[20/02/2007|20:29] C:\Program Files\iPod

[26/06/2007|22:26] C:\Program Files\iTunes

[20/02/2007|21:07] C:\Program Files\Jasc Software Inc

[08/11/2007|18:23] C:\Program Files\Java

[28/01/2008|18:57] C:\Program Files\Lavasoft

[20/03/2007|19:04] C:\Program Files\Messenger

[27/12/2007|11:44] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[27/04/2007|15:49] C:\Program Files\microsoft frontpage

[27/04/2007|15:50] C:\Program Files\Microsoft Office

[24/01/2008|07:31] C:\Program Files\Microsoft Silverlight

[18/02/2008|22:15] C:\Program Files\Microsoft SQL Server

[20/02/2007|20:15] C:\Program Files\Microsoft Works

[20/02/2007|18:53] C:\Program Files\Movie Maker

[27/02/2008|21:24] C:\Program Files\Mozilla Firefox

[03/11/2007|17:40] C:\Program Files\MSBuild

[29/03/2007|18:05] C:\Program Files\MSECache

[28/02/2007|18:23] C:\Program Files\MSN

[20/02/2007|18:51] C:\Program Files\MSN Gaming Zone

[23/12/2007|19:28] C:\Program Files\MSN Messenger

[01/02/2008|19:16] C:\Program Files\MSNFix

[03/11/2007|17:42] C:\Program Files\MSXML 6.0

[02/03/2008|21:49] C:\Program Files\Navilog1

[20/02/2007|18:53] C:\Program Files\NetMeeting

[29/09/2007|08:47] C:\Program Files\Nokia

[20/02/2007|21:23] C:\Program Files\Olivetti

[20/02/2007|18:51] C:\Program Files\Online Services

[14/06/2007|19:38] C:\Program Files\Outlook Express

[29/09/2007|08:46] C:\Program Files\PC Connectivity Solution

[26/06/2007|22:29] C:\Program Files\QuickTime

[03/11/2007|17:34] C:\Program Files\Reference Assemblies

[20/02/2007|18:54] C:\Program Files\Services en ligne

[28/08/2007|08:57] C:\Program Files\SLD Codec Pack

[20/02/2007|20:35] C:\Program Files\Sonic

[18/02/2008|22:14] C:\Program Files\Sony

[18/02/2008|22:12] C:\Program Files\Sony Setup

[18/02/2008|19:41] C:\Program Files\Spybot - Search & Destroy

[18/02/2008|22:16] C:\Program Files\Uninstall Information

[24/01/2008|06:50] C:\Program Files\uTorrent

[31/12/2007|17:38] C:\Program Files\VirtualDJ

[18/02/2008|22:27] C:\Program Files\Vstplugins

[01/10/2007|17:09] C:\Program Files\Windows Live Safety Center

[31/01/2008|20:31] C:\Program Files\Windows Live Toolbar

[27/03/2007|21:07] C:\Program Files\Windows Media Connect 2

[26/06/2007|22:29] C:\Program Files\Windows Media Player

[20/02/2007|18:51] C:\Program Files\Windows NT

[20/02/2007|18:54] C:\Program Files\WindowsUpdate

[10/11/2007|16:06] C:\Program Files\WinRAR

[20/02/2007|18:56] C:\Program Files\xerox

[11/11/2007|09:50] C:\Program Files\XviD

[31/01/2008|18:05] C:\Program Files\Zone Labs

 

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

 

[28/01/2008|19:00] C:\Program Files\Fichiers communs\.

[28/01/2008|19:00] C:\Program Files\Fichiers communs\..

[14/10/2007|22:34] C:\Program Files\Fichiers communs\Adobe

[27/04/2007|15:52] C:\Program Files\Fichiers communs\Designer

[20/02/2007|20:56] C:\Program Files\Fichiers communs\HP

[20/02/2007|20:37] C:\Program Files\Fichiers communs\InstallShield

[20/02/2007|21:07] C:\Program Files\Fichiers communs\Jasc Software Inc

[20/02/2007|20:38] C:\Program Files\Fichiers communs\Java

[27/04/2007|15:52] C:\Program Files\Fichiers communs\Microsoft Shared

[20/02/2007|18:53] C:\Program Files\Fichiers communs\MSSoap

[29/09/2007|08:47] C:\Program Files\Fichiers communs\Nokia

[20/02/2007|19:44] C:\Program Files\Fichiers communs\ODBC

[29/09/2007|08:47] C:\Program Files\Fichiers communs\PCSuite

[20/02/2007|18:53] C:\Program Files\Fichiers communs\Services

[20/02/2007|20:34] C:\Program Files\Fichiers communs\Sonic Shared

[20/02/2007|19:44] C:\Program Files\Fichiers communs\SpeechEngines

[20/02/2007|20:35] C:\Program Files\Fichiers communs\SureThing Shared

[14/06/2007|19:38] C:\Program Files\Fichiers communs\System

[20/02/2007|20:35] C:\Program Files\Fichiers communs\TiVo Shared

[28/01/2008|19:00] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

----------------------[ Recherche avec S_Lop ]---------------------

 

Aucun fichier / dossier Lop trouvé !

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

Aucun fichier / dossier Lop trouvé !

 

----------------------[ Verification du Registre ]----------------------

 

..... OK !

 

--------------------[ Verification du fichier Hosts ]---------------------

 

Fichier Hosts PROPRE

 

 

----------------[ Recherche de fichiers avec Catchme ]-----------------

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-03 17:03:26

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully

hidden files: 0

 

--------------------[ Recherche d'autres infections ]---------------------

 

Aucune autre infection trouvée !

 

/!\ [Fich:6][Doss:12] C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp

/!\ [Fich:15][Doss:0] C:\DOCUME~1\SEBAST~1\Cookies

/!\ [Fich:412][Doss:12] C:\DOCUME~1\SEBAST~1\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------[ Fin du rapport a 17:03:42,71 ]----------------------

 

et enfin le rapport HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:09:20, on 03/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe

C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\HPQ\shared\hpqwmi.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\sebastien\Mes documents\logiciel de desinfection ne pas toucher\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1198430931875

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198751848281

O17 - HKLM\System\CCS\Services\Tcpip\..\{63DB3960-7185-4C82-BF1E-B8832CFBC04F}: NameServer = 213.36.80.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{B4889C1D-1380-49B5-B793-5CCCDDEBF86E}: NameServer = 212.27.32.176,212.27.32.177

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 9348 bytes

 

merci pour toute votre aide je vous tiens au courant pour savoir comment réagit mon pc :P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...