Sujet Précédent Sujet Suivant

Probleme PC Rame Plein de pub ...

Résolu/Fermé
kalash Messages postés 68 Date d'inscription dimanche 5 août 2007 Statut Membre Dernière intervention 18 septembre 2009 - 7 août 2008 à 14:43
fakhe1310 Messages postés 41 Date d'inscription mardi 17 avril 2007 Statut Membre Dernière intervention 28 novembre 2009 - 9 août 2008 à 22:01
Bonjour,

Je n'y comprend plus rien depuis un certain temps mon pc est lent tres lent et plein de fenetres s'ouvrent quand je navigue sur internet j'aurais voulu savoir si quelqu un pourrait m'aider à résoudre ce problème

Merci,
A voir également:

18 réponses

Réponse 1 / 18
Utilisateur anonyme
7 août 2008 à 14:45
Fait des scan avec antivir malwarebytes et spybot en mode sans echec
et enleve toutes les infections que tu as
0
Réponse 2 / 18
Utilisateur anonyme
7 août 2008 à 14:45
Salut,

Télécharge HijackThis ici :

-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

-> Si soucis :

Tutoriel d´instalation :

-> https://forums.cnetfrance.fr

Tutoriel d´utilisation :

-> https://forums.cnetfrance.fr

Post le rapport généré ici stp...
0
Réponse 3 / 18
kalash Messages postés 68 Date d'inscription dimanche 5 août 2007 Statut Membre Dernière intervention 18 septembre 2009 1
7 août 2008 à 14:49
Grand Merci pour vos rêponses rapide

Voila le rapport Hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:07, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\DENT BURN.exe
O4 - HKLM\..\RunOnce: [HbTools] cmd /c "rmdir "C:\Program Files\HbTools" /s /q"
O4 - HKLM\..\RunOnce: [FinalUninstallDWB] C:\Program Files\Fichiers communs\FDEUnInstaller.exe /REF=DWB_UNINSTALL
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [hold chin] C:\DOCUME~1\PROPRI~1\APPLIC~1\MANAGE~1\kind free.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 4 / 18
Utilisateur anonyme
7 août 2008 à 14:54
télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)


Tutorial ( aide ) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956.htm
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
kalash Messages postés 68 Date d'inscription dimanche 5 août 2007 Statut Membre Dernière intervention 18 septembre 2009 1
7 août 2008 à 15:03
Ok Voila le rapport Lop S&D


--------------------\\ Lop S&D 4.2.2-5 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Propri‚taire ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 07/08/2008 | 15:04:39,25 ] [ PC : NOM-Y40BV9AST51 ]
[ MAJ : 01-08-2008 | 01:40 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[02/01/2001|01:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[22/06/2006|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[02/01/2003|06:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[26/06/2006|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[24/07/2008|03:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
[22/06/2006|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
[22/06/2006|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[15/04/2008|15:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[16/04/2008|00:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/08/2006|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[04/08/2006|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[02/01/2003|06:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[07/08/2008|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware354
[17/10/2005|00:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[16/10/2005|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[10/08/2006|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[16/04/2008|00:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[02/01/2003|07:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[02/01/2003|06:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[02/01/2003|06:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/01/2003|07:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[01/01/2003|18:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/01/2003|07:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[02/01/2003|07:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[02/01/2003|09:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[07/12/2007|19:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[07/12/2007|19:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Starware354

[02/01/2003|06:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[22/10/2006|19:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[22/10/2006|19:07] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeDLM.log
[02/01/2001|01:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[02/10/2006|16:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead
[17/10/2005|00:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\ArcSoft
[02/01/2003|06:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\desktop.ini
[22/10/2006|19:07] C:\DOCUME~1\PROPRI~1\APPLIC~1\dm.ini
[14/10/2006|15:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\dvdcss
[25/03/2007|17:42] C:\DOCUME~1\PROPRI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
[22/06/2006|12:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\GTek
[08/10/2006|18:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\HbTools_Icons
[21/06/2006|12:05] C:\DOCUME~1\PROPRI~1\APPLIC~1\Help
[22/06/2006|12:47] C:\DOCUME~1\PROPRI~1\APPLIC~1\Hewlett-Packard
[02/01/2003|06:36] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[02/01/2003|07:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterTrust
[22/06/2006|11:02] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterVideo
[22/06/2006|08:59] C:\DOCUME~1\PROPRI~1\APPLIC~1\Lavasoft
[27/01/2007|17:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\Leadertech
[13/08/2006|18:48] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[24/07/2008|03:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\ManagerBlueBind
[07/08/2008|14:22] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[15/04/2008|12:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSN6
[21/10/2006|22:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\PPTminimizer
[02/01/2003|07:33] C:\DOCUME~1\PROPRI~1\APPLIC~1\SampleView
[01/01/2001|00:35] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[02/01/2003|07:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sonic
[07/08/2008|11:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\Starware354
[22/06/2006|11:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
[14/10/2006|15:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\vlc

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[07/08/2008 15:00][--ah-----] C:\WINDOWS\tasks\ACE3B1DF906827E3.job
[13/11/2006 19:02][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1150973203.job
[17/10/2005 00:06][--a------] C:\WINDOWS\tasks\Connexion facile … Internet.job
[22/01/2003 06:58][-rah-----] C:\WINDOWS\tasks\desktop.ini
[07/08/2008 12:03][--ah-----] C:\WINDOWS\tasks\SA.DAT

( ACE3B1DF906827E3.job )=( c:\docume~1\propri~1\applic~1\manage~1\Exitdefaultface.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[22/10/2006|19:07] C:\Program Files\Adobe
[22/06/2006|10:59] C:\Program Files\Ahead
[22/06/2006|09:04] C:\Program Files\Alwil Software
[17/10/2005|00:02] C:\Program Files\ArcSoft
[03/09/2006|22:36] C:\Program Files\ATI Technologies
[22/06/2006|09:00] C:\Program Files\CCleaner
[02/01/2003|06:33] C:\Program Files\ComPlus Applications
[17/10/2005|00:07] C:\Program Files\Easy Internet signup
[29/08/2007|17:51] C:\Program Files\eMule
[16/04/2008|00:42] C:\Program Files\Fichiers communs
[22/06/2006|12:46] C:\Program Files\Hewlett-Packard
[07/08/2008|14:26] C:\Program Files\InstallShield Installation Information
[11/06/2008|20:18] C:\Program Files\Internet Explorer
[22/06/2006|08:59] C:\Program Files\Lavasoft
[16/10/2005|23:54] C:\Program Files\Messenger
[15/04/2008|12:57] C:\Program Files\Messenger Plus! Live
[02/01/2003|06:36] C:\Program Files\microsoft frontpage
[23/10/2006|17:38] C:\Program Files\Microsoft Office
[01/01/2003|18:53] C:\Program Files\Microsoft Works
[01/01/2003|18:50] C:\Program Files\Microsoft Works Suite 2003
[17/10/2005|00:39] C:\Program Files\Movie Maker
[02/01/2003|06:33] C:\Program Files\MSN
[02/01/2003|06:33] C:\Program Files\MSN Gaming Zone
[16/04/2008|00:56] C:\Program Files\MSN Messenger
[17/10/2005|00:37] C:\Program Files\NetMeeting
[04/01/2001|01:55] C:\Program Files\Neuf
[14/06/2007|18:25] C:\Program Files\Outlook Express
[04/08/2006|22:31] C:\Program Files\QuickTime
[22/06/2006|08:58] C:\Program Files\RegCleaner
[02/01/2003|07:40] C:\Program Files\Services en ligne
[07/08/2008|14:53] C:\Program Files\Trend Micro
[02/01/2003|06:39] C:\Program Files\Uninstall Information
[14/10/2006|15:49] C:\Program Files\VideoLAN
[01/01/2001|01:11] C:\Program Files\Wanadoo
[17/10/2005|01:18] C:\Program Files\Wanadoo Messager
[16/04/2008|00:42] C:\Program Files\Windows Live
[07/08/2008|14:26] C:\Program Files\Windows Live Toolbar
[22/06/2006|10:21] C:\Program Files\Windows Media Connect 2
[22/06/2006|09:55] C:\Program Files\Windows Media Player
[17/10/2005|00:37] C:\Program Files\Windows NT
[16/10/2005|23:28] C:\Program Files\WindowsUpdate
[02/01/2003|06:36] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/01/2001|01:54] C:\Program Files\Fichiers communs\Adobe
[22/06/2006|10:46] C:\Program Files\Fichiers communs\Ahead
[01/01/2003|18:52] C:\Program Files\Fichiers communs\Designer
[03/08/2006|19:47] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[22/06/2006|12:42] C:\Program Files\Fichiers communs\Hewlett-Packard
[01/01/2001|01:10] C:\Program Files\Fichiers communs\InstallShield
[05/10/2006|18:46] C:\Program Files\Fichiers communs\Microsoft Shared
[02/01/2003|06:34] C:\Program Files\Fichiers communs\MSSoap
[02/01/2003|06:29] C:\Program Files\Fichiers communs\ODBC
[17/10/2005|07:46] C:\Program Files\Fichiers communs\Services
[02/01/2003|07:28] C:\Program Files\Fichiers communs\Sonic
[02/01/2003|06:29] C:\Program Files\Fichiers communs\SpeechEngines
[14/06/2007|18:25] C:\Program Files\Fichiers communs\System
[16/04/2008|00:47] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 42 Processus )

iexplore.exe ~ [912]
iexplore.exe ~ [2060]
iexplore.exe ~ [2364]
iexplore.exe ~ [3192]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\DENT BURN.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1
C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\Exit default face.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\fzopdvwn.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\jtazicya.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\kezsbyqi.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\kind free.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\ofvafpqp.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\supportmagsmetabold.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\wfwwbjiz.exe
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertstream[1].txt
C:\WINDOWS\Tasks\ACE3B1DF906827E3.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hold chin"="C:\\DOCUME~1\\PROPRI~1\\APPLIC~1\\MANAGE~1\\kind free.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stupid Data Dart Wave"="C:\\Documents and Settings\\All Users\\Application Data\\flag ace stupid data\\DENT BURN.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

/!\ 1 Not 127.0.0.1 !!

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 15:05:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 137

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:6][D:0]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:58][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:872][D:4]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 15:07:05,43


MERCI
0
Réponse 6 / 18
kalash Messages postés 68 Date d'inscription dimanche 5 août 2007 Statut Membre Dernière intervention 18 septembre 2009 1
7 août 2008 à 15:25
Que dois-je faire ensuite, s'il vous plait, merci
0
Réponse 7 / 18
kalash Messages postés 68 Date d'inscription dimanche 5 août 2007 Statut Membre Dernière intervention 18 septembre 2009 1
7 août 2008 à 16:27
Je suis vraiment perdu quant a la suite de la procedure j'aurais vraiment besoin d'un ptit coup de pouce s'il vous plait je me suis arrete au log de lop

Merci d'avance
0
Réponse 8 / 18
Utilisateur anonyme
7 août 2008 à 17:17
désolé j ai eu de la visite


Relance Lop S&D


* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)
0
Réponse 9 / 18
kalash Messages postés 68 Date d'inscription dimanche 5 août 2007 Statut Membre Dernière intervention 18 septembre 2009 1
8 août 2008 à 16:01
Bonjour,

Merci pour ta réponse mais je n'étais plus là alors voila le rapport comme prevu



--------------------\\ Lop S&D 4.2.2-5 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Propri‚taire ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 08/08/2008 | 15:59:59,17 ] [ PC : NOM-Y40BV9AST51 ]
[ MAJ : 01-08-2008 | 01:40 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\DENT BURN.exe
Supprime! - C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\Exit default face.exe
Supprime! - C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\fzopdvwn.exe
Supprime! - C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\jtazicya.exe
Supprime! - C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\kezsbyqi.exe
Supprime! - C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\kind free.exe
Supprime! - C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\ofvafpqp.exe
Supprime! - C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\supportmagsmetabold.exe
Supprime! - C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1\wfwwbjiz.exe
Supprime! - C:\WINDOWS\Tasks\ACE3B1DF906827E3.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
Supprime! - C:\DOCUME~1\PROPRI~1\APPLIC~1\manage~1
RestaurÚ! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[02/01/2001|01:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[22/06/2006|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[02/01/2003|06:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[26/06/2006|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[22/06/2006|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
[22/06/2006|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[15/04/2008|15:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[16/04/2008|00:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/08/2006|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[04/08/2006|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[02/01/2003|06:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[07/08/2008|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[07/08/2008|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware354
[17/10/2005|00:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[16/10/2005|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[10/08/2006|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[16/04/2008|00:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[02/01/2003|07:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[02/01/2003|06:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[02/01/2003|06:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/01/2003|07:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[01/01/2003|18:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/01/2003|07:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[02/01/2003|07:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[02/01/2003|09:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[07/12/2007|19:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[07/08/2008|18:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\Starware354

[02/01/2003|06:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[22/10/2006|19:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[22/10/2006|19:07] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeDLM.log
[07/08/2008|16:42] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[02/10/2006|16:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead
[17/10/2005|00:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\ArcSoft
[02/01/2003|06:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\desktop.ini
[22/10/2006|19:07] C:\DOCUME~1\PROPRI~1\APPLIC~1\dm.ini
[14/10/2006|15:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\dvdcss
[25/03/2007|17:42] C:\DOCUME~1\PROPRI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
[22/06/2006|12:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\GTek
[21/06/2006|12:05] C:\DOCUME~1\PROPRI~1\APPLIC~1\Help
[22/06/2006|12:47] C:\DOCUME~1\PROPRI~1\APPLIC~1\Hewlett-Packard
[02/01/2003|06:36] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[02/01/2003|07:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterTrust
[22/06/2006|11:02] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterVideo
[22/06/2006|08:59] C:\DOCUME~1\PROPRI~1\APPLIC~1\Lavasoft
[27/01/2007|17:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\Leadertech
[13/08/2006|18:48] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[07/08/2008|14:22] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[15/04/2008|12:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSN6
[21/10/2006|22:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\PPTminimizer
[02/01/2003|07:33] C:\DOCUME~1\PROPRI~1\APPLIC~1\SampleView
[01/01/2001|00:35] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[02/01/2003|07:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sonic
[07/08/2008|18:33] C:\DOCUME~1\PROPRI~1\APPLIC~1\Starware354
[22/06/2006|11:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
[14/10/2006|15:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\vlc

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[13/11/2006 19:02][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1150973203.job
[17/10/2005 00:06][--a------] C:\WINDOWS\tasks\Connexion facile … Internet.job
[22/01/2003 06:58][-rah-----] C:\WINDOWS\tasks\desktop.ini
[07/08/2008 18:35][--ah-----] C:\WINDOWS\tasks\SA.DAT

--------------------\\ Listing des dossiers dans C:\Program Files

[22/10/2006|19:07] C:\Program Files\Adobe
[22/06/2006|10:59] C:\Program Files\Ahead
[22/06/2006|09:04] C:\Program Files\Alwil Software
[17/10/2005|00:02] C:\Program Files\ArcSoft
[03/09/2006|22:36] C:\Program Files\ATI Technologies
[22/06/2006|09:00] C:\Program Files\CCleaner
[02/01/2003|06:33] C:\Program Files\ComPlus Applications
[17/10/2005|00:07] C:\Program Files\Easy Internet signup
[29/08/2007|17:51] C:\Program Files\eMule
[16/04/2008|00:42] C:\Program Files\Fichiers communs
[22/06/2006|12:46] C:\Program Files\Hewlett-Packard
[07/08/2008|14:26] C:\Program Files\InstallShield Installation Information
[11/06/2008|20:18] C:\Program Files\Internet Explorer
[22/06/2006|08:59] C:\Program Files\Lavasoft
[16/10/2005|23:54] C:\Program Files\Messenger
[15/04/2008|12:57] C:\Program Files\Messenger Plus! Live
[02/01/2003|06:36] C:\Program Files\microsoft frontpage
[23/10/2006|17:38] C:\Program Files\Microsoft Office
[01/01/2003|18:53] C:\Program Files\Microsoft Works
[01/01/2003|18:50] C:\Program Files\Microsoft Works Suite 2003
[17/10/2005|00:39] C:\Program Files\Movie Maker
[02/01/2003|06:33] C:\Program Files\MSN
[02/01/2003|06:33] C:\Program Files\MSN Gaming Zone
[16/04/2008|00:56] C:\Program Files\MSN Messenger
[17/10/2005|00:37] C:\Program Files\NetMeeting
[04/01/2001|01:55] C:\Program Files\Neuf
[14/06/2007|18:25] C:\Program Files\Outlook Express
[04/08/2006|22:31] C:\Program Files\QuickTime
[22/06/2006|08:58] C:\Program Files\RegCleaner
[02/01/2003|07:40] C:\Program Files\Services en ligne
[07/08/2008|17:01] C:\Program Files\Spybot - Search & Destroy
[07/08/2008|14:53] C:\Program Files\Trend Micro
[02/01/2003|06:39] C:\Program Files\Uninstall Information
[14/10/2006|15:49] C:\Program Files\VideoLAN
[01/01/2001|01:11] C:\Program Files\Wanadoo
[17/10/2005|01:18] C:\Program Files\Wanadoo Messager
[16/04/2008|00:42] C:\Program Files\Windows Live
[07/08/2008|14:26] C:\Program Files\Windows Live Toolbar
[22/06/2006|10:21] C:\Program Files\Windows Media Connect 2
[22/06/2006|09:55] C:\Program Files\Windows Media Player
[17/10/2005|00:37] C:\Program Files\Windows NT
[16/10/2005|23:28] C:\Program Files\WindowsUpdate
[02/01/2003|06:36] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/01/2001|01:54] C:\Program Files\Fichiers communs\Adobe
[22/06/2006|10:46] C:\Program Files\Fichiers communs\Ahead
[01/01/2003|18:52] C:\Program Files\Fichiers communs\Designer
[03/08/2006|19:47] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[22/06/2006|12:42] C:\Program Files\Fichiers communs\Hewlett-Packard
[01/01/2001|01:10] C:\Program Files\Fichiers communs\InstallShield
[05/10/2006|18:46] C:\Program Files\Fichiers communs\Microsoft Shared
[02/01/2003|06:34] C:\Program Files\Fichiers communs\MSSoap
[02/01/2003|06:29] C:\Program Files\Fichiers communs\ODBC
[17/10/2005|07:46] C:\Program Files\Fichiers communs\Services
[02/01/2003|07:28] C:\Program Files\Fichiers communs\Sonic
[02/01/2003|06:29] C:\Program Files\Fichiers communs\SpeechEngines
[14/06/2007|18:25] C:\Program Files\Fichiers communs\System
[16/04/2008|00:47] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 39 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertstream[2].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertising[2].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertising[3].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[2].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[3].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@pacificpoker[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 16:01:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 137

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:10][D:2]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:279][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:4598][D:8]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 16:02:38,73


Merci
0
Réponse 10 / 18
Utilisateur anonyme
8 août 2008 à 16:04
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertstream[2].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertising[2].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertising[3].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[2].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[3].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@pacificpoker[1].txt


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


ensuite :

Telecharge malwarebytes

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log


0
Réponse 11 / 18
kalash Messages postés 68 Date d'inscription dimanche 5 août 2007 Statut Membre Dernière intervention 18 septembre 2009 1
8 août 2008 à 16:13
voila le rapport Otmoveit

< C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertstream[2].tx­t >
File/Folder C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertstream[2].tx­t not found.
< C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertising[2].txt­ >
File/Folder C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertising[2].txt­ not found.
< C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertising[3].txt­ >
File/Folder C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertising[3].txt­ not found.
< C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[2]­.txt >
File/Folder C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[2]­.txt not found.
< C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[3]­.txt >
File/Folder C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[3]­.txt not found.
< C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@pacificpoker[1].tx >
File/Folder C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@pacificpoker[1].tx not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08082008_161435


J'attend la fin du scan pour l'autre rapport, merci
0
Réponse 12 / 18
kalash Messages postés 68 Date d'inscription dimanche 5 août 2007 Statut Membre Dernière intervention 18 septembre 2009 1
8 août 2008 à 17:13
Voila pour le dernier rapport :


Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1032
Windows 5.1.2600 Service Pack 2

17:16:32 08/08/2008
mbam-log-8-8-2008 (17-16-32).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 102542
Temps écoulé: 57 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 46

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Starware354 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\RecipeSearch_Foreign (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Recipes_Foreign (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware354 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware354\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware354\RecipeSearch_Foreign (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware354\Recipes_Foreign (Adware.Starware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP439\A0099250.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP439\A0099258.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\Tem410.tmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\Tem6A.tmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\recipes.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\recipes.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\recipes_foreign_feed.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\recipes_foreign_feed.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\RecipeSearch_Foreign\RecipeSearch_ForeignOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\RecipeSearch_Foreign\RecipeSearch_ForeignOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Recipes_Foreign\Recipes_ForeignOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\Recipes_Foreign\Recipes_ForeignOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Starware354\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware354\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware354\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware354\RecipeSearch_Foreign\RecipeSearch_ForeignOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware354\RecipeSearch_Foreign\RecipeSearch_ForeignOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware354\Recipes_Foreign\Recipes_ForeignOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Starware354\Recipes_Foreign\Recipes_ForeignOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\myalbum2007.zip (Backdoor.Bot) -> Quarantined and deleted successfully.


merci
0
Réponse 13 / 18
Utilisateur anonyme
8 août 2008 à 17:15
comment va le pc ??

réouvre malewarebyte
va sur quarantaine
supprime tout

refais un scan hijackthis et post le rapport stp
0
Réponse 14 / 18
kalash Messages postés 68 Date d'inscription dimanche 5 août 2007 Statut Membre Dernière intervention 18 septembre 2009 1
8 août 2008 à 17:20
Le pc a l'air d'aller beaucoup plus vite

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:06, on 08/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 15 / 18
Utilisateur anonyme
8 août 2008 à 17:25
réouvre hijackthis
fais scan only
coches ces lignes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/fr/check/qdiagh.cab?326
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab


tu les coches et tu clic sur fix checked

ensuite :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):


http://download.piriform.com/ccsetup210.exe

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"registre" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php


ensuite :


* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


ensuite :

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php


alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

Pour désinstaller Avast telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility


et fais ceci :


Désactive et réactive ta restauration system

Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924




0
Réponse 16 / 18
kalash Messages postés 68 Date d'inscription dimanche 5 août 2007 Statut Membre Dernière intervention 18 septembre 2009 1
8 août 2008 à 17:37
Ok Merci pour ton aide précieuse tout a l'air de rentrer dans l'ordre
0
Réponse 17 / 18
Utilisateur anonyme
8 août 2008 à 17:54
De rien

@++
0
Réponse 18 / 18
fakhe1310 Messages postés 41 Date d'inscription mardi 17 avril 2007 Statut Membre Dernière intervention 28 novembre 2009 1
9 août 2008 à 22:01
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:24, on 09/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,SKEYS /I
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [obsffcfsnw] c:\windows\system32\obsffcfsnw.exe obsffcfsnw
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\bash media.exe
O4 - HKLM\..\Run: [0e481dab] rundll32.exe "C:\WINDOWS\system32\gbkfhxpk.dll",b
O4 - HKLM\..\Run: [BM0d7b2e37] Rundll32.exe "C:\WINDOWS\system32\iporucpy.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Administrateur\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\rayio.exe
O4 - HKCU\..\Run: [Third Cake] C:\DOCUME~1\ADMINI~1\APPLIC~1\ONLINE~1\Manager Beep First.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [iZoom v2.0] "C:\Program Files\Issist\iZoom Standard 2.0 Trial\iZoom2.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-789336058-688789844-1060284298-500\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-789336058-688789844-1060284298-500\..\Run: [WinButler] C:\Documents and Settings\Administrateur\Application Data\WinButler\WinButler.exe (User '?')
O4 - HKUS\S-1-5-21-789336058-688789844-1060284298-500\..\Run: [SfKg6wIPu] C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\rayio.exe (User '?')
O4 - HKUS\S-1-5-21-789336058-688789844-1060284298-500\..\Run: [Third Cake] C:\DOCUME~1\ADMINI~1\APPLIC~1\ONLINE~1\Manager Beep First.exe (User '?')
O4 - HKUS\S-1-5-21-789336058-688789844-1060284298-500\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-21-789336058-688789844-1060284298-500\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c (User '?')
O4 - HKUS\S-1-5-21-789336058-688789844-1060284298-500\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (User '?')
O4 - HKUS\S-1-5-21-789336058-688789844-1060284298-500\..\Run: [iZoom v2.0] "C:\Program Files\Issist\iZoom Standard 2.0 Trial\iZoom2.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ad-Watch - {D0281F6F-F450-4baa-A932-16EDDFD9F39A} - C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://fr.msn.com/
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} (FontDownloaderIE Class) - http://www.qurancomplex.com/downloads/FontDown.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fakhe.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://fakhe.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.com/Downloads/FontSmooth.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O21 - SSODL: rdihost - {E0EDD550-855D-4238-97D8-5459FD6E36A5} - rdihost.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Item created by Ulead GIF Animator - C:\WINDOWS\system32\gaadi001.gif
0