[Résolu] demande d'aide HijackThis

[marion1707]

bonjour y a t'il des chose infecter dans mon pc :

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:34:32, on 07/09/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Windows\VM305_STI.EXE

C:\Program Files\EoRezo\EoEngine.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Utilisateur\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

C:\Users\Utilisateur\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Users\Utilisateur\Desktop\HiJackThis.exe

C:\Windows\system32\DllHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [bigDog305] C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"

O4 - HKLM\..\Run: [itsTV] "C:\Program Files\Its Label\ItsTV\ItsTV.exe"

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [joy obj] "C:\ProgramData\bashsupportsupport.aw7u7o"

O4 - HKLM\..\Run: [bags Else Hole Lite] "C:\ProgramData\Lite fast hold.vbc5du"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: Outil de notification Live Search.lnk = Utilisateur\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

O4 - Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Utilisateur\AppData\LocalLow\Dealio\kb126\res\DealioSearch.html

O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html

O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Download Video - {B53C7980-9F20-48BB-8FC3-5A1CC9660C48} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html

O9 - Extra 'Tools' menuitem: Download Video on This Page - {B53C7980-9F20-48BB-8FC3-5A1CC9660C48} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 11960 bytes

 

 

 

 

 

merci

Modifié le 7 septembre 2008 par marion1707

[Falkra]

Bonjour, oui, en effet. Je vais te demander 2 rapports d'analyse pour commencer.

 

** 1 **

 

Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan

 

Télécharge Lop S&D < ici

 

Double-clique sur Lop S&D.exe présent sur ton bureau

Séléctionne la langue souhaitée, puis choisis l'Option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

 

 

** 2 **

 

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

• Lance l'installation du programme en exécutant le fichier téléchargé.
  
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
  
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  
• Poste le rapport généré. (C:\TB.txt)
  

[marion1707]

c'est normal que vous m'avez donné 2 fois la même chose a faire ??

[marion1707]

--------------------\\ Lop S&D 4.2.4-1 XP/Vista

 

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Core Duo CPU T2300 @ 1.66GHz )

BIOS : KBC Version 82.14

USER : Utilisateur ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)

 

"C:\Lop SD" ( MAJ : 06-09-2008|22:02 )

Option : [1] ( 07/09/2008|15:51 )

 

[ UAC => 1 ]

 

--------------------\\ Listing des dossiers dans Local

 

[25/05/2008|16:23] C:\Users\UTILIS~1\AppData\Local\Adobe

[13/11/2007|10:07] C:\Users\UTILIS~1\AppData\Local\Application Data

[13/11/2007|12:58] C:\Users\UTILIS~1\AppData\Local\ApplicationHistory

[13/11/2007|10:17] C:\Users\UTILIS~1\AppData\Local\AtStart.txt

[25/07/2008|03:03] C:\Users\UTILIS~1\AppData\Local\d3d9caps.dat

[07/09/2008|01:55] C:\Users\UTILIS~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[13/11/2007|10:17] C:\Users\UTILIS~1\AppData\Local\DSwitch.txt

[10/12/2007|18:38] C:\Users\UTILIS~1\AppData\Local\eMule

[13/11/2007|12:57] C:\Users\UTILIS~1\AppData\Local\fusioncache.dat

[13/11/2007|10:17] C:\Users\UTILIS~1\AppData\Local\GDIPFONTCACHEV1.DAT

[02/06/2008|17:43] C:\Users\UTILIS~1\AppData\Local\Google

[13/11/2007|10:07] C:\Users\UTILIS~1\AppData\Local\Historique

[07/09/2008|15:03] C:\Users\UTILIS~1\AppData\Local\IconCache.db

[12/05/2008|17:28] C:\Users\UTILIS~1\AppData\Local\Microsoft

[15/12/2007|12:52] C:\Users\UTILIS~1\AppData\Local\Microsoft Games

[23/03/2008|12:15] C:\Users\UTILIS~1\AppData\Local\Mozilla

[13/11/2007|10:17] C:\Users\UTILIS~1\AppData\Local\QSwitch.txt

[07/09/2008|15:50] C:\Users\UTILIS~1\AppData\Local\Temp

[13/11/2007|10:07] C:\Users\UTILIS~1\AppData\Local\Temporary Internet Files

[24/04/2008|20:17] C:\Users\UTILIS~1\AppData\Local\VirtualStore

 

--------------------\\ Tâches planifiées dans C:\Windows\tasks

 

[13/11/2007 13:05][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job

[07/09/2008 15:04][--ah-----] C:\Windows\tasks\SA.DAT

[07/09/2008 15:03][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Listing des dossiers dans C:\ProgramData

 

[31/05/2007|10:44] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}

[31/05/2007|10:30] C:\ProgramData\Adobe

[02/11/2006|14:59] C:\ProgramData\Application Data

[24/08/2008|13:45] C:\ProgramData\Avira

[06/09/2008|21:47] C:\ProgramData\bashsupportsupport.1i1nsl

[06/09/2008|19:28] C:\ProgramData\bashsupportsupport.3a8drh

[06/09/2008|18:22] C:\ProgramData\bashsupportsupport.3gsfv

[06/09/2008|22:31] C:\ProgramData\bashsupportsupport.3i5pj9

[05/09/2008|13:13] C:\ProgramData\bashsupportsupport.4ycmy22

[05/09/2008|07:25] C:\ProgramData\bashsupportsupport.50q1p

[05/09/2008|07:48] C:\ProgramData\bashsupportsupport.56sxz

[06/09/2008|20:11] C:\ProgramData\bashsupportsupport.8l3x6n

[05/09/2008|20:26] C:\ProgramData\bashsupportsupport.a1amia

[05/09/2008|19:42] C:\ProgramData\bashsupportsupport.apcw6

[07/09/2008|02:54] C:\ProgramData\bashsupportsupport.aw7u7o

[06/09/2008|18:00] C:\ProgramData\bashsupportsupport.c9oizwg

[06/09/2008|18:44] C:\ProgramData\bashsupportsupport.c9u1h

[06/09/2008|22:09] C:\ProgramData\bashsupportsupport.ckg6z8h

[06/09/2008|19:06] C:\ProgramData\bashsupportsupport.croarf

[05/09/2008|21:09] C:\ProgramData\bashsupportsupport.czbgjo3

[06/09/2008|22:53] C:\ProgramData\bashsupportsupport.d03qimx

[07/09/2008|01:48] C:\ProgramData\bashsupportsupport.diqqfl

[07/09/2008|02:32] C:\ProgramData\bashsupportsupport.g2c9vi

[06/09/2008|23:15] C:\ProgramData\bashsupportsupport.g2n8p

[05/09/2008|19:20] C:\ProgramData\bashsupportsupport.gar27u5

[07/09/2008|01:26] C:\ProgramData\bashsupportsupport.hrjcfog

[06/09/2008|21:25] C:\ProgramData\bashsupportsupport.i6nr3w

[05/09/2008|07:25] C:\ProgramData\bashsupportsupport.krp02

[05/09/2008|20:48] C:\ProgramData\bashsupportsupport.nz935

[07/09/2008|02:10] C:\ProgramData\bashsupportsupport.o0s0jxl

[06/09/2008|23:46] C:\ProgramData\bashsupportsupport.odmy5n9

[05/09/2008|21:53] C:\ProgramData\bashsupportsupport.phbka1

[05/09/2008|20:04] C:\ProgramData\bashsupportsupport.rugrvsv

[05/09/2008|21:31] C:\ProgramData\bashsupportsupport.rxpwcfv

[07/09/2008|00:08] C:\ProgramData\bashsupportsupport.vgono

[06/09/2008|19:50] C:\ProgramData\bashsupportsupport.z5w4wa

[06/12/2006|20:35] C:\ProgramData\Bureau

[02/11/2006|14:59] C:\ProgramData\Desktop

[02/11/2006|14:59] C:\ProgramData\Documents

[10/12/2007|18:45] C:\ProgramData\eMule

[06/12/2006|20:35] C:\ProgramData\Favoris

[02/11/2006|14:59] C:\ProgramData\Favorites

[13/11/2007|10:12] C:\ProgramData\Google

[04/08/2008|15:32] C:\ProgramData\GRETECH

[31/05/2007|10:32] C:\ProgramData\Hewlett-Packard

[05/09/2008|07:26] C:\ProgramData\Iso Web Bags Else

[05/09/2008|07:26] C:\ProgramData\Lite fast hold.vbc5du

[24/08/2008|13:47] C:\ProgramData\Malwarebytes

[06/12/2006|20:35] C:\ProgramData\Menu D‚marrer

[31/07/2008|21:59] C:\ProgramData\Messenger Plus!

[23/11/2007|21:04] C:\ProgramData\Microsoft

[23/08/2008|07:35] C:\ProgramData\Microsoft Help

[06/12/2006|20:35] C:\ProgramData\ModŠles

[23/03/2008|12:15] C:\ProgramData\Mozilla

[19/03/2008|21:14] C:\ProgramData\PhotoME

[13/11/2007|19:14] C:\ProgramData\Roxio

[07/09/2008|01:56] C:\ProgramData\scrnewdash

[13/11/2007|19:10] C:\ProgramData\Sonic

[02/11/2006|14:59] C:\ProgramData\Start Menu

[24/04/2008|20:16] C:\ProgramData\SweetIM

[02/11/2006|14:59] C:\ProgramData\Templates

[12/05/2008|18:32] C:\ProgramData\WLInstaller

[23/03/2008|13:49] C:\ProgramData\Yahoo! Companion

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[31/05/2007|10:44] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

[31/05/2007|10:30] C:\Program Files\Adobe

[13/11/2007|10:25] C:\Program Files\Alwil Software

[24/08/2008|13:45] C:\Program Files\Avira

[23/03/2008|12:24] C:\Program Files\CCleaner

[03/08/2008|16:08] C:\Program Files\CDBurnerXP

[05/09/2008|07:24] C:\Program Files\Circle Developement

[13/11/2007|12:21] C:\Program Files\Common Files

[23/05/2008|07:32] C:\Program Files\CONEXANT

[23/03/2008|12:02] C:\Program Files\Dealio

[27/07/2008|21:56] C:\Program Files\Easy GIF Animator

[27/07/2008|21:56] C:\Program Files\Easy Gif Animator Extension

[12/03/2008|20:23] C:\Program Files\EoRezo

[06/12/2006|20:35] C:\Program Files\Fichiers communs [c:\Program Files\Common Files]

[24/08/2008|13:51] C:\Program Files\Free Music Zilla

[23/03/2008|12:00] C:\Program Files\Free Video Converter

[27/07/2008|21:55] C:\Program Files\GIMP-2.0

[13/11/2007|10:29] C:\Program Files\Google

[04/08/2008|15:31] C:\Program Files\GRETECH

[31/05/2007|11:11] C:\Program Files\Hewlett-Packard

[31/05/2007|11:08] C:\Program Files\Hp

[13/11/2007|10:11] C:\Program Files\InstallShield Installation Information

[15/08/2008|03:13] C:\Program Files\Internet Explorer

[13/11/2007|10:11] C:\Program Files\InterVideo

[12/03/2008|20:25] C:\Program Files\Its Label

[11/07/2008|07:10] C:\Program Files\Java

[25/08/2008|03:36] C:\Program Files\LimeWire

[24/08/2008|13:48] C:\Program Files\Malwarebytes' Anti-Malware

[05/09/2008|07:24] C:\Program Files\Messenger Plus! Live

[02/11/2006|14:35] C:\Program Files\Microsoft Games

[31/05/2007|10:43] C:\Program Files\Microsoft Office

[31/05/2007|10:43] C:\Program Files\Microsoft Small Business

[09/07/2008|19:41] C:\Program Files\Microsoft SQL Server

[13/11/2007|12:43] C:\Program Files\Microsoft SQL Server Compact Edition

[31/05/2007|10:38] C:\Program Files\Microsoft Visual Studio

[31/05/2007|10:38] C:\Program Files\Microsoft Works

[31/05/2007|10:41] C:\Program Files\Microsoft.NET

[02/11/2006|14:40] C:\Program Files\Movie Maker

[22/07/2008|07:31] C:\Program Files\Mozilla Firefox

[02/11/2006|14:35] C:\Program Files\MSBuild

[02/11/2006|14:35] C:\Program Files\MSN

[22/07/2008|07:13] C:\Program Files\MSXML 4.0

[02/06/2008|17:43] C:\Program Files\Picasa2

[02/11/2006|14:35] C:\Program Files\Reference Assemblies

[31/05/2007|10:48] C:\Program Files\Roxio

[23/03/2008|12:03] C:\Program Files\Search Settings

[24/08/2008|17:41] C:\Program Files\Secunia

[11/07/2008|07:10] C:\Program Files\Sun

[24/04/2008|20:16] C:\Program Files\SweetIM

[31/05/2007|10:51] C:\Program Files\Synaptics

[23/03/2008|11:59] C:\Program Files\Tomato

[02/11/2006|14:58] C:\Program Files\Uninstall Information

[04/08/2008|16:28] C:\Program Files\VideoLAN

[02/11/2006|14:40] C:\Program Files\Windows Calendar

[02/11/2006|14:40] C:\Program Files\Windows Collaboration

[02/11/2006|14:40] C:\Program Files\Windows Defender

[28/02/2008|13:23] C:\Program Files\Windows Live

[13/11/2007|13:04] C:\Program Files\Windows Live Favorites

[12/05/2008|17:31] C:\Program Files\Windows Live Safety Center

[13/11/2007|13:05] C:\Program Files\Windows Live Toolbar

[13/11/2007|12:04] C:\Program Files\Windows Mail

[13/11/2007|12:04] C:\Program Files\Windows Media Player

[06/12/2006|20:35] C:\Program Files\Windows NT

[02/11/2006|14:40] C:\Program Files\Windows Photo Gallery

[10/01/2008|18:42] C:\Program Files\Windows Sidebar

[23/03/2008|12:28] C:\Program Files\ZNsoft Corporation

 

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

 

[31/05/2007|10:30] C:\Program Files\Common Files\Adobe

[31/05/2007|10:38] C:\Program Files\Common Files\DESIGNER

[13/11/2007|10:08] C:\Program Files\Common Files\InstallShield

[13/11/2007|10:09] C:\Program Files\Common Files\InterVideo

[31/05/2007|11:00] C:\Program Files\Common Files\Java

[23/08/2008|07:32] C:\Program Files\Common Files\microsoft shared

[31/05/2007|10:46] C:\Program Files\Common Files\Roxio Shared

[02/11/2006|13:18] C:\Program Files\Common Files\Services

[31/05/2007|10:46] C:\Program Files\Common Files\Sonic Shared

[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines

[31/05/2007|10:49] C:\Program Files\Common Files\SureThing Shared

[13/11/2007|12:04] C:\Program Files\Common Files\System

[13/11/2007|12:33] C:\Program Files\Common Files\WindowsLiveInstaller

 

--------------------\\ Process

 

( 70 Processes )

 

iexplore.exe ~ [PID:2272]

 

--------------------\\ Recherche avec S_Lop

 

C:\ProgramData\bashsupportsupport.3gsfv

C:\ProgramData\bashsupportsupport.50q1p

C:\ProgramData\bashsupportsupport.56sxz

C:\ProgramData\bashsupportsupport.apcw6

C:\ProgramData\bashsupportsupport.c9u1h

C:\ProgramData\bashsupportsupport.g2n8p

C:\ProgramData\bashsupportsupport.krp02

C:\ProgramData\bashsupportsupport.nz935

C:\ProgramData\bashsupportsupport.vgono

C:\ProgramData\bashsupportsupport.1i1nsl

C:\ProgramData\bashsupportsupport.3a8drh

C:\ProgramData\bashsupportsupport.3i5pj9

C:\ProgramData\bashsupportsupport.8l3x6n

C:\ProgramData\bashsupportsupport.a1amia

C:\ProgramData\bashsupportsupport.aw7u7o

C:\ProgramData\bashsupportsupport.croarf

C:\ProgramData\bashsupportsupport.diqqfl

C:\ProgramData\bashsupportsupport.g2c9vi

C:\ProgramData\bashsupportsupport.i6nr3w

C:\ProgramData\bashsupportsupport.phbka1

C:\ProgramData\bashsupportsupport.z5w4wa

C:\ProgramData\Lite fast hold.vbc5du

C:\ProgramData\bashsupportsupport.4ycmy22

C:\ProgramData\bashsupportsupport.c9oizwg

C:\ProgramData\bashsupportsupport.ckg6z8h

C:\ProgramData\bashsupportsupport.czbgjo3

C:\ProgramData\bashsupportsupport.d03qimx

C:\ProgramData\bashsupportsupport.gar27u5

C:\ProgramData\bashsupportsupport.hrjcfog

C:\ProgramData\bashsupportsupport.o0s0jxl

C:\ProgramData\bashsupportsupport.odmy5n9

C:\ProgramData\bashsupportsupport.rugrvsv

C:\ProgramData\bashsupportsupport.rxpwcfv

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\ProgramData\Iso Web Bags Else

C:\ProgramData\Iso Web Bags Else\TRANS CDROM.exe

C:\Users\UTILIS~1\AppData\Local\Temp\msgpl_2733.tmp

C:\Users\UTILIS~1\AppData\Local\Temp\msgpl_6ddf.tmp

C:\Program Files\Circle Developement

C:\Program Files\Circle Developement\Uninstall.exe

C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies\utilisateur@adopt.euroclick[2].txt

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"joy obj"="\"C:\\ProgramData\\bashsupportsupport.aw7u7o\""

"Bags Else Hole Lite"="\"C:\\ProgramData\\Lite fast hold.vbc5du\""

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-07 15:51:53

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 255

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:250][D:18]-> C:\Users\UTILIS~1\AppData\Local\Temp

[F:235][D:1]-> C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies

[F:852][D:5]-> C:\Users\UTILIS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:56][D:8]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 07/09/2008|15:47 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 07/09/2008|15:51 - Option : [1]

3 - "C:\Lop SD\LopR_3.txt" - 07/09/2008|15:54 - Option : [1]

 

--------------------\\ Fin du rapport a 15:54:07

[ UAC => 1 ]

[Falkra]

J'ai corrigé j'ai mal tapé mon post.

 

2eme rapport : toolbar S&D.

 

@ toute, on nettoie tout ça après ton prochain rapport.

[marion1707]

-----------\\ ToolBar S&D 1.1.8 XP/Vista

 

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Core Duo CPU T2300 @ 1.66GHz )

BIOS : KBC Version 82.14

USER : Utilisateur ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)

 

"C:\ToolBar SD" ( MAJ : 07-09-2008|12:20 )

Option : [1] ( 07/09/2008|16:47 )

 

[ UAC => 1 ]

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio

C:\Program Files\Dealio

C:\Program Files\Dealio\DealioAU.exe

C:\Program Files\Dealio\kb126

C:\Program Files\Dealio\SearchSettingsKit.exe

C:\Program Files\Search Settings

C:\Program Files\Search Settings\kb126

C:\Program Files\Search Settings\SearchSettings.exe

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.fr/"

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie"

"Default_Search_URL"="http://www.google.com/ie"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://home.sweetim.com"

"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=none&bd=smb&pf=laptop"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[ UAC => 1 ]

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 07/09/2008|16:47 - Option : [1]

 

-----------\\ Fin du rapport a 16:47:23,61

 

 

 

 

 

 

 

voila mon 2EME rapport

[Falkra]

On va nettoyer tout ça.

 

** 1 **

 

Relance Lop S&D

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

 

** 2 **

 

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

 

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."

Tape explorer puis valide.

[marion1707]

--------------------\\ Lop S&D 4.2.4-1 XP/Vista

 

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Core Duo CPU T2300 @ 1.66GHz )

BIOS : KBC Version 82.14

USER : Utilisateur ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)

 

"C:\Lop SD" ( MAJ : 06-09-2008|22:02 )

Option : [2] ( 07/09/2008|16:53 )

 

[ UAC => 1 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\ProgramData\Iso Web Bags Else\TRANS CDROM.exe

Supprime! - C:\Users\UTILIS~1\AppData\Local\Temp\msgpl_2733.tmp

Supprime! - C:\Users\UTILIS~1\AppData\Local\Temp\msgpl_6ddf.tmp

Supprime! - C:\Program Files\Circle Developement\Uninstall.exe

Supprime! - C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies\utilisateur@adopt.euroclick[2].txt

Supprime! - C:\ProgramData\bashsupportsupport.3gsfv

Supprime! - C:\ProgramData\bashsupportsupport.50q1p

Supprime! - C:\ProgramData\bashsupportsupport.56sxz

Supprime! - C:\ProgramData\bashsupportsupport.apcw6

Supprime! - C:\ProgramData\bashsupportsupport.c9u1h

Supprime! - C:\ProgramData\bashsupportsupport.g2n8p

Supprime! - C:\ProgramData\bashsupportsupport.krp02

Supprime! - C:\ProgramData\bashsupportsupport.nz935

Supprime! - C:\ProgramData\bashsupportsupport.vgono

Supprime! - C:\ProgramData\bashsupportsupport.1i1nsl

Supprime! - C:\ProgramData\bashsupportsupport.3a8drh

Supprime! - C:\ProgramData\bashsupportsupport.3i5pj9

Supprime! - C:\ProgramData\bashsupportsupport.8l3x6n

Supprime! - C:\ProgramData\bashsupportsupport.a1amia

Supprime! - C:\ProgramData\bashsupportsupport.aw7u7o

Supprime! - C:\ProgramData\bashsupportsupport.croarf

Supprime! - C:\ProgramData\bashsupportsupport.diqqfl

Supprime! - C:\ProgramData\bashsupportsupport.g2c9vi

Supprime! - C:\ProgramData\bashsupportsupport.i6nr3w

Supprime! - C:\ProgramData\bashsupportsupport.phbka1

Supprime! - C:\ProgramData\bashsupportsupport.z5w4wa

Supprime! - C:\ProgramData\Lite fast hold.vbc5du

Supprime! - C:\ProgramData\bashsupportsupport.4ycmy22

Supprime! - C:\ProgramData\bashsupportsupport.c9oizwg

Supprime! - C:\ProgramData\bashsupportsupport.ckg6z8h

Supprime! - C:\ProgramData\bashsupportsupport.czbgjo3

Supprime! - C:\ProgramData\bashsupportsupport.d03qimx

Supprime! - C:\ProgramData\bashsupportsupport.gar27u5

Supprime! - C:\ProgramData\bashsupportsupport.hrjcfog

Supprime! - C:\ProgramData\bashsupportsupport.o0s0jxl

Supprime! - C:\ProgramData\bashsupportsupport.odmy5n9

Supprime! - C:\ProgramData\bashsupportsupport.rugrvsv

Supprime! - C:\ProgramData\bashsupportsupport.rxpwcfv

Supprime! - C:\ProgramData\Iso Web Bags Else

Supprime! - C:\Program Files\Circle Developement

-

[ Fichier Hosts ] .. Restaure!

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans Local

 

[25/05/2008|16:23] C:\Users\UTILIS~1\AppData\Local\Adobe

[13/11/2007|10:07] C:\Users\UTILIS~1\AppData\Local\Application Data

[13/11/2007|12:58] C:\Users\UTILIS~1\AppData\Local\ApplicationHistory

[13/11/2007|10:17] C:\Users\UTILIS~1\AppData\Local\AtStart.txt

[25/07/2008|03:03] C:\Users\UTILIS~1\AppData\Local\d3d9caps.dat

[07/09/2008|01:55] C:\Users\UTILIS~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[13/11/2007|10:17] C:\Users\UTILIS~1\AppData\Local\DSwitch.txt

[10/12/2007|18:38] C:\Users\UTILIS~1\AppData\Local\eMule

[13/11/2007|12:57] C:\Users\UTILIS~1\AppData\Local\fusioncache.dat

[13/11/2007|10:17] C:\Users\UTILIS~1\AppData\Local\GDIPFONTCACHEV1.DAT

[02/06/2008|17:43] C:\Users\UTILIS~1\AppData\Local\Google

[13/11/2007|10:07] C:\Users\UTILIS~1\AppData\Local\Historique

[07/09/2008|15:03] C:\Users\UTILIS~1\AppData\Local\IconCache.db

[12/05/2008|17:28] C:\Users\UTILIS~1\AppData\Local\Microsoft

[15/12/2007|12:52] C:\Users\UTILIS~1\AppData\Local\Microsoft Games

[23/03/2008|12:15] C:\Users\UTILIS~1\AppData\Local\Mozilla

[13/11/2007|10:17] C:\Users\UTILIS~1\AppData\Local\QSwitch.txt

[07/09/2008|16:53] C:\Users\UTILIS~1\AppData\Local\Temp

[13/11/2007|10:07] C:\Users\UTILIS~1\AppData\Local\Temporary Internet Files

[24/04/2008|20:17] C:\Users\UTILIS~1\AppData\Local\VirtualStore

 

--------------------\\ Tâches planifiées dans C:\Windows\tasks

 

[13/11/2007 13:05][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job

[07/09/2008 15:04][--ah-----] C:\Windows\tasks\SA.DAT

[07/09/2008 15:03][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Listing des dossiers dans C:\ProgramData

 

[31/05/2007|10:44] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}

[31/05/2007|10:30] C:\ProgramData\Adobe

[02/11/2006|14:59] C:\ProgramData\Application Data

[24/08/2008|13:45] C:\ProgramData\Avira

[06/12/2006|20:35] C:\ProgramData\Bureau

[02/11/2006|14:59] C:\ProgramData\Desktop

[02/11/2006|14:59] C:\ProgramData\Documents

[10/12/2007|18:45] C:\ProgramData\eMule

[06/12/2006|20:35] C:\ProgramData\Favoris

[02/11/2006|14:59] C:\ProgramData\Favorites

[13/11/2007|10:12] C:\ProgramData\Google

[04/08/2008|15:32] C:\ProgramData\GRETECH

[31/05/2007|10:32] C:\ProgramData\Hewlett-Packard

[24/08/2008|13:47] C:\ProgramData\Malwarebytes

[06/12/2006|20:35] C:\ProgramData\Menu D‚marrer

[31/07/2008|21:59] C:\ProgramData\Messenger Plus!

[23/11/2007|21:04] C:\ProgramData\Microsoft

[23/08/2008|07:35] C:\ProgramData\Microsoft Help

[06/12/2006|20:35] C:\ProgramData\ModŠles

[23/03/2008|12:15] C:\ProgramData\Mozilla

[19/03/2008|21:14] C:\ProgramData\PhotoME

[13/11/2007|19:14] C:\ProgramData\Roxio

[07/09/2008|01:56] C:\ProgramData\scrnewdash

[13/11/2007|19:10] C:\ProgramData\Sonic

[02/11/2006|14:59] C:\ProgramData\Start Menu

[24/04/2008|20:16] C:\ProgramData\SweetIM

[02/11/2006|14:59] C:\ProgramData\Templates

[12/05/2008|18:32] C:\ProgramData\WLInstaller

[23/03/2008|13:49] C:\ProgramData\Yahoo! Companion

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[31/05/2007|10:44] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

[31/05/2007|10:30] C:\Program Files\Adobe

[13/11/2007|10:25] C:\Program Files\Alwil Software

[24/08/2008|13:45] C:\Program Files\Avira

[23/03/2008|12:24] C:\Program Files\CCleaner

[03/08/2008|16:08] C:\Program Files\CDBurnerXP

[13/11/2007|12:21] C:\Program Files\Common Files

[23/05/2008|07:32] C:\Program Files\CONEXANT

[23/03/2008|12:02] C:\Program Files\Dealio

[27/07/2008|21:56] C:\Program Files\Easy GIF Animator

[27/07/2008|21:56] C:\Program Files\Easy Gif Animator Extension

[12/03/2008|20:23] C:\Program Files\EoRezo

[06/12/2006|20:35] C:\Program Files\Fichiers communs [c:\Program Files\Common Files]

[24/08/2008|13:51] C:\Program Files\Free Music Zilla

[23/03/2008|12:00] C:\Program Files\Free Video Converter

[27/07/2008|21:55] C:\Program Files\GIMP-2.0

[13/11/2007|10:29] C:\Program Files\Google

[04/08/2008|15:31] C:\Program Files\GRETECH

[31/05/2007|11:11] C:\Program Files\Hewlett-Packard

[31/05/2007|11:08] C:\Program Files\Hp

[13/11/2007|10:11] C:\Program Files\InstallShield Installation Information

[15/08/2008|03:13] C:\Program Files\Internet Explorer

[13/11/2007|10:11] C:\Program Files\InterVideo

[12/03/2008|20:25] C:\Program Files\Its Label

[11/07/2008|07:10] C:\Program Files\Java

[25/08/2008|03:36] C:\Program Files\LimeWire

[24/08/2008|13:48] C:\Program Files\Malwarebytes' Anti-Malware

[05/09/2008|07:24] C:\Program Files\Messenger Plus! Live

[02/11/2006|14:35] C:\Program Files\Microsoft Games

[31/05/2007|10:43] C:\Program Files\Microsoft Office

[31/05/2007|10:43] C:\Program Files\Microsoft Small Business

[09/07/2008|19:41] C:\Program Files\Microsoft SQL Server

[13/11/2007|12:43] C:\Program Files\Microsoft SQL Server Compact Edition

[31/05/2007|10:38] C:\Program Files\Microsoft Visual Studio

[31/05/2007|10:38] C:\Program Files\Microsoft Works

[31/05/2007|10:41] C:\Program Files\Microsoft.NET

[02/11/2006|14:40] C:\Program Files\Movie Maker

[22/07/2008|07:31] C:\Program Files\Mozilla Firefox

[02/11/2006|14:35] C:\Program Files\MSBuild

[02/11/2006|14:35] C:\Program Files\MSN

[22/07/2008|07:13] C:\Program Files\MSXML 4.0

[02/06/2008|17:43] C:\Program Files\Picasa2

[02/11/2006|14:35] C:\Program Files\Reference Assemblies

[31/05/2007|10:48] C:\Program Files\Roxio

[23/03/2008|12:03] C:\Program Files\Search Settings

[24/08/2008|17:41] C:\Program Files\Secunia

[11/07/2008|07:10] C:\Program Files\Sun

[24/04/2008|20:16] C:\Program Files\SweetIM

[31/05/2007|10:51] C:\Program Files\Synaptics

[23/03/2008|11:59] C:\Program Files\Tomato

[02/11/2006|14:58] C:\Program Files\Uninstall Information

[04/08/2008|16:28] C:\Program Files\VideoLAN

[02/11/2006|14:40] C:\Program Files\Windows Calendar

[02/11/2006|14:40] C:\Program Files\Windows Collaboration

[02/11/2006|14:40] C:\Program Files\Windows Defender

[28/02/2008|13:23] C:\Program Files\Windows Live

[13/11/2007|13:04] C:\Program Files\Windows Live Favorites

[12/05/2008|17:31] C:\Program Files\Windows Live Safety Center

[13/11/2007|13:05] C:\Program Files\Windows Live Toolbar

[13/11/2007|12:04] C:\Program Files\Windows Mail

[13/11/2007|12:04] C:\Program Files\Windows Media Player

[06/12/2006|20:35] C:\Program Files\Windows NT

[02/11/2006|14:40] C:\Program Files\Windows Photo Gallery

[10/01/2008|18:42] C:\Program Files\Windows Sidebar

[23/03/2008|12:28] C:\Program Files\ZNsoft Corporation

 

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

 

[31/05/2007|10:30] C:\Program Files\Common Files\Adobe

[31/05/2007|10:38] C:\Program Files\Common Files\DESIGNER

[13/11/2007|10:08] C:\Program Files\Common Files\InstallShield

[13/11/2007|10:09] C:\Program Files\Common Files\InterVideo

[31/05/2007|11:00] C:\Program Files\Common Files\Java

[23/08/2008|07:32] C:\Program Files\Common Files\microsoft shared

[31/05/2007|10:46] C:\Program Files\Common Files\Roxio Shared

[02/11/2006|13:18] C:\Program Files\Common Files\Services

[31/05/2007|10:46] C:\Program Files\Common Files\Sonic Shared

[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines

[31/05/2007|10:49] C:\Program Files\Common Files\SureThing Shared

[13/11/2007|12:04] C:\Program Files\Common Files\System

[13/11/2007|12:33] C:\Program Files\Common Files\WindowsLiveInstaller

 

--------------------\\ Process

 

( 69 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-07 16:53:58

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 255

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:248][D:19]-> C:\Users\UTILIS~1\AppData\Local\Temp

[F:234][D:1]-> C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies

[F:852][D:5]-> C:\Users\UTILIS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:56][D:8]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 07/09/2008|15:47 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 07/09/2008|15:51 - Option : [1]

3 - "C:\Lop SD\LopR_3.txt" - 07/09/2008|15:54 - Option : [1]

4 - "C:\Lop SD\LopR_4.txt" - 07/09/2008|16:56 - Option : [2]

 

--------------------\\ Fin du rapport a 16:56:14

[ UAC => 1 ]

[marion1707]

-----------\\ ToolBar S&D 1.1.8 XP/Vista

 

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Core Duo CPU T2300 @ 1.66GHz )

BIOS : KBC Version 82.14

USER : Utilisateur ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)

 

"C:\ToolBar SD" ( MAJ : 07-09-2008|12:20 )

Option : [2] ( 07/09/2008|16:57 )

 

[ UAC => 1 ]

 

-----------\\ SUPPRESSION

 

Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio

Supprime! - C:\Program Files\Dealio\DealioAU.exe

Supprime! - C:\Program Files\Dealio\kb126

Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe

Supprime! - C:\Program Files\Search Settings\kb126

Supprime! - C:\Program Files\Search Settings\SearchSettings.exe

Supprime! - C:\Program Files\Dealio

Supprime! - C:\Program Files\Search Settings

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.fr/"

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie"

"Default_Search_URL"="http://www.google.com/ie"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=none&bd=smb&pf=laptop"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[ UAC => 1 ]

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 07/09/2008|16:47 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 07/09/2008|16:58 - Option : [2]

 

-----------\\ Fin du rapport a 16:58:41,60

[Falkra]

Ca doit aller mieux.

 

Poste un nouveau rapport HijackThis stp.