Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Merci Falkra :)

saqhah

Par saqhah
dans Analyses et éradication malwares

 Partager

Messages recommandés

saqhah Member

saqhah

Posté(e)
Posté(e) (modifié)
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:14:27, on 28/08/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Hp\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Long Internet Team Stupid] "C:\ProgramData\bait wave film.qdu76"

O4 - HKCU\..\Run: [byteMedia] "C:\ProgramData\2 Dead Dead.k7z6u8z"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9838 bytes

 

Merci d'avance :P

 

Je précise, le spyware ralenti le pc et ouvre des pages de pub :P

 

J'utilise Antivir free edition ainsi que Spybot search and destroy :P Je viens de lire que celui-ci n'était plus au top depuis la dernière fois que je suis venu ^^ Quel antispy me conseilleriez vous?

Modifié par saqhah

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bonjour,

 

Antivir est très bien. spybot est fatigué.

Traitons d'abord l'infection, on sécurisera quand le pc sera propre. :P

 

Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan

 

Télécharge Lop S&D < ici

 

Double-clique sur Lop S&D.exe présent sur ton bureau

Séléctionne la langue souhaitée, puis choisis l'Option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

saqhah Member

saqhah

Posté(e)
  • Auteur
Posté(e)
Bonjour,

 

Antivir est très bien. spybot est fatigué.

Traitons d'abord l'infection, on sécurisera quand le pc sera propre. :P

 

Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan

 

Télécharge Lop S&D < ici

 

Double-clique sur Lop S&D.exe présent sur ton bureau

Séléctionne la langue souhaitée, puis choisis l'Option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

 

Voila le rapport:

 

--------------------\\ Lop S&D 4.2.3-6 XP/Vista

 

Microsoft® Windows Vista Édition Familiale Premium ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU T2370 @ 1.73GHz )

BIOS : Default System BIOS

USER : Del ( Administrator )

BOOT : Normal boot

Antivirus : Norton Internet Security 15.0.0.60 (Activated)

Firewall : Norton Internet Security 15.0.0.60 (Not Activated)

 

"C:\Lop SD" ( MAJ : 27-08-2008|22:40 )

Option : [1] ( 28/08/2008|15:30 )

 

[ UAC => 1 ]

 

--------------------\\ Listing des dossiers dans Local

 

[12/07/2008|16:17] C:\Users\Del\AppData\Local\Application Data

[12/07/2008|16:32] C:\Users\Del\AppData\Local\AtStart.txt

[28/08/2008|14:07] C:\Users\Del\AppData\Local\d3d9caps.dat

[28/08/2008|00:19] C:\Users\Del\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[12/07/2008|16:24] C:\Users\Del\AppData\Local\Downloaded Installations

[12/07/2008|16:32] C:\Users\Del\AppData\Local\DSwitch.txt

[12/07/2008|16:32] C:\Users\Del\AppData\Local\GDIPFONTCACHEV1.DAT

[13/07/2008|12:58] C:\Users\Del\AppData\Local\Google

[20/08/2008|10:41] C:\Users\Del\AppData\Local\Hewlett-Packard

[12/07/2008|16:17] C:\Users\Del\AppData\Local\Historique

[19/07/2008|19:30] C:\Users\Del\AppData\Local\Microsoft

[19/07/2008|19:43] C:\Users\Del\AppData\Local\Microsoft Games

[15/07/2008|19:49] C:\Users\Del\AppData\Local\Microsoft Help

[13/07/2008|12:58] C:\Users\Del\AppData\Local\Mozilla

[12/07/2008|16:32] C:\Users\Del\AppData\Local\QSwitch.txt

[19/07/2008|17:31] C:\Users\Del\AppData\Local\QuickPlay

[28/08/2008|15:30] C:\Users\Del\AppData\Local\Temp

[12/07/2008|16:17] C:\Users\Del\AppData\Local\Temporary Internet Files

[13/07/2008|12:58] C:\Users\Del\AppData\Local\VirtualStore

 

--------------------\\ Tâches planifiées dans C:\Windows\tasks

 

[28/08/2008 15:09][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{0ABF3A6D-8D99-404F-92AF-B5AE48A52F5F}.job

[28/08/2008 15:06][--ah-----] C:\Windows\tasks\SA.DAT

[28/08/2008 13:36][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Listing des dossiers dans C:\ProgramData

 

[21/11/2007|08:48] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

[26/07/2008|16:32] C:\ProgramData\2 Dead Dead.2i417s

[19/08/2008|19:53] C:\ProgramData\2 Dead Dead.77mdp

[15/08/2008|13:06] C:\ProgramData\2 Dead Dead.arrmz5

[19/08/2008|20:15] C:\ProgramData\2 Dead Dead.ecjqj6

[15/08/2008|13:06] C:\ProgramData\2 Dead Dead.h943dh

[19/08/2008|20:58] C:\ProgramData\2 Dead Dead.k7z6u8z

[19/08/2008|19:09] C:\ProgramData\2 Dead Dead.kqnc3q

[19/08/2008|20:36] C:\ProgramData\2 Dead Dead.vi6rrv6

[19/08/2008|19:31] C:\ProgramData\2 Dead Dead.yclgo

[18/07/2008|21:50] C:\ProgramData\Adobe

[02/11/2006|15:02] C:\ProgramData\Application Data

[14/05/2008|19:44] C:\ProgramData\Atheros

[12/07/2008|18:03] C:\ProgramData\Avira

[15/08/2008|13:06] C:\ProgramData\bait wave film.qdu76

[12/07/2008|16:12] C:\ProgramData\Bureau

[15/08/2008|13:06] C:\ProgramData\comp two long internet

[14/05/2008|20:00] C:\ProgramData\CyberLink

[02/11/2006|15:02] C:\ProgramData\Desktop

[02/11/2006|15:02] C:\ProgramData\Documents

[12/07/2008|16:25] C:\ProgramData\Electronic Arts

[12/07/2008|16:12] C:\ProgramData\Favoris

[02/11/2006|15:02] C:\ProgramData\Favorites

[21/08/2008|15:39] C:\ProgramData\Google

[28/08/2008|12:37] C:\ProgramData\Google Updater

[12/07/2008|16:33] C:\ProgramData\Hewlett-Packard

[18/07/2008|18:21] C:\ProgramData\HP

[12/07/2008|17:51] C:\ProgramData\LuUninstall.LiveUpdate

[12/07/2008|16:12] C:\ProgramData\Menu D‚marrer

[26/07/2008|19:48] C:\ProgramData\Messenger Plus!

[12/07/2008|16:38] C:\ProgramData\Microsoft

[15/08/2008|03:08] C:\ProgramData\Microsoft Help

[12/07/2008|16:12] C:\ProgramData\ModŠles

[13/07/2008|12:58] C:\ProgramData\Mozilla

[21/11/2007|08:34] C:\ProgramData\muvee Technologies

[26/07/2008|16:32] C:\ProgramData\real spam blue.2uubg

[28/08/2008|13:38] C:\ProgramData\Spybot - Search & Destroy

[02/11/2006|15:02] C:\ProgramData\Start Menu

[13/07/2008|12:36] C:\ProgramData\Symantec

[02/11/2006|15:02] C:\ProgramData\Templates

[24/08/2008|22:36] C:\ProgramData\trans view

[21/11/2007|08:11] C:\ProgramData\Viewpoint

[01/08/2008|22:41] C:\ProgramData\WildTangent

[13/07/2008|13:55] C:\ProgramData\WLInstaller

[25/08/2008|00:26] C:\ProgramData\Yahoo! Companion

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[21/11/2007|08:48] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

[18/07/2008|21:50] C:\Program Files\Adobe

[21/11/2007|08:11] C:\Program Files\AIM6

[12/07/2008|18:26] C:\Program Files\AOL

[14/05/2008|19:47] C:\Program Files\Apoint2K

[14/05/2008|19:44] C:\Program Files\Atheros

[12/07/2008|18:03] C:\Program Files\Avira

[24/08/2008|21:43] C:\Program Files\CCleaner

[24/08/2008|21:52] C:\Program Files\Circle Developement

[20/08/2008|11:59] C:\Program Files\Common Files

[14/05/2008|19:52] C:\Program Files\CONEXANT

[14/05/2008|20:04] C:\Program Files\CyberLink

[12/07/2008|18:31] C:\Program Files\desktop.ini

[15/08/2008|17:00] C:\Program Files\e-Carte Bleue La Banque Postale

[23/08/2008|20:52] C:\Program Files\Electronic Arts

[12/07/2008|16:12] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]

[21/08/2008|15:39] C:\Program Files\Google

[20/08/2008|12:01] C:\Program Files\Hewlett-Packard

[28/08/2008|15:14] C:\Program Files\HijackThis

[14/05/2008|19:58] C:\Program Files\Hp

[14/05/2008|20:07] C:\Program Files\HP Games

[20/08/2008|12:30] C:\Program Files\HP Photosmart 11

[14/05/2008|20:00] C:\Program Files\HPQ

[15/08/2008|17:00] C:\Program Files\InstallShield Installation Information

[14/05/2008|19:49] C:\Program Files\Intel

[15/08/2008|03:14] C:\Program Files\Internet Explorer

[21/11/2007|09:13] C:\Program Files\Java

[26/07/2008|16:31] C:\Program Files\Messenger Plus! Live

[02/11/2006|14:37] C:\Program Files\Microsoft Games

[21/11/2007|08:46] C:\Program Files\Microsoft Office

[21/11/2007|08:47] C:\Program Files\Microsoft Works

[21/11/2007|08:46] C:\Program Files\Microsoft.NET

[21/11/2007|15:44] C:\Program Files\Movie Maker

[30/07/2008|14:14] C:\Program Files\Mozilla Firefox

[02/11/2006|14:37] C:\Program Files\MSBuild

[02/11/2006|14:37] C:\Program Files\MSN

[12/07/2008|17:58] C:\Program Files\MSXML 4.0

[21/11/2007|08:34] C:\Program Files\muvee Technologies

[14/05/2008|19:49] C:\Program Files\NetWaiting

[12/07/2008|17:47] C:\Program Files\Online Services

[14/05/2008|19:47] C:\Program Files\Realtek

[02/11/2006|14:37] C:\Program Files\Reference Assemblies

[24/08/2008|21:37] C:\Program Files\Spybot - Search & Destroy

[02/11/2006|15:01] C:\Program Files\Uninstall Information

[27/07/2008|17:36] C:\Program Files\VideoLAN

[21/11/2007|08:11] C:\Program Files\Viewpoint

[21/11/2007|08:04] C:\Program Files\Windows Calendar

[21/11/2007|15:44] C:\Program Files\Windows Collaboration

[21/11/2007|08:04] C:\Program Files\Windows Defender

[21/11/2007|15:44] C:\Program Files\Windows Journal

[13/07/2008|14:04] C:\Program Files\Windows Live

[15/08/2008|03:14] C:\Program Files\Windows Mail

[12/07/2008|18:25] C:\Program Files\Windows Media Player

[12/07/2008|16:12] C:\Program Files\Windows NT

[21/11/2007|15:44] C:\Program Files\Windows Photo Gallery

[12/07/2008|18:25] C:\Program Files\Windows Sidebar

[24/08/2008|21:43] C:\Program Files\Yahoo!

 

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

 

[18/07/2008|21:50] C:\Program Files\Common Files\Adobe

[21/11/2007|08:10] C:\Program Files\Common Files\AOL

[21/11/2007|08:46] C:\Program Files\Common Files\DESIGNER

[21/11/2007|09:00] C:\Program Files\Common Files\InstallShield

[21/11/2007|09:13] C:\Program Files\Common Files\Java

[15/07/2008|19:49] C:\Program Files\Common Files\microsoft shared

[20/08/2008|11:59] C:\Program Files\Common Files\MSSoap

[21/11/2007|08:34] C:\Program Files\Common Files\muvee Technologies

[02/11/2006|13:18] C:\Program Files\Common Files\Services

[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines

[13/07/2008|12:37] C:\Program Files\Common Files\Symantec Shared

[21/11/2007|08:04] C:\Program Files\Common Files\System

[13/07/2008|14:04] C:\Program Files\Common Files\WindowsLiveInstaller

 

--------------------\\ Process

 

( 78 Processus )

 

iexplore.exe ~ [PID:2260]

IEXPLORE.EXE ~ [PID:2828]

IEXPLORE.EXE ~ [PID:3468]

 

--------------------\\ Recherche avec S_Lop

 

C:\ProgramData\2 Dead Dead.77mdp

C:\ProgramData\2 Dead Dead.yclgo

C:\ProgramData\bait wave film.qdu76

C:\ProgramData\real spam blue.2uubg

C:\ProgramData\2 Dead Dead.2i417s

C:\ProgramData\2 Dead Dead.arrmz5

C:\ProgramData\2 Dead Dead.ecjqj6

C:\ProgramData\2 Dead Dead.h943dh

C:\ProgramData\2 Dead Dead.kqnc3q

C:\ProgramData\2 Dead Dead.k7z6u8z

C:\ProgramData\2 Dead Dead.vi6rrv6

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\ProgramData\comp two long internet

C:\ProgramData\comp two long internet\Bore fork.exe

C:\ProgramData\comp two long internet\Heart about.exe

C:\Program Files\Circle Developement

C:\Users\Del\AppData\Roaming\MICROS~1\Windows\Cookies\del@adopt.euroclick[1].txt

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ByteMedia"="\"C:\\ProgramData\\2 Dead Dead.k7z6u8z\""

"Long Internet Team Stupid"="\"C:\\ProgramData\\bait wave film.qdu76\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 15:31:05

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 234

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:38][D:8]-> C:\Users\Del\AppData\Local\Temp

[F:26][D:1]-> C:\Users\Del\AppData\Roaming\MICROS~1\Windows\Cookies

[F:96][D:4]-> C:\Users\Del\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:3][D:3]-> C:\$Recycle.Bin

 

--------------------\\ Fin du rapport a 15:32:33

[ UAC => 1 ]

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Hou les vilains. On va les virer maintenant. :P

 

Relance Lop S&D

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

saqhah Member

saqhah

Posté(e)
  • Auteur
Posté(e) (modifié)

 

Je reviens en fin de journée :P Donc ben si vous n'avez pas le temps ou devez aider quelqu'un d'autre n'hesitez pas :P

 

Bonne journée zebulonien--------------------\\ Lop S&D 4.2.3-6 XP/Vista

 

Microsoft® Windows Vista Édition Familiale Premium ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU T2370 @ 1.73GHz )

BIOS : Default System BIOS

USER : Del ( Administrator )

BOOT : Normal boot

Antivirus : Norton Internet Security 15.0.0.60 (Activated)

Firewall : Norton Internet Security 15.0.0.60 (Not Activated)

 

"C:\Lop SD" ( MAJ : 27-08-2008|22:40 )

Option : [2] ( 28/08/2008|15:42 )

 

[ UAC => 1 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\ProgramData\comp two long internet\Bore fork.exe

Supprime! - C:\ProgramData\comp two long internet\Heart about.exe

Supprime! - C:\ProgramData\2 Dead Dead.77mdp

Supprime! - C:\ProgramData\2 Dead Dead.yclgo

Supprime! - C:\ProgramData\bait wave film.qdu76

Supprime! - C:\ProgramData\real spam blue.2uubg

Supprime! - C:\ProgramData\2 Dead Dead.2i417s

Supprime! - C:\ProgramData\2 Dead Dead.arrmz5

Supprime! - C:\ProgramData\2 Dead Dead.ecjqj6

Supprime! - C:\ProgramData\2 Dead Dead.h943dh

Supprime! - C:\ProgramData\2 Dead Dead.kqnc3q

Supprime! - C:\ProgramData\2 Dead Dead.k7z6u8z

Supprime! - C:\ProgramData\2 Dead Dead.vi6rrv6

Supprime! - C:\ProgramData\comp two long internet

Supprime! - C:\Program Files\Circle Developement

-

[ Fichier Hosts ] .. Restaure!

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

Supprime! - C:\Program Files\Viewpoint

Supprime! - C:\PROGRA~2\Viewpoint

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans Local

 

[12/07/2008|16:17] C:\Users\Del\AppData\Local\Application Data

[12/07/2008|16:32] C:\Users\Del\AppData\Local\AtStart.txt

[28/08/2008|14:07] C:\Users\Del\AppData\Local\d3d9caps.dat

[28/08/2008|00:19] C:\Users\Del\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[12/07/2008|16:24] C:\Users\Del\AppData\Local\Downloaded Installations

[12/07/2008|16:32] C:\Users\Del\AppData\Local\DSwitch.txt

[12/07/2008|16:32] C:\Users\Del\AppData\Local\GDIPFONTCACHEV1.DAT

[13/07/2008|12:58] C:\Users\Del\AppData\Local\Google

[20/08/2008|10:41] C:\Users\Del\AppData\Local\Hewlett-Packard

[12/07/2008|16:17] C:\Users\Del\AppData\Local\Historique

[19/07/2008|19:30] C:\Users\Del\AppData\Local\Microsoft

[19/07/2008|19:43] C:\Users\Del\AppData\Local\Microsoft Games

[15/07/2008|19:49] C:\Users\Del\AppData\Local\Microsoft Help

[13/07/2008|12:58] C:\Users\Del\AppData\Local\Mozilla

[12/07/2008|16:32] C:\Users\Del\AppData\Local\QSwitch.txt

[19/07/2008|17:31] C:\Users\Del\AppData\Local\QuickPlay

[28/08/2008|15:42] C:\Users\Del\AppData\Local\Temp

[12/07/2008|16:17] C:\Users\Del\AppData\Local\Temporary Internet Files

[13/07/2008|12:58] C:\Users\Del\AppData\Local\VirtualStore

 

--------------------\\ Tâches planifiées dans C:\Windows\tasks

 

[28/08/2008 15:09][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{0ABF3A6D-8D99-404F-92AF-B5AE48A52F5F}.job

[28/08/2008 15:06][--ah-----] C:\Windows\tasks\SA.DAT

[28/08/2008 13:36][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Listing des dossiers dans C:\ProgramData

 

[21/11/2007|08:48] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

[18/07/2008|21:50] C:\ProgramData\Adobe

[02/11/2006|15:02] C:\ProgramData\Application Data

[14/05/2008|19:44] C:\ProgramData\Atheros

[12/07/2008|18:03] C:\ProgramData\Avira

[12/07/2008|16:12] C:\ProgramData\Bureau

[14/05/2008|20:00] C:\ProgramData\CyberLink

[02/11/2006|15:02] C:\ProgramData\Desktop

[02/11/2006|15:02] C:\ProgramData\Documents

[12/07/2008|16:25] C:\ProgramData\Electronic Arts

[12/07/2008|16:12] C:\ProgramData\Favoris

[02/11/2006|15:02] C:\ProgramData\Favorites

[21/08/2008|15:39] C:\ProgramData\Google

[28/08/2008|12:37] C:\ProgramData\Google Updater

[12/07/2008|16:33] C:\ProgramData\Hewlett-Packard

[18/07/2008|18:21] C:\ProgramData\HP

[12/07/2008|17:51] C:\ProgramData\LuUninstall.LiveUpdate

[12/07/2008|16:12] C:\ProgramData\Menu D‚marrer

[26/07/2008|19:48] C:\ProgramData\Messenger Plus!

[12/07/2008|16:38] C:\ProgramData\Microsoft

[15/08/2008|03:08] C:\ProgramData\Microsoft Help

[12/07/2008|16:12] C:\ProgramData\ModŠles

[13/07/2008|12:58] C:\ProgramData\Mozilla

[21/11/2007|08:34] C:\ProgramData\muvee Technologies

[28/08/2008|13:38] C:\ProgramData\Spybot - Search & Destroy

[02/11/2006|15:02] C:\ProgramData\Start Menu

[13/07/2008|12:36] C:\ProgramData\Symantec

[02/11/2006|15:02] C:\ProgramData\Templates

[24/08/2008|22:36] C:\ProgramData\trans view

[01/08/2008|22:41] C:\ProgramData\WildTangent

[13/07/2008|13:55] C:\ProgramData\WLInstaller

[25/08/2008|00:26] C:\ProgramData\Yahoo! Companion

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[21/11/2007|08:48] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

[18/07/2008|21:50] C:\Program Files\Adobe

[21/11/2007|08:11] C:\Program Files\AIM6

[12/07/2008|18:26] C:\Program Files\AOL

[14/05/2008|19:47] C:\Program Files\Apoint2K

[14/05/2008|19:44] C:\Program Files\Atheros

[12/07/2008|18:03] C:\Program Files\Avira

[24/08/2008|21:43] C:\Program Files\CCleaner

[20/08/2008|11:59] C:\Program Files\Common Files

[14/05/2008|19:52] C:\Program Files\CONEXANT

[14/05/2008|20:04] C:\Program Files\CyberLink

[12/07/2008|18:31] C:\Program Files\desktop.ini

[15/08/2008|17:00] C:\Program Files\e-Carte Bleue La Banque Postale

[23/08/2008|20:52] C:\Program Files\Electronic Arts

[12/07/2008|16:12] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]

[21/08/2008|15:39] C:\Program Files\Google

[20/08/2008|12:01] C:\Program Files\Hewlett-Packard

[28/08/2008|15:14] C:\Program Files\HijackThis

[14/05/2008|19:58] C:\Program Files\Hp

[14/05/2008|20:07] C:\Program Files\HP Games

[20/08/2008|12:30] C:\Program Files\HP Photosmart 11

[14/05/2008|20:00] C:\Program Files\HPQ

[15/08/2008|17:00] C:\Program Files\InstallShield Installation Information

[14/05/2008|19:49] C:\Program Files\Intel

[15/08/2008|03:14] C:\Program Files\Internet Explorer

[21/11/2007|09:13] C:\Program Files\Java

[26/07/2008|16:31] C:\Program Files\Messenger Plus! Live

[02/11/2006|14:37] C:\Program Files\Microsoft Games

[21/11/2007|08:46] C:\Program Files\Microsoft Office

[21/11/2007|08:47] C:\Program Files\Microsoft Works

[21/11/2007|08:46] C:\Program Files\Microsoft.NET

[21/11/2007|15:44] C:\Program Files\Movie Maker

[30/07/2008|14:14] C:\Program Files\Mozilla Firefox

[02/11/2006|14:37] C:\Program Files\MSBuild

[02/11/2006|14:37] C:\Program Files\MSN

[12/07/2008|17:58] C:\Program Files\MSXML 4.0

[21/11/2007|08:34] C:\Program Files\muvee Technologies

[14/05/2008|19:49] C:\Program Files\NetWaiting

[12/07/2008|17:47] C:\Program Files\Online Services

[14/05/2008|19:47] C:\Program Files\Realtek

[02/11/2006|14:37] C:\Program Files\Reference Assemblies

[24/08/2008|21:37] C:\Program Files\Spybot - Search & Destroy

[02/11/2006|15:01] C:\Program Files\Uninstall Information

[27/07/2008|17:36] C:\Program Files\VideoLAN

[21/11/2007|08:04] C:\Program Files\Windows Calendar

[21/11/2007|15:44] C:\Program Files\Windows Collaboration

[21/11/2007|08:04] C:\Program Files\Windows Defender

[21/11/2007|15:44] C:\Program Files\Windows Journal

[13/07/2008|14:04] C:\Program Files\Windows Live

[15/08/2008|03:14] C:\Program Files\Windows Mail

[12/07/2008|18:25] C:\Program Files\Windows Media Player

[12/07/2008|16:12] C:\Program Files\Windows NT

[21/11/2007|15:44] C:\Program Files\Windows Photo Gallery

[12/07/2008|18:25] C:\Program Files\Windows Sidebar

[24/08/2008|21:43] C:\Program Files\Yahoo!

 

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

 

[18/07/2008|21:50] C:\Program Files\Common Files\Adobe

[21/11/2007|08:10] C:\Program Files\Common Files\AOL

[21/11/2007|08:46] C:\Program Files\Common Files\DESIGNER

[21/11/2007|09:00] C:\Program Files\Common Files\InstallShield

[21/11/2007|09:13] C:\Program Files\Common Files\Java

[15/07/2008|19:49] C:\Program Files\Common Files\microsoft shared

[20/08/2008|11:59] C:\Program Files\Common Files\MSSoap

[21/11/2007|08:34] C:\Program Files\Common Files\muvee Technologies

[02/11/2006|13:18] C:\Program Files\Common Files\Services

[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines

[13/07/2008|12:37] C:\Program Files\Common Files\Symantec Shared

[21/11/2007|08:04] C:\Program Files\Common Files\System

[13/07/2008|14:04] C:\Program Files\Common Files\WindowsLiveInstaller

 

--------------------\\ Process

 

( 69 Processus )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\Users\Del\AppData\Roaming\MICROS~1\Windows\Cookies\del@adopt.euroclick[2].txt

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 15:43:33

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 234

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:37][D:8]-> C:\Users\Del\AppData\Local\Temp

[F:30][D:1]-> C:\Users\Del\AppData\Roaming\MICROS~1\Windows\Cookies

[F:96][D:4]-> C:\Users\Del\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:3][D:3]-> C:\$Recycle.Bin

 

--------------------\\ Fin du rapport a 15:44:57

[ UAC => 1 ]

Modifié par saqhah
saqhah Member

saqhah

Posté(e)
  • Auteur
Posté(e)
Ben je suis là hé. :P

 

Poste un nouveau rapport HijackThis.

 

 

lol merci et désolé ^^ Je croyais que tu m'avais oublié ^^

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:14:27, on 28/08/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Hp\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Long Internet Team Stupid] "C:\ProgramData\bait wave film.qdu76"

O4 - HKCU\..\Run: [byteMedia] "C:\ProgramData\2 Dead Dead.k7z6u8z"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9838 bytes

 

J'aimerais savoir, ou as tu appris à analyser tout ça? ^^

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Sélectionne entièrement l'encadré ci-dessous , puis clique droit et choisis Copier

C:\ProgramData\2 Dead Dead.k7z6u8z
C:\ProgramData\bait wave film.qdu76

Relance Lop S&D

Choisis cette fois ci l'Option 4 ( LopScript )

Une page blanche va s'ouvrir , clique droit dessus et choisis Coller

Ferme la page , il te sera demandé de l'enregistrer , clique sur [Enregistrer]

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

saqhah Member

saqhah

Posté(e)
  • Auteur
Posté(e)
--------------------\\ Lop S&D 4.2.3-6 XP/Vista

 

Microsoft® Windows Vista Édition Familiale Premium ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU T2370 @ 1.73GHz )

BIOS : Default System BIOS

USER : Del ( Administrator )

BOOT : Normal boot

Antivirus : Norton Internet Security 15.0.0.60 (Activated)

Firewall : Norton Internet Security 15.0.0.60 (Not Activated)

 

"C:\Lop SD" ( MAJ : 27-08-2008|22:40 )

Option : [4] ( 30/08/2008| 0:43 )

 

[ UAC => 1 ]

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

 

C:\ProgramData\2 Dead Dead.k7z6u8z

C:\ProgramData\bait wave film.qdu76

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans Local

 

[12/07/2008|16:17] C:\Users\Del\AppData\Local\Application Data

[12/07/2008|16:32] C:\Users\Del\AppData\Local\AtStart.txt

[28/08/2008|14:07] C:\Users\Del\AppData\Local\d3d9caps.dat

[29/08/2008|22:38] C:\Users\Del\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[12/07/2008|16:24] C:\Users\Del\AppData\Local\Downloaded Installations

[12/07/2008|16:32] C:\Users\Del\AppData\Local\DSwitch.txt

[12/07/2008|16:32] C:\Users\Del\AppData\Local\GDIPFONTCACHEV1.DAT

[13/07/2008|12:58] C:\Users\Del\AppData\Local\Google

[20/08/2008|10:41] C:\Users\Del\AppData\Local\Hewlett-Packard

[12/07/2008|16:17] C:\Users\Del\AppData\Local\Historique

[29/08/2008|03:19] C:\Users\Del\AppData\Local\IconCache.db

[19/07/2008|19:30] C:\Users\Del\AppData\Local\Microsoft

[19/07/2008|19:43] C:\Users\Del\AppData\Local\Microsoft Games

[15/07/2008|19:49] C:\Users\Del\AppData\Local\Microsoft Help

[13/07/2008|12:58] C:\Users\Del\AppData\Local\Mozilla

[12/07/2008|16:32] C:\Users\Del\AppData\Local\QSwitch.txt

[19/07/2008|17:31] C:\Users\Del\AppData\Local\QuickPlay

[30/08/2008|00:43] C:\Users\Del\AppData\Local\Temp

[12/07/2008|16:17] C:\Users\Del\AppData\Local\Temporary Internet Files

[13/07/2008|12:58] C:\Users\Del\AppData\Local\VirtualStore

 

--------------------\\ Tâches planifiées dans C:\Windows\tasks

 

[29/08/2008 17:38][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{0ABF3A6D-8D99-404F-92AF-B5AE48A52F5F}.job

[29/08/2008 16:31][--ah-----] C:\Windows\tasks\SA.DAT

[29/08/2008 03:19][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Listing des dossiers dans C:\ProgramData

 

[21/11/2007|08:48] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

[18/07/2008|21:50] C:\ProgramData\Adobe

[02/11/2006|15:02] C:\ProgramData\Application Data

[14/05/2008|19:44] C:\ProgramData\Atheros

[12/07/2008|18:03] C:\ProgramData\Avira

[12/07/2008|16:12] C:\ProgramData\Bureau

[14/05/2008|20:00] C:\ProgramData\CyberLink

[02/11/2006|15:02] C:\ProgramData\Desktop

[02/11/2006|15:02] C:\ProgramData\Documents

[12/07/2008|16:25] C:\ProgramData\Electronic Arts

[12/07/2008|16:12] C:\ProgramData\Favoris

[02/11/2006|15:02] C:\ProgramData\Favorites

[21/08/2008|15:39] C:\ProgramData\Google

[29/08/2008|13:37] C:\ProgramData\Google Updater

[12/07/2008|16:33] C:\ProgramData\Hewlett-Packard

[18/07/2008|18:21] C:\ProgramData\HP

[12/07/2008|17:51] C:\ProgramData\LuUninstall.LiveUpdate

[12/07/2008|16:12] C:\ProgramData\Menu D‚marrer

[26/07/2008|19:48] C:\ProgramData\Messenger Plus!

[12/07/2008|16:38] C:\ProgramData\Microsoft

[15/08/2008|03:08] C:\ProgramData\Microsoft Help

[12/07/2008|16:12] C:\ProgramData\ModŠles

[13/07/2008|12:58] C:\ProgramData\Mozilla

[21/11/2007|08:34] C:\ProgramData\muvee Technologies

[28/08/2008|13:38] C:\ProgramData\Spybot - Search & Destroy

[02/11/2006|15:02] C:\ProgramData\Start Menu

[13/07/2008|12:36] C:\ProgramData\Symantec

[02/11/2006|15:02] C:\ProgramData\Templates

[24/08/2008|22:36] C:\ProgramData\trans view

[01/08/2008|22:41] C:\ProgramData\WildTangent

[13/07/2008|13:55] C:\ProgramData\WLInstaller

[25/08/2008|00:26] C:\ProgramData\Yahoo! Companion

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[21/11/2007|08:48] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

[18/07/2008|21:50] C:\Program Files\Adobe

[21/11/2007|08:11] C:\Program Files\AIM6

[12/07/2008|18:26] C:\Program Files\AOL

[14/05/2008|19:47] C:\Program Files\Apoint2K

[14/05/2008|19:44] C:\Program Files\Atheros

[12/07/2008|18:03] C:\Program Files\Avira

[24/08/2008|21:43] C:\Program Files\CCleaner

[20/08/2008|11:59] C:\Program Files\Common Files

[14/05/2008|19:52] C:\Program Files\CONEXANT

[14/05/2008|20:04] C:\Program Files\CyberLink

[12/07/2008|18:31] C:\Program Files\desktop.ini

[15/08/2008|17:00] C:\Program Files\e-Carte Bleue La Banque Postale

[23/08/2008|20:52] C:\Program Files\Electronic Arts

[12/07/2008|16:12] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]

[21/08/2008|15:39] C:\Program Files\Google

[20/08/2008|12:01] C:\Program Files\Hewlett-Packard

[28/08/2008|15:14] C:\Program Files\HijackThis

[14/05/2008|19:58] C:\Program Files\Hp

[14/05/2008|20:07] C:\Program Files\HP Games

[20/08/2008|12:30] C:\Program Files\HP Photosmart 11

[14/05/2008|20:00] C:\Program Files\HPQ

[15/08/2008|17:00] C:\Program Files\InstallShield Installation Information

[14/05/2008|19:49] C:\Program Files\Intel

[15/08/2008|03:14] C:\Program Files\Internet Explorer

[21/11/2007|09:13] C:\Program Files\Java

[26/07/2008|16:31] C:\Program Files\Messenger Plus! Live

[02/11/2006|14:37] C:\Program Files\Microsoft Games

[21/11/2007|08:46] C:\Program Files\Microsoft Office

[21/11/2007|08:47] C:\Program Files\Microsoft Works

[21/11/2007|08:46] C:\Program Files\Microsoft.NET

[21/11/2007|15:44] C:\Program Files\Movie Maker

[30/07/2008|14:14] C:\Program Files\Mozilla Firefox

[02/11/2006|14:37] C:\Program Files\MSBuild

[02/11/2006|14:37] C:\Program Files\MSN

[12/07/2008|17:58] C:\Program Files\MSXML 4.0

[21/11/2007|08:34] C:\Program Files\muvee Technologies

[14/05/2008|19:49] C:\Program Files\NetWaiting

[12/07/2008|17:47] C:\Program Files\Online Services

[14/05/2008|19:47] C:\Program Files\Realtek

[02/11/2006|14:37] C:\Program Files\Reference Assemblies

[24/08/2008|21:37] C:\Program Files\Spybot - Search & Destroy

[02/11/2006|15:01] C:\Program Files\Uninstall Information

[27/07/2008|17:36] C:\Program Files\VideoLAN

[21/11/2007|08:04] C:\Program Files\Windows Calendar

[21/11/2007|15:44] C:\Program Files\Windows Collaboration

[21/11/2007|08:04] C:\Program Files\Windows Defender

[21/11/2007|15:44] C:\Program Files\Windows Journal

[13/07/2008|14:04] C:\Program Files\Windows Live

[15/08/2008|03:14] C:\Program Files\Windows Mail

[12/07/2008|18:25] C:\Program Files\Windows Media Player

[12/07/2008|16:12] C:\Program Files\Windows NT

[21/11/2007|15:44] C:\Program Files\Windows Photo Gallery

[12/07/2008|18:25] C:\Program Files\Windows Sidebar

[24/08/2008|21:43] C:\Program Files\Yahoo!

 

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

 

[18/07/2008|21:50] C:\Program Files\Common Files\Adobe

[21/11/2007|08:10] C:\Program Files\Common Files\AOL

[21/11/2007|08:46] C:\Program Files\Common Files\DESIGNER

[21/11/2007|09:00] C:\Program Files\Common Files\InstallShield

[21/11/2007|09:13] C:\Program Files\Common Files\Java

[15/07/2008|19:49] C:\Program Files\Common Files\microsoft shared

[20/08/2008|11:59] C:\Program Files\Common Files\MSSoap

[21/11/2007|08:34] C:\Program Files\Common Files\muvee Technologies

[02/11/2006|13:18] C:\Program Files\Common Files\Services

[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines

[13/07/2008|12:37] C:\Program Files\Common Files\Symantec Shared

[21/11/2007|08:04] C:\Program Files\Common Files\System

[13/07/2008|14:04] C:\Program Files\Common Files\WindowsLiveInstaller

 

--------------------\\ Process

 

( 68 Processus )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-30 00:44:21

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 234

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:58][D:7]-> C:\Users\Del\AppData\Local\Temp

[F:11][D:1]-> C:\Users\Del\AppData\Roaming\MICROS~1\Windows\Cookies

[F:59][D:6]-> C:\Users\Del\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:5][D:3]-> C:\$Recycle.Bin

 

--------------------\\ Fin du rapport a 0:45:59

[ UAC => 1 ]

 

 

Voilou

 

Merci pour ce que tu fais Falkra :P

 

J'espère un jour je pourrais aider comme toi ^^ (Oui parce que je rentre en IUT info :P ) enfin voila quoi :P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...