Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[RESOLU] Analyse rapport HJT PC infection identifiée

Zinky

Par Zinky
dans Analyses et éradication malwares

 Partager

Messages recommandés

Zinky Member

Zinky

Posté(e)
  • Auteur
Posté(e)

Bonjour Desh,

 

Voici les différents rapports :

 

Lop S&D :

 

-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

 

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]

[ USER : marie ] [ "C:\Lop SD" ] [ Selection : 3 ]

[ 14/07/2008 | 17:38:14,84 ] [ PC : PC-DE-MARIE ]

[ MAJ : 09-07-2008 | 21:02 ]

[ UAC => 0 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

 

Supprime! - C:\ProgramData\Time Dead Warn Default\TRUST FOUR.exe

Supprime! - C:\ProgramData\Mapi Find Find.2h5t1

Supprime! - C:\ProgramData\Mapi Find Find.bwec1oo

Supprime! - C:\ProgramData\Mapi Find Find.gemhd1

Supprime! - C:\ProgramData\Mapi Find Find.hdbt3g

Supprime! - C:\ProgramData\Mapi Find Find.qs79tn

Supprime! - C:\ProgramData\Mapi Find Find.zj35s2

Supprime! - C:\ProgramData\Time Dead Warn Default

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

-------------[ Listing des dossiers dans Roaming ]------------

 

[15/06/2008|13:17] C:\Users\marie\AppData\Roaming\Adobe\PatcherLogs

[21/04/2008|15:42] C:\Users\marie\AppData\Roaming\Adobe\Plugins

[19/04/2008|10:17] C:\Users\marie\AppData\Roaming\Adobe\Workflow

[19/04/2008|10:17] C:\Users\marie\AppData\Roaming\Adobe\CameraRaw

[27/01/2008|16:46] C:\Users\marie\AppData\Roaming\Adobe\Color

[27/01/2008|16:46] C:\Users\marie\AppData\Roaming\Adobe\Adobe Photoshop CS3

[01/01/2008|13:55] C:\Users\marie\AppData\Roaming\Adobe\Flash Player

[27/11/2007|16:37] C:\Users\marie\AppData\Roaming\Adobe\Adobe PDF

[27/11/2007|16:37] C:\Users\marie\AppData\Roaming\Adobe\Acrobat

[27/11/2007|15:23] C:\Users\marie\AppData\Roaming\Adobe\Common

[27/11/2007|15:22] C:\Users\marie\AppData\Roaming\Adobe\Linguistics

[27/11/2007|15:22] C:\Users\marie\AppData\Roaming\Adobe\Designer

[27/11/2007|14:04] C:\Users\marie\AppData\Roaming\Adobe\PremierePro

[27/11/2007|14:04] C:\Users\marie\AppData\Roaming\Adobe\Premiere Pro

[27/11/2007|14:02] C:\Users\marie\AppData\Roaming\Adobe\Adobe Illustrator CS3 Settings

[27/11/2007|14:00] C:\Users\marie\AppData\Roaming\Adobe\After Effects

[27/11/2007|13:59] C:\Users\marie\AppData\Roaming\Adobe\Adobe DVD

[27/11/2007|13:59] C:\Users\marie\AppData\Roaming\Adobe\Adobe Encore

[27/11/2007|13:58] C:\Users\marie\AppData\Roaming\Adobe\Soundbooth

[27/11/2007|13:57] C:\Users\marie\AppData\Roaming\Adobe\Fireworks CS3

[27/11/2007|13:53] C:\Users\marie\AppData\Roaming\Adobe\Dreamweaver 9

[27/11/2007|13:30] C:\Users\marie\AppData\Roaming\Adobe\Updater5

 

[04/07/2008|19:16] C:\Users\marie\AppData\Roaming\Apple Computer\iTunes

 

 

[27/11/2007|10:59] C:\Users\marie\AppData\Roaming\Identities\{7829225B-2A2B-4286-936E-6A35AB3E609A}

 

[27/11/2007|10:57] C:\Users\marie\AppData\Roaming\InstallShield\ISEngine12.0

 

[17/03/2008|23:39] C:\Users\marie\AppData\Roaming\LimeWire\xml

[17/03/2008|23:36] C:\Users\marie\AppData\Roaming\LimeWire\.AppSpecialShare

[17/03/2008|23:34] C:\Users\marie\AppData\Roaming\LimeWire\themes

 

[11/07/2008|19:18] C:\Users\marie\AppData\Roaming\Macromedia\Flash Player

 

[11/07/2008|22:59] C:\Users\marie\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware

 

 

[03/07/2008|15:09] C:\Users\marie\AppData\Roaming\Microsoft\preuve

[03/07/2008|15:03] C:\Users\marie\AppData\Roaming\Microsoft\Word

[16/06/2008|11:48] C:\Users\marie\AppData\Roaming\Microsoft\Excel

[25/05/2008|19:53] C:\Users\marie\AppData\Roaming\Microsoft\Office

[16/05/2008|14:33] C:\Users\marie\AppData\Roaming\Microsoft\ModŠles

[30/01/2008|18:14] C:\Users\marie\AppData\Roaming\Microsoft\Clip Organizer

[24/01/2008|17:41] C:\Users\marie\AppData\Roaming\Microsoft\Crypto

[02/12/2007|21:17] C:\Users\marie\AppData\Roaming\Microsoft\Windows Photo Gallery

[01/12/2007|15:22] C:\Users\marie\AppData\Roaming\Microsoft\WLTB Custom Buttons

[01/12/2007|15:22] C:\Users\marie\AppData\Roaming\Microsoft\MSNLiveFav

[01/12/2007|15:19] C:\Users\marie\AppData\Roaming\Microsoft\MSN Messenger

[01/12/2007|15:09] C:\Users\marie\AppData\Roaming\Microsoft\IdentityCRL

[01/12/2007|14:54] C:\Users\marie\AppData\Roaming\Microsoft\Internet Explorer

[01/12/2007|14:16] C:\Users\marie\AppData\Roaming\Microsoft\Speech

[27/11/2007|23:11] C:\Users\marie\AppData\Roaming\Microsoft\Forms

[27/11/2007|23:10] C:\Users\marie\AppData\Roaming\Microsoft\PowerPoint

[27/11/2007|23:09] C:\Users\marie\AppData\Roaming\Microsoft\Outlook

[27/11/2007|23:07] C:\Users\marie\AppData\Roaming\Microsoft\Publisher

[27/11/2007|22:59] C:\Users\marie\AppData\Roaming\Microsoft\Network

[27/11/2007|21:47] C:\Users\marie\AppData\Roaming\Microsoft\Macros complmentaires

[27/11/2007|13:52] C:\Users\marie\AppData\Roaming\Microsoft\Windows

[27/11/2007|13:16] C:\Users\marie\AppData\Roaming\Microsoft\MMC

[27/11/2007|10:57] C:\Users\marie\AppData\Roaming\Microsoft\Protect

[27/11/2007|10:57] C:\Users\marie\AppData\Roaming\Microsoft\CLR Security Config

[27/11/2007|10:54] C:\Users\marie\AppData\Roaming\Microsoft\SystemCertificates

[27/11/2007|10:54] C:\Users\marie\AppData\Roaming\Microsoft\Credentials

 

[15/12/2007|20:39] C:\Users\marie\AppData\Roaming\Mozilla\Firefox

 

[26/05/2008|17:33] C:\Users\marie\AppData\Roaming\Nero\Nero8

 

[27/11/2007|11:30] C:\Users\marie\AppData\Roaming\Toshiba\TOSHIBA Online Product Information

 

[30/01/2008|22:20] C:\Users\marie\AppData\Roaming\Yahoo!\Companion

 

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

 

[14/07/2008 17:18][--a------] C:\Windows\tasks\Vrifier les mises jour de Windows Live Toolbar.job

[14/07/2008 17:37][--ah-----] C:\Windows\tasks\SA.DAT

[14/07/2008 17:33][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

------[ Listing des dossiers dans C:\ProgramData ]------

 

[27/11/2007|16:36] C:\ProgramData\Adobe

[27/11/2007|14:02] C:\ProgramData\ALM

[06/06/2008|12:11] C:\ProgramData\Apple

[06/06/2008|12:15] C:\ProgramData\Apple Computer

[02/11/2006|15:02] C:\ProgramData\Application Data

[27/11/2007|10:50] C:\ProgramData\Bureau

[02/11/2006|15:02] C:\ProgramData\Desktop

[02/11/2006|15:02] C:\ProgramData\Documents

[27/11/2007|10:50] C:\ProgramData\Favoris

[02/11/2006|15:02] C:\ProgramData\Favorites

[01/07/2008|18:15] C:\ProgramData\FLEXnet

[01/12/2007|15:06] C:\ProgramData\Google

[15/06/2008|12:03] C:\ProgramData\Lavasoft

[11/07/2008|22:58] C:\ProgramData\Malwarebytes

[14/07/2008|17:26] C:\ProgramData\Mapi Find Find.sqk59

[27/11/2007|11:26] C:\ProgramData\McAfee

[27/11/2007|10:50] C:\ProgramData\Menu Dmarrer

[01/12/2007|16:10] C:\ProgramData\Messenger Plus!

[06/06/2008|11:26] C:\ProgramData\Microsoft

[27/11/2007|10:50] C:\ProgramData\ModŠles

[27/11/2007|13:15] C:\ProgramData\Nero

[15/06/2008|17:07] C:\ProgramData\Spybot - Search & Destroy

[02/11/2006|15:02] C:\ProgramData\Start Menu

[11/06/2008|10:29] C:\ProgramData\Support Link User

[27/11/2007|11:17] C:\ProgramData\Symantec

[02/11/2006|15:02] C:\ProgramData\Templates

[27/11/2007|10:58] C:\ProgramData\Toshiba

[27/11/2007|10:55] C:\ProgramData\ToshibaEurope

[01/06/2007|09:29] C:\ProgramData\Ulead Systems

[01/12/2007|14:58] C:\ProgramData\WLInstaller

[30/01/2008|22:28] C:\ProgramData\Yahoo! Companion

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[11/06/2008|15:40] C:\Program Files\Adobe

[06/06/2008|12:13] C:\Program Files\Apple Software Update

[06/06/2008|12:15] C:\Program Files\Bonjour

[26/11/2007|20:00] C:\Program Files\Camera Assistant Software for Toshiba

[11/07/2008|18:06] C:\Program Files\CCleaner

[11/07/2008|17:59] C:\Program Files\Common Files

[27/11/2007|11:44] C:\Program Files\DAEMON Tools

[29/11/2007|23:02] C:\Program Files\desktop.ini

[30/12/2007|17:42] C:\Program Files\DivX

[27/11/2007|10:50] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]

[15/06/2008|23:51] C:\Program Files\Full Tilt Poker

[01/06/2007|09:54] C:\Program Files\IDM

[24/05/2008|00:40] C:\Program Files\InstallShield Installation Information

[27/11/2007|10:57] C:\Program Files\Intel

[12/06/2008|09:38] C:\Program Files\Internet Explorer

[01/06/2007|09:30] C:\Program Files\InterVideo

[06/06/2008|12:15] C:\Program Files\iPod

[06/06/2008|12:15] C:\Program Files\iTunes

[01/06/2007|08:25] C:\Program Files\Java

[27/11/2007|16:10] C:\Program Files\Kyodai Mahjongg 2006

[15/06/2008|12:02] C:\Program Files\Lavasoft

[27/11/2007|11:46] C:\Program Files\Le Robert

[01/06/2007|08:54] C:\Program Files\ltmoh

[11/07/2008|22:58] C:\Program Files\Malwarebytes' Anti-Malware

[27/11/2007|11:26] C:\Program Files\McAfee

[30/03/2008|15:51] C:\Program Files\Messenger Plus! Live

[03/12/2007|10:04] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[02/11/2006|14:37] C:\Program Files\Microsoft Games

[27/11/2007|11:50] C:\Program Files\Microsoft Office

[27/11/2007|11:50] C:\Program Files\Microsoft Visual Studio

[27/11/2007|11:50] C:\Program Files\Microsoft Works

[27/11/2007|11:49] C:\Program Files\Microsoft.NET

[02/11/2006|14:42] C:\Program Files\Movie Maker

[04/07/2008|16:36] C:\Program Files\Mozilla Firefox

[02/11/2006|14:37] C:\Program Files\MSBuild

[02/11/2006|14:37] C:\Program Files\MSN

[01/06/2007|07:54] C:\Program Files\MSXML 4.0

[27/11/2007|23:11] C:\Program Files\myphotobook

[27/11/2007|13:15] C:\Program Files\Nero

[06/06/2008|12:14] C:\Program Files\QuickTime

[01/06/2007|08:43] C:\Program Files\Realtek

[02/11/2006|14:37] C:\Program Files\Reference Assemblies

[15/06/2008|17:07] C:\Program Files\Spybot - Search & Destroy

[15/06/2008|12:35] C:\Program Files\Sunbelt Software

[11/06/2008|10:29] C:\Program Files\Support Link User

[01/06/2007|08:50] C:\Program Files\Synaptics

[27/11/2007|10:58] C:\Program Files\TOSHIBA

[27/11/2007|16:06] C:\Program Files\UBISOFT

[01/06/2007|09:26] C:\Program Files\Ulead Systems

[02/11/2006|15:01] C:\Program Files\Uninstall Information

[30/01/2008|22:19] C:\Program Files\Veoh Networks

[27/11/2007|16:29] C:\Program Files\Windows Calendar

[02/11/2006|14:42] C:\Program Files\Windows Collaboration

[01/06/2007|08:21] C:\Program Files\Windows Defender

[02/11/2006|14:42] C:\Program Files\Windows Journal

[01/12/2007|15:14] C:\Program Files\Windows Live

[01/12/2007|15:15] C:\Program Files\Windows Live Favorites

[01/12/2007|15:16] C:\Program Files\Windows Live Toolbar

[12/06/2008|09:38] C:\Program Files\Windows Mail

[01/06/2007|09:29] C:\Program Files\Windows Media Components

[15/06/2008|12:47] C:\Program Files\Windows Media Player

[27/11/2007|10:50] C:\Program Files\Windows NT

[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery

[11/01/2008|00:00] C:\Program Files\Windows Sidebar

[30/01/2008|22:20] C:\Program Files\Yahoo!

[11/07/2008|19:17] C:\Program Files\ZebHelpProcess 2

 

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

 

[27/11/2007|14:07] C:\Program Files\Common Files\Adobe

[06/06/2008|12:11] C:\Program Files\Common Files\Apple

[11/07/2008|17:59] C:\Program Files\Common Files\Borland Shared

[27/11/2007|11:26] C:\Program Files\Common Files\Cisco Systems

[27/11/2007|14:04] C:\Program Files\Common Files\Control Panels

[27/11/2007|11:50] C:\Program Files\Common Files\DESIGNER

[01/06/2007|09:30] C:\Program Files\Common Files\InstallShield

[01/06/2007|08:25] C:\Program Files\Common Files\Java

[27/11/2007|13:30] C:\Program Files\Common Files\Macrovision Shared

[27/11/2007|11:25] C:\Program Files\Common Files\McAfee

[14/07/2008|17:23] C:\Program Files\Common Files\microsoft shared

[27/11/2007|13:18] C:\Program Files\Common Files\Nero

[02/11/2006|13:18] C:\Program Files\Common Files\Services

[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines

[27/11/2007|11:17] C:\Program Files\Common Files\Symantec Shared

[27/11/2007|16:29] C:\Program Files\Common Files\System

[27/11/2007|10:58] C:\Program Files\Common Files\Toshiba Shared

[01/06/2007|09:30] C:\Program Files\Common Files\Ulead Systems

[01/12/2007|15:08] C:\Program Files\Common Files\WindowsLiveInstaller

 

---------------------------[ Process ]--------------------------

 

... 85

 

... OK !

 

----------------------[ Recherche avec S_Lop ]---------------------

 

C:\ProgramData\Mapi Find Find.sqk59

C:\ProgramData\Mapi Find Find.sqk59

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

Aucun fichier / dossier Lop trouvé !

 

----------------------[ Verification du Registre ]----------------------

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TransCdrom"="\"C:\\ProgramData\\Mapi Find Find.sqk59\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

--------------------[ Verification du fichier Hosts ]---------------------

 

Fichier Hosts PROPRE

 

 

----------------[ Recherche de fichiers avec Catchme ]-----------------

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 17:40:01

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------[ Recherche d'autres infections ]---------------------

 

 

Aucune autre infection trouvée !

 

[F:94][D:7]-> C:\Users\marie\AppData\Local\Temp

[F:2][D:1]-> C:\Users\marie\AppData\Roaming\MICROS~1\Windows\Cookies

[F:17][D:4]-> C:\Users\marie\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:3][D:3]-> C:\$Recycle.Bin

 

[ UAC => 1 ]

 

--------------------[ Fin du rapport a 17:42:13,58 ]----------------------

 

 

 

Et HJT :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:52:33, on 14/07/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Le Robert\Le Grand Robert\grwinHyper.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Users\marie\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O1 - Hosts: 91.121.188.81 forum.zebulon.fr

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"

O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [grwinHyper] C:\Program Files\Le Robert\Le Grand Robert\grwinHyper.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [TransCdrom] "C:\ProgramData\Mapi Find Find.sqk59"

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)

O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-...1&site=home (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 12848 bytes

 

Je reste connecté:P

A++

Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e) (modifié)

Bonjour zinky,

 

Désolé pour le retard.

 

Elle s'accroche cette saleté d'infection, on va la shooter manuellement :

 

  • Relance HijackThis et clique sur "Do a system scan only" puis coche la ligne suivante :
  • O4 - HKCU\..\Run: [TransCdrom] "C:\ProgramData\Mapi Find Find.sqk59"
  • Clique ensuite sur "Fix checked"

 

Ensuite :

 

  • Télécharge OTmoveit2 (Old timer) sur ton bureau.
  • Fait un double clic sur le fichier OTMoveIt2.exe (Pour Vista, fait un clic droit sur l'icône puis "Exécuter en tant qu'administrateur")
  • Vérifie que « Unregister Dll's and Ocx's » soit bien cochée,
  • Copie la totalité du texte en rouge ci-dessous et colle le dans la fenêtre jaune (Paste list of Files/Folders to move) :
    C:\ProgramData\Mapi Find Find.sqk59

  • Ensuite clique sur "Move IT".
  • Clique sur "Exit" pour fermer le programme.
  • Un rapport sera crée dans C:\_OTMoveIt\MovedFiles\xxxxxxxx .log

 

Redémarre ton PC

Poste le rapport de OTmoveIt2 et un nouveau rapport Hijackthis.

Modifié par Desch
Zinky Member

Zinky

Posté(e)
  • Auteur
Posté(e)

Bonsoir Desch,

 

Pas de problème ! On (enfin tu ..) y arrivera !

 

Voici le log :

C:\ProgramData\Mapi Find Find.sqk59 moved successfully.

 

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07152008_232953

 

et le rapport HJT :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:36:31, on 15/07/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Le Robert\Le Grand Robert\grwinHyper.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Users\marie\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O1 - Hosts: 91.121.188.81 forum.zebulon.fr

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"

O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [grwinHyper] C:\Program Files\Le Robert\Le Grand Robert\grwinHyper.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)

O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-...1&site=home (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 12860 bytes

 

 

MErci

Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e)

Plus de trace de l'infection dans le rapport :P

 

Tu peux désinstaller LopS&D dans le panneau de configuration, Programmes et fonctionnalités.

Pour Malwarebyte, tu peux le conserver pour vérifier régulièrement ton PC.

Dans sa version gratuite il ne te protègera pas en temps réel comme ton antivirus, mais c'est un bon outil de nettoyage, il faut juste penser à le mettre à jour avant chaque utilisation.

 

Si un jour, tu dois réinstaller MSN plus, fait attention de ne pas installer le sponsor :P

 

Pense aussi à bien faire les mises à jour de Vista, de Java (en désinstallant bien les anciennes versions) etc.

 

 

Tu peux rajouter "résolu" au titre de ton sujet (en éditant ton premier message, tu pourras modifier le titre)

  • 2 semaines après...

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...