|
|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour à tous, depuis quelques jours lorsque je me connecte à internet, des fenêtres du genre CdI... s'ouvre, j'ai fait 1 analyse avec spybot qui m'a trouvé des malwares du genre (zango, smitfraud, altnet,...) j'ai corrigé mais je ne suis pas certain d'avoir tous éradiqué, je vous remercie d'avance pour les solutions apportés au problème. Je vous poste 1 rapport hijackthis.
-->Message édité par FABGN le 25/07/2008 14:09:39<--
|
|
|
|
|
voici le rapport merci pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:46, on 22/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Army Online Move Tick] C:\Documents and Settings\All Users\Application Data\file cash army online\Thunk Glue.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?99414675174c4361966d582518ac6a5f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?99414675174c4361966d582518ac6a5f
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/w(...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/m(...)
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O21 - SSODL: rdihost - {01C82EC1-76E5-4756-A518-9921D7C0F27C} - rdihost.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
--
End of file - 10971 bytes
|
|
|
|
|
exemple de fenetres : CiD:http://mediastay.finaref.fr
|
|
La Mayenne-son calme -sa verdu
|
|
|
Télécharger LopS&D.exe sur ton Bureau
Tuto
• Double-clique dessus pour lancer l'installation
• Puis double-clique sur le raccourci Lop S&D présent sur ton bureau 
• Sélectionne la langue souhaitée, puis choisis choisis l'option 2
• Patiente jusqu'à la fin du scan
• Poste le rapport généré (C:\lopR.txt)
Ensuite remets un rapport hijackthis
|
|
|
|
|
Merci à toi voici le rapport fait par LOP S&D
--------------------\\ Lop S&D 4.2.2-3 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : MARYSE ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 22/07/2008 | 19:08:27,78 ] [ PC : NOM-D3A4C94E6FD ]
[ MAJ : 22-07-2008 | 17:35 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprime! - C:\DOCUME~1\MARYSE\Cookies\maryse@adopt.euroclick[1].txt
RestaurÚ! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Application Data
[02/01/2005|01:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[01/01/2005|10:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[01/01/2005|09:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/01/2005|01:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intervideo
[04/07/2007|21:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[02/01/2005|01:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[01/01/2005|09:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[01/01/2005|09:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[30/03/2005|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[15/05/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AcidProgramAntiAtom
[22/07/2008|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/07/2007|18:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[18/09/2006|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[17/04/2007|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[18/05/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[01/01/2005|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[06/05/2008|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\file cash army online
[20/09/2006|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[30/03/2005|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[02/01/2005|01:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[02/01/2005|01:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[15/05/2008|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[09/12/2006|14:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Link Data Security
[13/07/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[24/06/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[07/06/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Momindum Studio
[09/03/2007|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[13/04/2007|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
[19/04/2005|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground
[21/05/2005|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[05/11/2007|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[04/05/2005|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2005|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[13/07/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[12/09/2007|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[06/05/2006|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[16/03/2008|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[18/05/2008|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[22/07/2008|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[22/07/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[07/06/2008|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
[01/04/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[20/05/2007|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UniversalisV12
[10/07/2008|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WhiteCap (Holiday Edition)
[09/10/2007|20:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[26/08/2006|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[04/07/2007|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[16/03/2008|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[03/12/2007|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xml13.tmp
[03/12/2007|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xml14.tmp
[03/12/2007|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xml15.tmp
[03/12/2007|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xml16.tmp
[16/02/2006|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[02/01/2005|01:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[01/01/2005|10:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[01/01/2005|09:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/01/2005|01:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[04/07/2007|21:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/01/2005|01:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2005|09:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[01/01/2005|09:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[02/01/2005|01:31] C:\DOCUME~1\INVIT~1\APPLIC~1\Apple Computer
[01/01/2005|10:22] C:\DOCUME~1\INVIT~1\APPLIC~1\desktop.ini
[30/05/2006|21:38] C:\DOCUME~1\INVIT~1\APPLIC~1\EoRezo
[28/10/2006|01:38] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
[01/01/2005|09:29] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[02/01/2005|01:23] C:\DOCUME~1\INVIT~1\APPLIC~1\Intervideo
[10/07/2006|09:45] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[15/05/2008|18:50] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[04/05/2008|16:54] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[02/01/2005|01:54] C:\DOCUME~1\INVIT~1\APPLIC~1\SampleView
[22/07/2008|08:14] C:\DOCUME~1\INVIT~1\APPLIC~1\SiteAdvisor
[27/06/2008|18:03] C:\DOCUME~1\INVIT~1\APPLIC~1\Sonic
[01/01/2005|09:48] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[01/01/2005|09:02] C:\DOCUME~1\INVIT~1\APPLIC~1\Symantec
[04/05/2008|16:54] C:\DOCUME~1\INVIT~1\APPLIC~1\Talkback
[11/11/2007|19:36] C:\DOCUME~1\INVIT~1\APPLIC~1\Teleca
[27/06/2008|18:08] C:\DOCUME~1\INVIT~1\APPLIC~1\vlc
[06/01/2007|14:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Ahead
[14/05/2008|20:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[14/05/2008|20:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[11/02/2007|16:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[13/07/2008|17:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
[03/04/2005|19:24] C:\DOCUME~1\MARYSE\APPLIC~1\ACD Systems
[02/01/2008|13:58] C:\DOCUME~1\MARYSE\APPLIC~1\Adobe
[22/07/2008|09:48] C:\DOCUME~1\MARYSE\APPLIC~1\AdobeUM
[25/12/2006|21:57] C:\DOCUME~1\MARYSE\APPLIC~1\Ahead
[02/01/2005|01:31] C:\DOCUME~1\MARYSE\APPLIC~1\Apple Computer
[08/11/2006|20:19] C:\DOCUME~1\MARYSE\APPLIC~1\Babylon
[01/01/2005|10:22] C:\DOCUME~1\MARYSE\APPLIC~1\desktop.ini
[16/12/2007|15:44] C:\DOCUME~1\MARYSE\APPLIC~1\EoRezo
[03/04/2007|20:32] C:\DOCUME~1\MARYSE\APPLIC~1\Google
[25/09/2005|12:47] C:\DOCUME~1\MARYSE\APPLIC~1\Help
[03/04/2005|19:30] C:\DOCUME~1\MARYSE\APPLIC~1\Hewlett-Packard
[01/01/2005|09:29] C:\DOCUME~1\MARYSE\APPLIC~1\Identities
[02/01/2005|01:23] C:\DOCUME~1\MARYSE\APPLIC~1\Intervideo
[14/05/2007|18:13] C:\DOCUME~1\MARYSE\APPLIC~1\ItsLabel
[23/09/2005|21:48] C:\DOCUME~1\MARYSE\APPLIC~1\Macromedia
[06/05/2008|15:58] C:\DOCUME~1\MARYSE\APPLIC~1\Microsoft
[02/04/2007|12:46] C:\DOCUME~1\MARYSE\APPLIC~1\Motive
[24/02/2007|19:57] C:\DOCUME~1\MARYSE\APPLIC~1\Mozilla
[02/01/2005|01:54] C:\DOCUME~1\MARYSE\APPLIC~1\SampleView
[18/07/2008|15:34] C:\DOCUME~1\MARYSE\APPLIC~1\SiteAdvisor
[01/01/2005|09:48] C:\DOCUME~1\MARYSE\APPLIC~1\Sun
[01/01/2005|09:02] C:\DOCUME~1\MARYSE\APPLIC~1\Symantec
[24/02/2007|19:58] C:\DOCUME~1\MARYSE\APPLIC~1\Talkback
[20/05/2007|14:13] C:\DOCUME~1\MARYSE\APPLIC~1\Teleca
[03/09/2005|17:13] C:\DOCUME~1\MARYSE\APPLIC~1\Template
[25/12/2005|19:41] C:\DOCUME~1\MARYSE\APPLIC~1\vlc
[03/09/2005|17:13] C:\DOCUME~1\MARYSE\APPLIC~1\wklnhst.dat
[16/03/2008|20:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[14/07/2008|16:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\SiteAdvisor
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[12/07/2008 11:17][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[22/07/2008 14:52][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[22/07/2008 18:23][--a------] C:\WINDOWS\tasks\HP Usg Daily.job
[05/08/2004 12:00][-rah-c---] C:\WINDOWS\tasks\desktop.ini
[22/07/2008 12:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
[29/09/2005 20:14][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
--------------------\\ Listing des dossiers dans C:\Program Files
[19/05/2007|20:26] C:\Program Files\Adobe
[17/06/2008|14:26] C:\Program Files\AGEIA Technologies
[15/05/2008|18:45] C:\Program Files\Alwil Software
[06/05/2008|19:37] C:\Program Files\Ante Plus Base
[28/02/2008|23:42] C:\Program Files\Artlantis
[30/06/2008|18:23] C:\Program Files\Avanquest update
[19/11/2005|21:34] C:\Program Files\AviSynth 2.5
[07/06/2008|22:12] C:\Program Files\AVSMedia
[13/04/2008|21:36] C:\Program Files\Bonjour
[06/11/2007|17:40] C:\Program Files\Boonty
[22/07/2008|10:04] C:\Program Files\BoontyGames
[09/03/2007|22:06] C:\Program Files\BroadJump
[11/04/2007|18:12] C:\Program Files\CCleaner
[13/04/2007|16:10] C:\Program Files\Club-Internet
[23/06/2008|14:56] C:\Program Files\Codemasters
[09/03/2007|22:10] C:\Program Files\Common Files
[19/05/2006|20:34] C:\Program Files\DIFX
[16/11/2005|16:58] C:\Program Files\Easy Internet signup
[01/07/2008|16:19] C:\Program Files\Editeur Handling GTA-SA
[22/07/2008|08:57] C:\Program Files\eMule
[16/07/2008|18:51] C:\Program Files\Everest Poker
[07/06/2008|22:12] C:\Program Files\Fichiers communs
[09/04/2008|11:36] C:\Program Files\File Properties Changer
[30/06/2008|19:56] C:\Program Files\Frets on Fire
[19/11/2005|21:34] C:\Program Files\Gabest
[15/02/2007|20:38] C:\Program Files\Google
[09/10/2006|21:09] C:\Program Files\GordianKnot
[05/12/2007|20:08] C:\Program Files\Graphisoft
[02/01/2005|01:41] C:\Program Files\Help and Support Additions
[30/03/2005|14:23] C:\Program Files\Hewlett-Packard
[30/03/2005|14:22] C:\Program Files\HP
[02/12/2006|12:57] C:\Program Files\IncrediMail
[14/04/2005|18:01] C:\Program Files\Infogrames
[24/06/2008|14:10] C:\Program Files\InstallShield Installation Information
[01/04/2005|21:23] C:\Program Files\InterActual
[11/06/2008|18:02] C:\Program Files\Internet Explorer
[09/10/2006|21:09] C:\Program Files\InterVideo
[13/04/2008|21:38] C:\Program Files\iPod
[13/04/2008|21:38] C:\Program Files\iTunes
[22/07/2008|12:30] C:\Program Files\Java
[08/04/2008|08:05] C:\Program Files\jo.txt
[15/05/2008|13:59] C:\Program Files\Lavasoft
[13/04/2008|15:46] C:\Program Files\Lopxp
[25/05/2005|17:09] C:\Program Files\LucasArts
[07/06/2008|22:30] C:\Program Files\Magicbit
[30/03/2005|15:34] C:\Program Files\Maxis
[28/02/2008|23:08] C:\Program Files\MAXON
[14/05/2005|15:06] C:\Program Files\Microprose
[17/03/2008|13:28] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[01/01/2005|09:29] C:\Program Files\microsoft frontpage
[24/08/2007|15:00] C:\Program Files\Microsoft Games
[17/04/2007|19:04] C:\Program Files\Microsoft Office
[20/05/2008|18:02] C:\Program Files\Microsoft Silverlight
[16/11/2005|16:58] C:\Program Files\Microsoft Works
[10/01/2006|19:47] C:\Program Files\Microsoft.NET
[17/06/2008|14:12] C:\Program Files\Midway Games
[07/06/2008|22:03] C:\Program Files\Momindum Studio
[13/04/2007|16:03] C:\Program Files\Motive
[17/03/2008|19:21] C:\Program Files\Movie Maker
[22/07/2008|13:52] C:\Program Files\Mozilla Firefox
[09/07/2007|14:06] C:\Program Files\MrJack's Radio
[01/01/2005|09:26] C:\Program Files\MSN Gaming Zone
[20/08/2007|16:11] C:\Program Files\MSXML 4.0
[09/10/2006|21:09] C:\Program Files\NetMeeting
[06/04/2008|11:51] C:\Program Files\nomutil.txt
[01/01/2005|09:26] C:\Program Files\Online Services
[31/03/2008|14:47] C:\Program Files\OpenAL
[17/03/2008|19:21] C:\Program Files\Outlook Express
[25/05/2006|14:00] C:\Program Files\Oxilog
[16/11/2005|16:58] C:\Program Files\PC-Doctor for Windows
[03/12/2006|21:56] C:\Program Files\Picasa2
[13/04/2008|21:36] C:\Program Files\QuickTime
[04/07/2007|19:25] C:\Program Files\ReflexiveArcade
[02/07/2008|15:00] C:\Program Files\rFactor
[07/06/2008|09:44] C:\Program Files\RM-X Player V5.2
[25/09/2005|11:41] C:\Program Files\RM-X Store
[02/06/2008|18:58] C:\Program Files\ScanPanel
[04/11/2006|17:41] C:\Program Files\SCi Games
[02/01/2005|01:48] C:\Program Files\Services en ligne
[01/01/2005|09:08] C:\Program Files\SiS VGA Utilities V3.63
[03/12/2007|20:14] C:\Program Files\SiSoftware
[13/07/2008|17:08] C:\Program Files\SiteAdvisor
[02/01/2005|01:19] C:\Program Files\Sonic
[02/01/2005|01:19] C:\Program Files\Sonic RecordNow!
[07/06/2008|09:37] C:\Program Files\Sony Ericsson
[09/10/2007|21:16] C:\Program Files\SoundSpectrum
[26/05/2007|17:04] C:\Program Files\'Splendeur.'
[22/07/2008|12:25] C:\Program Files\Spybot - Search & Destroy
[22/07/2008|09:00] C:\Program Files\Symantec
[22/07/2008|09:00] C:\Program Files\Symantec AntiVirus
[11/04/2005|18:35] C:\Program Files\SymNetDrv
[07/06/2008|21:46] C:\Program Files\TechSmith
[02/06/2008|18:53] C:\Program Files\TextBridge Pro 8.0
[23/06/2008|14:54] C:\Program Files\Thrustmaster
[13/04/2008|15:48] C:\Program Files\Trend Micro
[09/10/2006|20:52] C:\Program Files\Uninstall Information
[07/06/2008|09:42] C:\Program Files\Universalis
[05/06/2008|16:18] C:\Program Files\uTorrent
[19/11/2005|21:34] C:\Program Files\VideoLAN
[05/12/2007|20:13] C:\Program Files\WIBU-SYSTEMS
[16/03/2008|20:25] C:\Program Files\Windows Live
[17/03/2008|13:28] C:\Program Files\Windows Media Player
[01/01/2005|10:40] C:\Program Files\Windows NT
[18/02/2006|20:14] C:\Program Files\WinRAR
[20/06/2006|22:06] C:\Program Files\Winter Fun Pack 2004 for Windows XP
[01/01/2005|09:29] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[07/02/2008|21:53] C:\Program Files\Fichiers communs\Adobe
[11/07/2007|18:10] C:\Program Files\Fichiers communs\Ahead
[08/07/2007|18:05] C:\Program Files\Fichiers communs\Apple
[07/06/2008|22:14] C:\Program Files\Fichiers communs\AVSMedia
[17/04/2007|19:04] C:\Program Files\Fichiers communs\DESIGNER
[18/04/2005|18:26] C:\Program Files\Fichiers communs\DirectX
[02/01/2005|01:30] C:\Program Files\Fichiers communs\InstallShield
[01/01/2005|09:48] C:\Program Files\Fichiers communs\Java
[24/06/2008|17:39] C:\Program Files\Fichiers communs\Microsoft Shared
[09/03/2007|22:10] C:\Program Files\Fichiers communs\Motive
[01/01/2005|09:27] C:\Program Files\Fichiers communs\MSSoap
[17/03/2008|13:22] C:\Program Files\Fichiers communs\ODBC
[01/01/2005|10:40] C:\Program Files\Fichiers communs\Services
[01/01/2005|10:22] C:\Program Files\Fichiers communs\SpeechEngines
[02/01/2005|01:20] C:\Program Files\Fichiers communs\SureThing Shared
[22/07/2008|09:00] C:\Program Files\Fichiers communs\Symantec Shared
[17/03/2008|13:27] C:\Program Files\Fichiers communs\System
[04/04/2008|11:32] C:\Program Files\Fichiers communs\Teleca Shared
[16/03/2008|20:09] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[17/06/2008|14:26] C:\Program Files\Fichiers communs\Wise Installation Wizard
[02/06/2008|18:53] C:\Program Files\Fichiers communs\Xerox Shared
--------------------\\ Process
( 39 Processus )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 19:10:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:25][D:7]-> C:\DOCUME~1\MARYSE\LOCALS~1\Temp
[F:35][D:0]-> C:\DOCUME~1\MARYSE\Cookies
[F:809][D:4]-> C:\DOCUME~1\MARYSE\LOCALS~1\TEMPOR~1\content.IE5
--------------------\\ Fin du rapport a 19:10:58,32
|
|
|
|
|
Et voici le rapport hijackthis généré apres LOP S&D
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:07, on 22/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Army Online Move Tick] C:\Documents and Settings\All Users\Application Data\file cash army online\Thunk Glue.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?99414675174c4361966d582518ac6a5f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?99414675174c4361966d582518ac6a5f
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/w(...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/m(...)
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O21 - SSODL: rdihost - {01C82EC1-76E5-4756-A518-9921D7C0F27C} - rdihost.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
--
End of file - 10915 bytes
|
|
|
|
|
|
Merci bcp pour ton aide j'attends instruction
|
|
La Mayenne-son calme -sa verdu
|
|
|
Télécharge OTMoveIt (d’Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous dans la fenêtre selon image ci jointe.
C:\DOCUME~1\INVIT~1\APPLIC~1\EoRezo
C:\DOCUME~1\MARYSE\APPLIC~1\EoRezo
C:\DOCUME~1\MARYSE\APPLIC~1\wklnhst.dat
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Everest Poker
C:\Program Files\MSN Gaming Zone
C:\Documents and Settings\All Users\Application Data\file cash army online
EmptyTemp
Clique sur MoveIt! Pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dansC:\_OTMoveIt\MovedFiles.Exemple:(01282008_131348.log )
Il te sera peut-être demander de redémarrer le pc pour achever la suppression.
Si c'est le cas accepte par Yes.
Ensuite dis moi tu connais cela:
C:\Program Files\'Splendeur.'
Relance HijackThis > Do a system scan only > coche ces lignes: ensuite valides sur Fix checked
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [Army Online Move Tick] C:\Documents and Settings\All Users\Application Data\file cash army online\Thunk Glue.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O21 - SSODL: rdihost - {01C82EC1-76E5-4756-A518-9921D7C0F27C} - rdihost.dll (file missing)
Ensuite ceci :
Télécharge Ccleaner : tuto + téléchargement la :
http://www.pcastuces.com/logitheque/ccleaner.htm
![[:fml:8]](/data/globaldata/usmilies/fml-8.gif "[:fml:8]") * ne pas cocher la barre Yahoo*
Fait un nettoyage comme cela :
**Décoche la case dans Options –avancé- Effacer uniquement les fichiers, du dossier temp de Windows : plus vieux que 48 Heures
Recocher cette case une fois le premier nettoyage effectué
1-Élimine les fichiers temporaires et les traces ( onglet nettoyeur )  que vous laissez en naviguant sur Internet ou bien en ouvrant simplement des fichiers avec n'importe quel logiciel sous Windows : le Lecteur Windows Media, Emule, Office, Nero, Adobe Reader, etc.
2-Nettoyées le Registre de Windows, (onglet registre)  l'endroit où est stockée toute la configuration du système peut également être à l'origine d'un ralentissement de votre système. Certaines clés erronées et non valides l'alourdissent.
Acceptes toujours la première sauvegarde du registre que tu mets dans un dossier choisi par toi même
Et enfin ::
Installe Malewarebytes' Antimalware,
Téléchargement et tuto
Met-le à jour puis passe en mode sans échec :
http://www.pcloisirs.eu/mode_sans_echec.htm
Choisi, Exécuter un examen complet
Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection
Poste le rapport final.
-->Message édité par bernard53 le 22/07/2008 20:32:48<--
|
|
|
|
|
Bonjour et encore merci pour ton aide,
voici le rapport effectué avec OTMoveIt
C:\DOCUME~1\INVIT~1\APPLIC~1\EoRezo moved successfully.
C:\DOCUME~1\MARYSE\APPLIC~1\EoRezo\EoWeather\images_station_meteo moved successfully.
C:\DOCUME~1\MARYSE\APPLIC~1\EoRezo\EoWeather\images_classic moved successfully.
C:\DOCUME~1\MARYSE\APPLIC~1\EoRezo\EoWeather\images moved successfully.
C:\DOCUME~1\MARYSE\APPLIC~1\EoRezo\EoWeather moved successfully.
C:\DOCUME~1\MARYSE\APPLIC~1\EoRezo\eoStats moved successfully.
C:\DOCUME~1\MARYSE\APPLIC~1\EoRezo\eoDesktop moved successfully.
C:\DOCUME~1\MARYSE\APPLIC~1\EoRezo\db moved successfully.
C:\DOCUME~1\MARYSE\APPLIC~1\EoRezo moved successfully.
C:\DOCUME~1\MARYSE\APPLIC~1\wklnhst.dat moved successfully.
C:\Program Files\Boonty\Components moved successfully.
C:\Program Files\Boonty\BoontyBox\Temp moved successfully.
C:\Program Files\Boonty\BoontyBox\Skins\Silver moved successfully.
C:\Program Files\Boonty\BoontyBox\Skins\Dark moved successfully.
C:\Program Files\Boonty\BoontyBox\Skins\Classic moved successfully.
C:\Program Files\Boonty\BoontyBox\Skins moved successfully.
C:\Program Files\Boonty\BoontyBox\Medias moved successfully.
C:\Program Files\Boonty\BoontyBox\Languages moved successfully.
C:\Program Files\Boonty\BoontyBox\Html moved successfully.
C:\Program Files\Boonty\BoontyBox\Data moved successfully.
C:\Program Files\Boonty\BoontyBox\CsaFiles\OldShell moved successfully.
C:\Program Files\Boonty\BoontyBox\CsaFiles\NewShell moved successfully.
C:\Program Files\Boonty\BoontyBox\CsaFiles moved successfully.
C:\Program Files\Boonty\BoontyBox moved successfully.
C:\Program Files\Boonty moved successfully.
C:\Program Files\BoontyGames\Components moved successfully.
C:\Program Files\BoontyGames moved successfully.
C:\Program Files\Everest Poker\var moved successfully.
C:\Program Files\Everest Poker\history moved successfully.
C:\Program Files\Everest Poker\data\startup\shared\sounds moved successfully.
C:\Program Files\Everest Poker\data\startup\shared\icons moved successfully.
C:\Program Files\Everest Poker\data\startup\shared\bitmaps moved successfully.
C:\Program Files\Everest Poker\data\startup\shared moved successfully.
C:\Program Files\Everest Poker\data\startup\fr moved successfully.
C:\Program Files\Everest Poker\data\startup\en moved successfully.
C:\Program Files\Everest Poker\data\startup moved successfully.
C:\Program Files\Everest Poker\data\shared\shared\sounds moved successfully.
C:\Program Files\Everest Poker\data\shared\shared\bitmaps moved successfully.
C:\Program Files\Everest Poker\data\shared\shared moved successfully.
C:\Program Files\Everest Poker\data\shared\fr moved successfully.
C:\Program Files\Everest Poker\data\shared moved successfully.
C:\Program Files\Everest Poker\data\mp-poker\fr moved successfully.
C:\Program Files\Everest Poker\data\mp-poker\background moved successfully.
C:\Program Files\Everest Poker\data\mp-poker moved successfully.
C:\Program Files\Everest Poker\data\mp-lobby moved successfully.
C:\Program Files\Everest Poker\data\fonts moved successfully.
C:\Program Files\Everest Poker\data moved successfully.
C:\Program Files\Everest Poker moved successfully.
Folder move failed. C:\Program Files\MSN Gaming Zone\Windows scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MSN Gaming Zone scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\file cash army online moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\MARYSE\LOCALS~1\Temp\~DFAF37.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07232008_082056
|
|
|
|
|
|
Je continue ce que tu m'a conseillé a toute à l'heure
|
|
|
|
|
|
pour ton info splendeur m'est inconnu et je m'en sert jamais.
|
|
|
|
|
Je poste le rapport généré par Malwarebytes, j'ai effectué toutes les opérations demandées, j'attends tes conseils, encore merci à toi.
Malwarebytes' Anti-Malware 1.22
Version de la base de données: 981
Windows 5.1.2600 Service Pack 2
10:08:27 23/07/2008
mbam-log-7-23-2008 (10-08-27).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 147603
Temps écoulé: 1 hour(s), 6 minute(s), 40 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 32
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\photo album.zip (Worm.IRCBot) -> Quarantined and deleted successfully.
|
|
La Mayenne-son calme -sa verdu
|
|
|
Bon si tu ne te sert pas donc de ce dossier C:\Program Files\'Splendeur.' supprimes le 
Et maintenant comment vas ton pc. 
|
|
|
|
|
|
J'ai supprimé splendeur, et grace à toi mon pc fonctionne comme au départ c.a.d nickel chrome encore merci, bonne fin de journée et bonne continuation
|
|
La Mayenne-son calme -sa verdu
|
|
|
Fait ceci pour supprimer les logiciels de cette infection.
Fermes toutes les applications en cours, puis télécharge, ToolsCleaner! Sur ton Bureau.
http://pc-system.fr/TC/ToolsCleaner2.exe
Clique sur Recherche et laisse le scan se terminer.
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter, pour que le rapport puisse se créer.
Poste-moi le rapport(TCleaner.txt) qui se trouve à la racine de ton disque dur (C :\).
Puis::
Bon maintenant on va mettre la restauration du système propre.
Pour cela:
1- Valides les touches Windows et Pause en même temps.
Sur cette fenêtre coche cette case :
Valide cela par l’onglet APPLIQUER et acceptes la demande sur la fenêtre que vas s’afficher.
Après quelques instants décoche cette même case et valides cela par l’onglet APPLIQUER .
Il te faut donc maintenant recrée un nouveau point de restauration.
2-Demarrer >exécuter et tapes.
Restore/rstrui.exe
Valides dans la fenêtre qui apparait : Créer un point de restauration
Puis Suivant et donne un nom au nouveau point de restauration : Valide :
L'écran suivant doit vous prévenir que le point de restauration a été créé avec succès.
Cliquez sur "Fermer" dans la prochaine fenêtre pour sortir de l'utilitaire.
Voici un lien très intéressant sur des Logiciels nuisibles. n'installez plus ces programmes
Et enfin::
si tout roule comme tu dis. 
Clique sur le ![[:Footlog2001:3]](/data/globaldata/usmilies/footlog2001-3.gif "[:Footlog2001:3]") puis éditer le message et à la suite de ton titre marque : RESOLU
|
|
|
|
|
Un grand merci à toi
Bonne continuation
|
|
La Mayenne-son calme -sa verdu
|
|
|
de rien
|
|
|
1
|
