Sujet Précédent Sujet Suivant

Rapport hijackthis et autres problemes

Résolu/Fermé
goos01 Messages postés 42 Date d'inscription jeudi 29 mai 2008 Statut Membre Dernière intervention 13 juillet 2012 - 29 mai 2008 à 14:17
 Utilisateur anonyme - 30 mai 2008 à 14:58
Bonjour,
Depuis 2 jours, ma connexions internet est lente, j'ai des pubs qui n'arettent pas de s'afficher, j'ai des fenetres qui s'ouvrent avec des analyses antivirus alors que je ne l'est jamais demandé, et de plus, choses incompréhensible, je ne peut plus utilier google. Quand je tape une recherche, google cherche dans le vide et rien ne se passe, je n'est pas de réponses, idem pour mes pages en flux. Par contre mes favoris et quand je tape une adresse en http, tout fonctionne. (c'est lent mais ca fonxtionne).
J'ai éffectué une analyse avec le programme hijackthis, si quelqu'un peut m'aider, car je suis en pleine recherche de travail.
A oui, derniere chose, j'ai pas mal de déconexion intempestive.
je suis sous xp et j'utilise mozilla et ma femme, ie.
Merci.
Maxime

Rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:04, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\adchkr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\BITTOR~1\BitP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.restorebookmark.com/?cm=941771<=1&it=2008-05-20%2006%3A44%3A57&dt=2008-05-28%2011%3A31%3A54&q=http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=28808
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [mobiswing] C:\PROGRA~1\BITTOR~1\BitP.exe
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\bird test.exe
O4 - HKLM\..\Run: [634aad1c] rundll32.exe "C:\WINDOWS\system32\pergulqq.dll",b
O4 - HKLM\..\Run: [BM60799e80] Rundll32.exe "C:\WINDOWS\system32\ngrxnspv.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Noun pop] C:\DOCUME~1\Max\APPLIC~1\ACEMOR~1\trans proxy.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - https://www.afternic.com/domains/errorsafe.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3164EA05-EF54-4B86-B965-A436DBFF520A}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{394F69CF-12E3-4D0C-976F-678ADCBE4245}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E66A89F-5091-4DDA-BB97-8B42F16AECB4}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{8329368C-721C-4E28-BC0E-45D1688E9FEC}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5660891-BCAF-48EE-B41D-C7EB7BFB6153}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2CED30D-0BD6-4B94-A4F4-79C4B641B1BE}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{3164EA05-EF54-4B86-B965-A436DBFF520A}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{3164EA05-EF54-4B86-B965-A436DBFF520A}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.152
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ladchkr - Unknown owner - C:\WINDOWS\system32\ladchkr.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

63 réponses

Réponse 1 / 63
carlos59139 Messages postés 281 Date d'inscription mardi 15 avril 2008 Statut Membre Dernière intervention 22 mai 2010 103
29 mai 2008 à 14:21
quand tu dit que tu as des pubs est ce que ce sont des pub avec pour nom CID
0
Réponse 2 / 63
Utilisateur anonyme
29 mai 2008 à 14:26
salut maxime,

ok y a pas mal de soucis

on auras plusieures choses a faires :

réouvre hijackthis
fais scan only
coche ces lignes :


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.restorebookmark.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=28808

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - https://www.afternic.com/domains/errorsafe.com


tu les coches toutes et tu clic sur fix checked


ensuite :


Telecharge malwarebytes

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.
0
Réponse 3 / 63
Utilisateur anonyme
29 mai 2008 à 14:30
j ai une question aussi :

mechnikova odessa ça te dis quelque chose ???

t habites pas non plus au states ?? usa
0
Réponse 4 / 63
Utilisateur anonyme
29 mai 2008 à 14:56
y a une ENORME chose qui m a échapé tu n as pas d antivirus


telecharge et instal D URGENCE antivir (gratuit en anglais mais simple )


https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 63
goos01 Messages postés 42 Date d'inscription jeudi 29 mai 2008 Statut Membre Dernière intervention 13 juillet 2012 4
29 mai 2008 à 17:08
Merci, oui, il y a des pubs CID et non, je ne suis pas des states!

voila le rapport d'analyse de Malwarebytes.

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 797

Type de recherche: Examen complet (C:\|)
Eléments examinés: 152870
Temps écoulé: 1 hour(s), 2 minute(s), 48 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 79

Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe (Rogue.DriveCleaner) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pergulqq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\xxyVpqQG.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifdayaa.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80a4492d-290a-4ac7-bd6d-3a006f537a4c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{80a4492d-290a-4ac7-bd6d-3a006f537a4c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6d09ec9-ddb2-4ec4-9d6f-b680a7a849cf} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6d09ec9-ddb2-4ec4-9d6f-b680a7a849cf} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87db48a8-c284-4661-a0e9-e055e08fed49} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87db48a8-c284-4661-a0e9-e055e08fed49} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifdayaa (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WNetPws (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\634aad1c (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{87db48a8-c284-4661-a0e9-e055e08fed49} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WA6PV_Check (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuAdminTools (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuFavorites (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM60799e80 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvpqqg -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger) -> Data: kdbfk.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvpqqg -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\443059 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\pergulqq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qqlugrep.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyVpqQG.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\GQqpVyxx.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\GQqpVyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifdayaa.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP569\A0138351.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP569\A0138352.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP569\A0138353.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP569\A0138380.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP569\A0138381.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP569\A0138382.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP569\A0138394.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP569\A0138395.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP569\A0138396.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0138555.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0138556.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0138557.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139553.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139554.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139555.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139578.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139579.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139583.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139615.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139616.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139617.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139632.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139633.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0139634.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140632.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140633.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140635.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140657.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140658.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140659.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140675.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140676.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140677.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140731.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140732.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP570\A0140733.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140805.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140806.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140807.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140821.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140822.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140823.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140853.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140854.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140855.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140868.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140869.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140870.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140905.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140906.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140910.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140934.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140935.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP572\A0140936.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP573\A0140974.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP573\A0140975.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP573\A0140976.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP573\A0141116.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP573\A0141117.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP573\A0141118.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP573\A0141119.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP573\A0141120.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP573\A0141121.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP621\A0155061.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP623\A0155590.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP631\A0159501.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\usihdbdn.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\443059\443059.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ngrxnspv.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Max\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
0
Réponse 6 / 63
Utilisateur anonyme
29 mai 2008 à 17:14
ok redémarre le pc si ça n a pas été fais

puis réouvre malewarebyte
va sur quarantaine
supprime tout


ensuite instal ANTIVIR (voir post 4)

répond a ma question post 3

et refais un scan hijackthis et poste moi le rapport stp
0
Réponse 7 / 63
goos01 Messages postés 42 Date d'inscription jeudi 29 mai 2008 Statut Membre Dernière intervention 13 juillet 2012 4
29 mai 2008 à 17:30
mechnikova o dessa, ca ne me dit rien du tout. pourquoi??

l'antivirus est installé, merci.

Et voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:17, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E150220-858B-4060-ADBD-BD17EA4B145B} - C:\WINDOWS\system32\ptpusb32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\bird test.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Noun pop] C:\DOCUME~1\Max\APPLIC~1\ACEMOR~1\trans proxy.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ladchkr - Unknown owner - C:\WINDOWS\system32\ladchkr.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 8 / 63
Utilisateur anonyme
29 mai 2008 à 17:36
ok

je t ai demandé ça car tu as un détournement de DNS d ou tes soucis de connexion

met antivir a jours si ça n a pas été fais si il detecte des intrus met les en quarantaine

nous allons utiliser SMITHFRAUD attention antivir peux le juger comme nefaste si c est le cas désactive antivir le temps de son utilisation

pour cela fais un clic droit sur l icone antivir (le parapluie) en bas a droite de l ecran a coté de l heure

et decoche ANTIVIR GUARD ENABLE


Télécharge sur le bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix

=> Choisir Option 1
=> poste le rapport
0
Réponse 9 / 63
goos01 Messages postés 42 Date d'inscription jeudi 29 mai 2008 Statut Membre Dernière intervention 13 juillet 2012 4
29 mai 2008 à 17:42
voila le rapport.
Par contre, visiblement tout refonctionne correctement, si ce n'est que j'ai toujours quelques pub CID qui apparaissent.

rapport:

SmitFraudFix v2.323

Rapport fait à 17:39:30,93, 29/05/2008
Executé à partir de C:\Documents and Settings\Max\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Max\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\hp????.tmp PRESENT !
C:\WINDOWS\system32\1024\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Max


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Max\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Max\Favoris

C:\DOCUME~1\Max\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5E66A89F-5091-4DDA-BB97-8B42F16AECB4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5E66A89F-5091-4DDA-BB97-8B42F16AECB4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5E66A89F-5091-4DDA-BB97-8B42F16AECB4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 10 / 63
Utilisateur anonyme
29 mai 2008 à 17:44
* Redémarre l'ordinateur en mode sans échec
(tapoter F8 ou F5 au boot pour obtenir le menu de démarrage ou http://service1.symantec.com/

* Double clique sur smitfraudfix.cmd

* Sélectionne 2 pour supprimer les fichiers responsables de l'infection.

A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

* Redémarre en mode normal et poste le rapport ici

N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
0
Réponse 11 / 63
goos01 Messages postés 42 Date d'inscription jeudi 29 mai 2008 Statut Membre Dernière intervention 13 juillet 2012 4
29 mai 2008 à 18:12
Voila le rapport



SmitFraudFix v2.323

Rapport fait à 17:57:43,31, 29/05/2008
Executé à partir de C:\Documents and Settings\Max\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\hp????.tmp supprimé
C:\WINDOWS\system32\1024\ supprimé
C:\DOCUME~1\Max\Favoris\Antivirus Test Online.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5E66A89F-5091-4DDA-BB97-8B42F16AECB4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5E66A89F-5091-4DDA-BB97-8B42F16AECB4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5E66A89F-5091-4DDA-BB97-8B42F16AECB4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 12 / 63
Utilisateur anonyme
29 mai 2008 à 18:14
ok

refais un scan hijackthis et poste le rapport stp
0
Réponse 13 / 63
goos01 Messages postés 42 Date d'inscription jeudi 29 mai 2008 Statut Membre Dernière intervention 13 juillet 2012 4
29 mai 2008 à 18:16
le voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:35, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E150220-858B-4060-ADBD-BD17EA4B145B} - C:\WINDOWS\system32\ptpusb32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\bird test.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Noun pop] C:\DOCUME~1\Max\APPLIC~1\ACEMOR~1\trans proxy.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ladchkr - Unknown owner - C:\WINDOWS\system32\ladchkr.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 14 / 63
Utilisateur anonyme
29 mai 2008 à 18:20
ok le detournement de DNS est réglé

maintenant on va fermer les portes aux envahisseurs

pour cela il te faut un parefeu :


pare-feu gratuits


télécharger la version gratuite de Zone alarm
https://www.pcastuces.com/logitheque/zonealarm.htm
TUTO
http://securite-facile.ovh.org/zonealarm.php
http://forum.telecharger.01net.com/forum/
désactivé les parties filtrage web et antivirus de ZA ! C'est important

ou

télécharger la version gratuite de Kerio
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/
SITE de Kerio
https://kerio.probb.fr/

ou

ComodoFirewallPro 2.4 téléchargement
http://www.personalfirewall.comodo.com/
Tuto pour la 2.4
https://infomars.fr/forum/index.php?s=908072e48ff7cf0359366440cb26c93f&showtopic=389
Tuto pour la 2.4
http://www.nordicnature.net/tutorials/comodo/cf24wiz.htm
Attention la 3.0 est en anglais uniquement et est plus difficile a paramétrer
Tuto pour la 3.0
https://infomars.fr/forum/index.php?showtopic=1225



ensuite fais ça :



Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe


-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 15 / 63
goos01 Messages postés 42 Date d'inscription jeudi 29 mai 2008 Statut Membre Dernière intervention 13 juillet 2012 4
29 mai 2008 à 19:02
Et voici:

ComboFix 08-05-29.1 - Max 2008-05-29 18:52:39.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.504 [GMT 2:00]
Endroit: C:\Documents and Settings\Max\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Max\err.log
C:\Documents and Settings\Max\ResErrors.log
.
---- Previous Run -------
.
C:\WINDOWS\BM60799e80.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\system32\GQqpVyxx.ini
C:\WINDOWS\system32\GQqpVyxx.ini2
C:\WINDOWS\system32\ocjifkbx.ini
C:\WINDOWS\system32\xxyVpqQG.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))))))))
.

2008-05-29 18:49 . 2008-05-29 18:49 <REP> d-------- C:\WINDOWS\LastGood
2008-05-29 18:28 . 2008-05-29 18:28 <REP> d-------- C:\Program Files\Sunbelt Software
2008-05-29 17:39 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-29 17:39 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-29 17:39 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-29 17:39 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-29 17:39 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-29 17:39 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-29 17:39 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-29 17:39 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-29 17:39 . 2008-05-29 17:58 5,244 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-29 17:24 . 2008-05-29 17:24 <REP> d-------- C:\Program Files\Avira
2008-05-29 17:24 . 2008-05-29 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-29 16:01 . 2008-05-29 16:01 <REP> d-------- C:\Documents and Settings\Max\Application Data\Malwarebytes
2008-05-29 16:00 . 2008-05-29 16:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 16:00 . 2008-05-29 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 16:00 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 16:00 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-29 14:24 . 2008-05-29 14:24 <REP> d-------- C:\Program Files\Lavasoft
2008-05-29 14:24 . 2008-05-29 14:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-29 13:59 . 2008-05-29 13:59 <REP> d-------- C:\Program Files\Trend Micro
2008-05-29 13:46 . 2008-05-29 13:46 10,279,675 --a------ C:\upload_moi_MAXIME.tar.gz
2008-05-29 13:08 . 2008-05-29 13:16 <REP> d-------- C:\Lop SD
2008-05-29 12:57 . 2008-05-29 13:34 <REP> d-------- C:\Program Files\Navilog1
2008-05-27 18:56 . 2008-05-27 18:56 <REP> d-------- C:\Documents and Settings\Max\Application Data\Joost
2008-05-27 18:11 . 2008-05-27 18:11 <REP> d-------- C:\Program Files\Ace More User
2008-05-27 18:11 . 2008-05-27 18:11 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-19 14:50 . 2008-05-19 14:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-19 14:50 . 2008-05-19 14:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-17 01:17 . 2008-05-17 01:17 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 13:37 --------- d-----w C:\Program Files\TBONBin
2008-05-29 12:23 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-29 11:53 --------- d-----w C:\Program Files\BitDownload
2008-05-27 16:42 --------- d-----w C:\Program Files\BitTorrent Fastest Tool
2008-05-27 16:41 --------- d-----w C:\Program Files\ABC Amber Text2Image Converter
2008-05-27 16:09 --------- d-----w C:\Documents and Settings\Max\Application Data\Ace More User
2008-05-27 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\file joy proc deaf
2008-05-27 14:42 --------- d-----w C:\Program Files\eMule
2008-04-08 16:28 --------- d-----w C:\Program Files\Java
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-23 12:58 62,344 -c--a-w C:\Documents and Settings\Max\Application Data\GDIPFONTCACHEV1.DAT
2007-08-22 17:56 560 ----a-w C:\Documents and Settings\Max\Application Data\ViewerApp.dat
2007-01-11 11:44 688 -c--a-w C:\Documents and Settings\Max\Application Data\wklnhst.dat
2006-01-15 12:48 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-11-21 10:48 61 -csh--w C:\WINDOWS\cnerolf.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E150220-858B-4060-ADBD-BD17EA4B145B}]
2007-08-13 23:08 33140 --a------ C:\WINDOWS\system32\ptpusb32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]
"tbon"="C:\Program Files\TBONBin\tbon.exe" [2006-01-12 23:59 82944]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [2006-12-17 14:23 165304]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-10-22 21:42 190024]
"Noun pop"="C:\DOCUME~1\Max\APPLIC~1\ACEMOR~1\trans proxy.exe" [2008-05-27 11:21 433152]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-20 21:15 344064]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 12:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 18:38 159744]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 10:59 794624]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04 278528]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-03-29 14:45 233534]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"PCLEPCI"="C:\PROGRA~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 15:13 49152]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2005-06-13 02:30 192512]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 10:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"AltnetPointsManager"="c:\program files\altnet\points manager\points manager.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-08 18:16 185632]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-10-22 21:42 190024]
"Proc Deaf Delete Peak"="C:\Documents and Settings\All Users\Application Data\file joy proc deaf\bird test.exe" [2008-05-29 18:13 3525120]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-06-24 18:22:07 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-06-24 18:21:59 106496]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.I420"= vdrcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S2 ladchkr;ladchkr;C:\WINDOWS\system32\ladchkr.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3197db24-6cf6-11dc-9167-00150023b77f}]
\Shell\AutoRun\command - E:\LaunchU3.exe

*Newly Created Service* - FWDRV
*Newly Created Service* - KHIPS
*Newly Created Service* - SPF4

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\assfxcs]
C:\WINDOWS\system32\assfxcs.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-29 15:00:03 C:\WINDOWS\Tasks\A8D88700918B0650.job"
- c:\docume~1\max\applic~1\acemor~1\Aim Pile Great.exe
"2008-05-29 10:15:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-29 14:00:01 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-05-16 23:13:44 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2008-05-29 16:41:18 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 18:57:23
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?1?0?9??????? ???B?????????????hLC? ??????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-29 18:59:36
ComboFix-quarantined-files.txt 2008-05-29 16:59:09

Pre-Run: 7,015,211,008 octets libres
Post-Run: 7,006,396,416 octets libres

208 --- E O F --- 2008-05-20 11:41:05
0
Réponse 16 / 63
Utilisateur anonyme
29 mai 2008 à 19:04
ok refais un scan hijackthis et poste le rapport stp

c est pour suivre l évolution de la désinfection
0
Réponse 17 / 63
goos01 Messages postés 42 Date d'inscription jeudi 29 mai 2008 Statut Membre Dernière intervention 13 juillet 2012 4
29 mai 2008 à 19:06
Voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:08, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E150220-858B-4060-ADBD-BD17EA4B145B} - C:\WINDOWS\system32\ptpusb32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\bird test.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Noun pop] C:\DOCUME~1\Max\APPLIC~1\ACEMOR~1\trans proxy.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ladchkr - Unknown owner - C:\WINDOWS\system32\ladchkr.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 18 / 63
Utilisateur anonyme
29 mai 2008 à 19:10
ok je vois que tu as mis le parefeu c est bien

on va s occuper des pubs cid maintenant :




télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
0
Réponse 19 / 63
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
29 mai 2008 à 19:10
salut
juste pour savoir ou tu as vu le detournement DNS

a++
0
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
29 mai 2008 à 21:29
Bonsoir,

comme c'est moi qui ait suggéré l'expression, ici dans le post de départ :

O17 - HKLM\System\CCS\Services\Tcpip\..\{3164EA05-EF54-4B86-B965-A436DBFF520A}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{394F69CF-12E3-4D0C-976F-678ADCBE4245}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E66A89F-5091-4DDA-BB97-8B42F16AECB4}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{8329368C-721C-4E28-BC0E-45D1688E9FEC}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5660891-BCAF-48EE-B41D-C7EB7BFB6153}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2CED30D-0BD6-4B94-A4F4-79C4B641B1BE}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{3164EA05-EF54-4B86-B965-A436DBFF520A}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{3164EA05-EF54-4B86-B965-A436DBFF520A}: NameServer = 85.255.116.104,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.104 85.255.112.152

Si l'expression est erronée, tu dis.
0
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
30 mai 2008 à 10:14
autant pour moi j avais pas lu le premier hijack

a++
0
Réponse 20 / 63
goos01 Messages postés 42 Date d'inscription jeudi 29 mai 2008 Statut Membre Dernière intervention 13 juillet 2012 4
29 mai 2008 à 19:14
# Rapport Lopxp fait le 29/05/2008 à 19:11:40
# Exécuté dans : C:\Program Files\Lopxp
# Version 3.10 - Maj du 11/04/2008

Killing 'MsgPlus.exe'
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" (1568)
Killing 'iexplore.exe'
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" (3292)

========== Listing des dossiers Application Data

+- C:\Documents and Settings\All Users\Application Data

2008-03-17 à 20:20:06 - Adobe
2008-03-17 à 20:22:37 - Apple
2008-03-17 à 20:22:30 - Apple Computer
2008-05-29 à 15:24:47 - Avira
2008-02-13 à 23:23:00 - BOONTY
2008-05-27 à 16:09:48 - file joy proc deaf
2008-03-16 à 13:31:34 - Google
2006-01-10 à 20:46:43 - HP
2005-08-07 à 20:21:11 - hpqwmi
2005-08-07 à 20:02:47 - InstallShield
2008-05-29 à 12:25:52 - Lavasoft
2008-05-29 à 14:00:53 - Malwarebytes
2007-11-25 à 11:54:30 - Messenger Plus!
2008-05-20 à 11:40:57 - Microsoft
2007-11-14 à 20:55:12 - PEERNET
2006-09-24 à 21:00:34 - Pinnacle
2006-09-25 à 20:20:27 - Pinnacle Studio
2006-01-15 à 14:34:08 - QuickTime
2005-08-08 à 03:32:07 - SBSI
2007-08-26 à 10:34:44 - SmartSound Software Inc
2006-01-10 à 20:43:27 - Sonic
2007-02-07 à 21:21:13 - Symantec
2008-05-27 à 16:11:31 - TEMP
2006-06-05 à 10:02:21 - Windows Genuine Advantage
2007-04-29 à 20:14:06 - Windows Live Toolbar
2007-08-26 à 10:29:27 - WindowsLiveInstaller
2008-03-17 à 20:48:34 - WLInstaller

+- C:\Documents and Settings\Max\Application Data

2008-05-27 à 16:09:48 - Ace More User
2007-07-10 à 06:04:50 - Adobe
2007-08-24 à 18:02:33 - AdobeUM
2007-09-09 à 17:00:38 - Ahead
2007-03-22 à 07:17:26 - Apple Computer
2007-11-14 à 21:13:13 - BitDownload
2006-12-29 à 22:59:13 - DivX
2008-03-18 à 11:36:10 - dvdcss
2006-12-17 à 12:31:11 - Google
2007-10-17 à 21:44:54 - GrabIt
2008-03-17 à 20:21:50 - gtk-2.0
2006-01-11 à 19:01:48 - Help
2006-01-10 à 20:48:58 - HP
2006-03-02 à 21:53:02 - Identities
2007-08-27 à 12:16:09 - InstallShield
2006-01-10 à 12:04:30 - InterVideo
2008-05-27 à 16:56:34 - Joost
2006-02-08 à 15:32:16 - Leadertech
2006-01-11 à 19:31:08 - Macromedia
2008-05-29 à 14:01:07 - Malwarebytes
2007-08-29 à 20:00:48 - Microsoft
2006-11-25 à 12:38:00 - Mozilla
2006-11-03 à 19:02:50 - MSNInstaller
2006-11-03 à 21:08:18 - Nvu
2007-11-14 à 20:56:36 - PEERNET
2008-03-18 à 20:34:29 - Real
2007-02-18 à 20:17:05 - SAMSUNG
2007-04-29 à 19:35:13 - SecondLife
2006-02-08 à 15:32:30 - Sonic
2006-10-07 à 10:25:54 - Steinberg
2006-01-16 à 08:30:23 - Sun
2006-01-12 à 20:21:29 - Symantec
2006-12-12 à 14:21:11 - Template
2007-09-27 à 12:43:25 - U3
2006-11-03 à 21:32:31 - Visicom Media
2007-05-27 à 09:23:14 - vlc
2007-08-26 à 10:29:00 - vmntoolbar
2006-05-27 à 12:46:53 - Vso
2007-09-27 à 10:30:36 - Windows Desktop Search

+- C:\Documents and Settings\Max\Local Settings\Application Data

2008-01-06 à 19:57:27 - Adobe
2007-10-01 à 16:40:45 - Ahead
2007-08-26 à 10:30:23 - Apple
2007-03-21 à 07:34:38 - Apple Computer
2008-05-26 à 20:16:26 - ApplicationHistory
2006-12-17 à 12:28:14 - Google
2006-01-11 à 19:01:48 - Help
2006-01-10 à 20:46:52 - HP
2006-03-02 à 21:44:19 - Identities
2006-01-10 à 20:47:24 - IsolatedStorage
2008-05-27 à 16:56:40 - Joost
2007-12-28 à 21:10:57 - Microsoft
2006-08-12 à 09:38:12 - Mon Livre Photo by Cewe
2006-11-25 à 12:38:00 - Mozilla
2007-07-31 à 06:13:32 - PCHealth
2006-01-22 à 16:22:52 - Shareaza
2007-09-28 à 09:07:29 - Windows Live Writer
2006-05-03 à 18:17:18 - WMTools Downloaded Files
2005-08-07 à 19:43:59 - {3248F0A6-6813-11D6-A77B-00B0D0150040}

========== Listing du dossier Program Files

+- C:\Program Files

2008-05-27 à 16:41:40 - ABC Amber Text2Image Converter
2008-05-27 à 16:11:32 - Ace More User
2008-03-17 à 20:19:54 - Adobe
2006-06-12 à 10:29:58 - AdwarePunisher
2007-08-26 à 10:31:30 - AGEIA Technologies
2007-02-03 à 12:45:55 - All Video to VCD SVCD DVD Converter
2007-04-15 à 10:21:31 - ALO SOFT
2005-08-07 à 19:41:46 - Analog Devices
2008-02-05 à 20:13:24 - Ange softs
2008-03-17 à 20:13:05 - Antipub
2008-02-16 à 18:36:56 - Anuman Interactive
2005-08-07 à 19:43:48 - Apoint2K
2008-03-17 à 20:22:41 - Apple Software Update
2007-04-14 à 23:05:06 - ArcSoft
2005-08-07 à 19:41:25 - ATI Technologies
2007-04-29 à 19:39:08 - AVI DivX MPEG to DVD Converter & Burner
2008-05-29 à 15:24:47 - Avira
2008-03-17 à 20:19:06 - B-Association(2)
2008-05-29 à 11:53:57 - BitDownload
2008-05-27 à 16:42:51 - BitTorrent Fastest Tool
2006-08-09 à 17:54:29 - Bloodshed Software
2006-06-12 à 10:24:21 - Boilsoft AVI Converter
2008-03-17 à 20:17:48 - BoontyGames
2007-04-27 à 15:38:19 - BSplayer
2007-05-17 à 20:47:24 - CD to MP3 Ripper
2007-02-08 à 21:38:34 - CoffeeCup Software
2005-08-08 à 03:32:07 - ComPlus Applications
2006-09-12 à 18:15:07 - Cool MP3 Converter
2007-08-29 à 19:58:04 - d3
2008-03-17 à 20:21:41 - DivX
2007-04-29 à 19:38:55 - DSL Speed
2006-08-16 à 07:48:12 - Easy Internet signup
2008-05-27 à 14:42:01 - eMule
2008-05-29 à 15:06:24 - Fichiers communs
2006-06-12 à 10:24:20 - GameSpy Arcade
2007-11-29 à 19:45:42 - GIMP-2.0
2008-03-17 à 20:13:12 - Google
2005-08-07 à 20:06:47 - Hewlett-Packard
2006-01-10 à 20:38:01 - Hp
2006-01-10 à 17:29:04 - HPQ
2007-04-29 à 19:36:05 - HyperLobbyPro3
2008-03-17 à 20:17:56 - InstallShield Installation Information
2005-08-07 à 19:40:52 - Intel
2008-04-10 à 08:52:21 - Internet Explorer
2005-08-07 à 20:05:11 - InterVideo
2006-01-15 à 12:20:54 - Inventel
2007-04-29 à 19:41:47 - iPod
2007-04-29 à 19:41:46 - iPod(2)
2007-04-29 à 19:41:47 - iTunes
2007-04-29 à 19:41:47 - iTunes(2)
2008-04-08 à 16:28:42 - Java
2007-11-25 à 12:37:31 - Joost
2006-11-19 à 21:29:00 - Kazaa
2008-05-29 à 12:24:21 - Lavasoft
2008-05-29 à 17:11:53 - Lopxp
2008-05-29 à 14:01:00 - Malwarebytes' Anti-Malware
2005-08-07 à 19:52:53 - Messenger
2007-10-22 à 19:42:45 - MessengerPlus! 3
2006-01-16 à 21:17:59 - Microsoft ActiveSync
2007-05-09 à 21:48:01 - Microsoft CAPICOM 2.1.0.2
2005-08-08 à 03:32:08 - microsoft frontpage
2007-08-26 à 10:32:20 - Microsoft Office
2007-09-27 à 06:49:17 - Microsoft SQL Server Compact Edition
2006-08-12 à 09:38:11 - Mon Livre Photo by Cewe
2005-08-08 à 03:32:08 - Movie Maker
2008-05-29 à 17:01:28 - Mozilla Firefox
2007-04-29 à 19:35:14 - MP3 Workshop
2007-04-29 à 19:39:08 - MPEGTOAVI
2006-04-29 à 12:30:32 - MSN
2005-08-08 à 03:32:08 - MSN Gaming Zone
2007-08-26 à 10:29:39 - MSN Messenger
2006-11-18 à 02:00:34 - MSXML 4.0
2008-05-29 à 11:34:25 - Navilog1
2008-03-17 à 20:13:05 - Need2Find
2006-11-28 à 16:27:45 - Neoact
2007-09-09 à 16:56:47 - Nero
2006-11-19 à 21:22:28 - Netlor Studio
2005-08-08 à 03:32:08 - NetMeeting
2006-11-19 à 21:23:16 - Nvu
2005-08-08 à 03:32:08 - Online Services
2007-08-26 à 10:27:54 - Outlook Express
2007-11-14 à 20:54:30 - PEERNET File Conversion Center 4.0
2007-08-15 à 20:57:10 - Pinnacle
2007-04-29 à 19:38:38 - PIXELA
2007-04-29 à 19:39:28 - PMP DV
2008-03-17 à 20:22:33 - QuickTime
2006-01-23 à 21:35:29 - Real
2008-03-17 à 20:14:49 - RealFlight G3 Demo
2006-06-12 à 10:26:13 - RXToolBar(2)
2008-01-29 à 20:34:56 - Samsung
2005-08-07 à 20:08:05 - Services en ligne
2008-02-11 à 22:47:49 - Shock Utility
2006-02-10 à 21:54:49 - SmartSound Software
2005-08-07 à 20:01:57 - Sonic
2007-04-29 à 19:37:56 - Sony Corporation
2006-10-07 à 10:24:09 - Steinberg
2008-05-29 à 16:28:55 - Sunbelt Software
2007-02-07 à 21:20:07 - Symantec
2008-05-29 à 13:37:24 - TBONBin
2008-05-29 à 11:59:08 - Trend Micro
2006-03-23 à 21:12:15 - Trialtime
2008-03-17 à 20:18:03 - Téléchargeur de Architecte d intérieur 3D - Edition 2007
2005-08-08 à 03:32:08 - Uninstall Information
2007-05-27 à 09:21:46 - VideoLAN
2006-11-19 à 21:25:01 - Visicom Media
2008-03-17 à 20:13:33 - Vsk3
2006-06-12 à 10:24:23 - vso
2007-08-26 à 10:36:58 - Wanadoo
2006-11-03 à 20:47:36 - Web Designers Toolkit with Calendar
2006-11-03 à 20:44:29 - website
2008-03-17 à 20:19:09 - WebSite X5 Evolution
2007-09-27 à 06:48:49 - Windows Desktop Search
2008-03-18 à 07:57:30 - Windows Live
2007-10-30 à 22:49:40 - Windows Live Toolbar
2007-05-27 à 09:48:31 - Windows Media Connect 2
2007-05-27 à 09:51:18 - Windows Media Player
2005-08-08 à 03:32:08 - Windows NT
2005-08-08 à 03:32:08 - WindowsUpdate
2007-04-29 à 19:36:03 - WinISO
2006-08-09 à 06:28:33 - WinISO53
2007-02-25 à 14:20:51 - WinRAR
2008-03-17 à 20:13:08 - Winsos
2007-04-29 à 19:36:04 - WinZip
2005-08-08 à 03:32:08 - xerox
2007-08-26 à 10:36:55 - Yahoo!

========== Tâches planifiées

A8D88700918B0650.job: c:\docume~1\max\applic~1\acemor~1\Aim Pile Great.exe
AppleSoftwareUpdate.job: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
HPpromotions journeysoftware.job: C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe /N "journeysoftware" -r
HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job: C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
Vérifier les mises à jour de Windows Live Toolbar.job: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

========== Clés registre

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\amenslowwma]
DisplayName REG_SZ CiD Help
UninstallString REG_SZ C:\DOCUME~1\Max\APPLIC~1\ACEMOR~1\trans proxy.exe -uninstall

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Proc Deaf Delete Peak"="C:\Documents and Settings\All Users\Application Data\file joy proc deaf\bird test.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Noun pop"="C:\DOCUME~1\Max\APPLIC~1\ACEMOR~1\trans proxy.exe"


========== Bloqueur popups Internet Explorer


========== Suggestion ( /!\ Nécessite une interprétation.) ==========

C:\Documents and Settings\All Users\Application Data\file joy proc deaf
C:\Documents and Settings\Max\Application Data\Ace More User
C:\Program Files\Ace More User
C:\WINDOWS\tasks\A8D88700918B0650.job
C:\Documents and Settings\All Users\MENUDM~1\Programmes\BitDownload
C:\Documents and Settings\Max\Application Data\BitDownload
C:\Program Files\BitDownload

+- Registre:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\amenslowwma]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Proc Deaf Delete Peak"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Noun pop"=-




- Fin du rapport -
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
Probleme bogue
Ines -
Pimmer -

1 réponse