portable compaq infecté?

> Tous les forums > Sécurité

portable compaq infecté? Sujet résolu

Statut du sujet : RESOLU

nanou65

Posté le 28/08/2008 @ 12:54

Petite astucienne

34 Messages

Bonjour on ma preté un pc portable qui ne marche pas bien.

Il n'y avait plus d'antivirus donc j'ai réinstallé avast c'est un portable compaq info dessus "presario" vista mais apparement d'après le proprio vista n'est pas top et a voulu mettre xp ??????

Il se met en veille constament et je voudrais savoir s'il est infecté.

Ayant déja eu reccourt à vos services très compétents pourriez vous m'aidez ?

J'ai fait un rapport HijackThis

Merci de votre aide si précieuse et professionnelle.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:42, on 28/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\V-Gear BEE\VBService.exe
C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [etMonitor] C:\Windows\etMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [AmenSite] "C:\ProgramData\buildmovemove.dc8vo2"
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\Settings tray loud.jy3hdy3"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: GigaTribe.lnk = F:\PROGRAMS FILE\GigaTribe\gigatribe.exe
O4 - Startup: RocketDock.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BEE Service.lnk = C:\Program Files\V-Gear BEE\VBService.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9ABCEAF-E568-4164-BBC1-AE00C6481B91}: NameServer = 192.168.1.1
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8319 bytes
Bon courage et j'attend avec impatience votre réponse.

Publicité

no.ppp

Posté le 28/08/2008 à 12:58

Petit astucien

997 Messages

Bonjour nanou65,

Analyse en cours

no.ppp

Posté le 28/08/2008 à 13:15

Petit astucien

997 Messages

Re,

L'ancien propriétaire n'a pas mis XP, Vista est bel et bien ton système d'exploitation.

C'est toi qui a installé Eorezo ?

Ta version d'Adobe n'est pas à jour, il faudra penser à la mettre plus tard, je t'indiquerais la marche à suivre.

Côté infection, tu l'es effectivement, en l'occurrence Lop.

Commence par Désactiver l'UAC

Désinstalle via "Ajout/Suppression de programmes" (si présents) :

Cid help
Circle Developement
Adverts
Le sponsor de MSN Plus!

Télécharge LopS&D.exe (d'Eric-71 & AngelDark) sur ton bureau (Clique-droit sur le lien > Enregister la cible du lien sous)
Désactive ton antivirus au cas où (tu pourras le réactiver après la fin du scan)
clique-droit sur Lop S&D > Exécuter en tant qu'administrateur pour lancer l'installation
Une fois installé, clique-droit sur Lop S&D > Exécuter en tant qu'administrateur
Sélectionne la langue en appuyant sur la touche F, puis choisis l'option 1 (Recherche)
Si lopSD te demande de redémarrer accepte et attends la fin du scan.
Copie/colle le contenu du rapport qui se situe à la racine du DD C:\lopR.txt

Modifié par no.ppp le 28/08/2008 13:18

nanou65

Posté le 29/08/2008 à 08:03

Petite astucienne

34 Messages

Bonjour

contente de vousser retrouver en attendant votre réponse hier j'ai fait analyser par avast qui a trouvé un virus (désolé je l'ai supprimé sans regarder).

voici le rapport demandé :

--------------------\\ Lop S&D 4.2.3-6 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) M CPU 430 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : linepow ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080828-0] 4.8.1229 (Not Activated)

"C:\Lop SD" ( MAJ : 27-08-2008|22:40 )
Option : [1] ( 29/08/2008| 7:42 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[22/01/2008|15:10] C:\Users\linepow\AppData\Local\Adobe
[18/06/2008|17:41] C:\Users\linepow\AppData\Local\Apple
[08/07/2008|13:22] C:\Users\linepow\AppData\Local\Apple Computer
[11/09/2007|19:17] C:\Users\linepow\AppData\Local\Application Data
[13/06/2008|22:42] C:\Users\linepow\AppData\Local\Asobo Studio
[11/09/2007|19:27] C:\Users\linepow\AppData\Local\AtStart.txt
[22/07/2008|16:50] C:\Users\linepow\AppData\Local\d3d9caps.dat
[30/07/2008|19:57] C:\Users\linepow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[11/09/2007|19:27] C:\Users\linepow\AppData\Local\DSwitch.txt
[16/08/2008|10:11] C:\Users\linepow\AppData\Local\GDIPFONTCACHEV1.DAT
[11/09/2007|23:41] C:\Users\linepow\AppData\Local\Google
[11/09/2007|19:17] C:\Users\linepow\AppData\Local\Historique
[29/08/2008|07:33] C:\Users\linepow\AppData\Local\IconCache.db
[22/01/2008|20:35] C:\Users\linepow\AppData\Local\Magentic
[23/08/2008|15:15] C:\Users\linepow\AppData\Local\Microsoft
[12/09/2007|13:03] C:\Users\linepow\AppData\Local\Microsoft Games
[11/09/2007|19:27] C:\Users\linepow\AppData\Local\QSwitch.txt
[09/04/2008|11:44] C:\Users\linepow\AppData\Local\QuickPlay
[18/06/2008|17:49] C:\Users\linepow\AppData\Local\Sony
[29/08/2008|07:35] C:\Users\linepow\AppData\Local\Temp
[11/09/2007|19:17] C:\Users\linepow\AppData\Local\Temporary Internet Files
[03/10/2007|11:10] C:\Users\linepow\AppData\Local\VirtualStore
[30/07/2008|22:07] C:\Users\linepow\AppData\Local\WindowsUpdate

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[29/08/2008 07:20][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{2A785B6A-FDDC-4F01-83EB-D552C93143CC}.job
[29/08/2008 07:34][--ah-----] C:\Windows\tasks\SA.DAT
[29/08/2008 07:33][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[19/08/2008|17:12] C:\ProgramData\Admin Inter 1 Mags
[18/12/2006|22:16] C:\ProgramData\Adobe
[18/06/2008|17:41] C:\ProgramData\Apple
[18/06/2008|17:44] C:\ProgramData\Apple Computer
[02/11/2006|14:59] C:\ProgramData\Application Data
[29/07/2008|21:42] C:\ProgramData\buildmovemove.4be1n
[29/07/2008|21:42] C:\ProgramData\buildmovemove.5mk70
[06/08/2008|22:21] C:\ProgramData\buildmovemove.dc8vo2
[06/08/2008|21:37] C:\ProgramData\buildmovemove.qe2u1d
[06/08/2008|21:15] C:\ProgramData\buildmovemove.uoacyi
[06/08/2008|21:59] C:\ProgramData\buildmovemove.z2t24
[09/11/2006|20:14] C:\ProgramData\Bureau
[18/12/2006|22:15] C:\ProgramData\CyberLink
[02/11/2006|14:59] C:\ProgramData\Desktop
[02/11/2006|14:59] C:\ProgramData\Documents
[02/07/2008|15:52] C:\ProgramData\Downloaded Installations
[22/01/2008|11:37] C:\ProgramData\DVD Shrink
[09/11/2006|20:14] C:\ProgramData\Favoris
[02/11/2006|14:59] C:\ProgramData\Favorites
[09/01/2008|20:50] C:\ProgramData\FaxCtr
[18/12/2006|22:19] C:\ProgramData\Google
[18/12/2006|22:32] C:\ProgramData\Hewlett-Packard
[12/09/2007|21:24] C:\ProgramData\HP
[18/12/2006|21:48] C:\ProgramData\InstallShield
[29/07/2008|21:42] C:\ProgramData\Link Less Each
[28/08/2008|11:47] C:\ProgramData\Malwarebytes
[09/11/2006|20:14] C:\ProgramData\Menu D‚marrer
[22/01/2008|19:23] C:\ProgramData\Messenger Plus!
[23/08/2008|15:15] C:\ProgramData\Microsoft
[09/11/2006|20:14] C:\ProgramData\ModŠles
[12/02/2008|11:50] C:\ProgramData\PC Suite
[15/08/2008|21:49] C:\ProgramData\Roxio
[08/08/2008|16:45] C:\ProgramData\services
[29/07/2008|21:42] C:\ProgramData\Settings tray loud.jy3hdy3
[08/08/2008|16:39] C:\ProgramData\SoftLand Ltd
[07/02/2008|19:41] C:\ProgramData\Sonic
[18/06/2008|17:51] C:\ProgramData\Sony
[08/06/2008|16:04] C:\ProgramData\SPL7FEC.tmp
[02/11/2006|14:59] C:\ProgramData\Start Menu
[06/10/2007|18:52] C:\ProgramData\Symantec
[27/08/2008|19:50] C:\ProgramData\TEMP
[02/11/2006|14:59] C:\ProgramData\Templates

--------------------\\ Listing des dossiers dans C:\Program Files

[18/12/2006|22:15] C:\Program Files\Adobe
[06/10/2007|18:45] C:\Program Files\Alwil Software
[18/06/2008|17:41] C:\Program Files\Apple Software Update
[22/01/2008|21:50] C:\Program Files\BitComet
[28/08/2008|11:46] C:\Program Files\CCleaner
[29/07/2008|21:41] C:\Program Files\Circle Developement
[15/08/2008|21:50] C:\Program Files\Common Files
[18/12/2006|21:37] C:\Program Files\CONEXANT
[10/07/2008|10:19] C:\Program Files\desktop.ini
[15/03/2008|21:19] C:\Program Files\directx
[10/08/2008|11:30] C:\Program Files\EoRezo
[09/11/2006|20:14] C:\Program Files\Fichiers communs [c:\Program Files\Common Files]
[06/10/2007|18:28] C:\Program Files\Google
[18/12/2006|22:29] C:\Program Files\Hewlett-Packard
[18/12/2006|22:18] C:\Program Files\HP
[13/06/2008|22:42] C:\Program Files\InstallShield Installation Information
[14/08/2008|16:38] C:\Program Files\Internet Explorer
[15/08/2008|20:05] C:\Program Files\ItsLabel
[18/12/2006|22:32] C:\Program Files\Java
[09/01/2008|20:51] C:\Program Files\Lexmark 2400 Series
[09/01/2008|20:50] C:\Program Files\Lexmark Fax Solutions
[09/01/2008|21:07] C:\Program Files\Lexmark Toolbar
[09/01/2008|21:04] C:\Program Files\lx_cats
[28/08/2008|11:47] C:\Program Files\Malwarebytes' Anti-Malware
[22/01/2008|19:21] C:\Program Files\Messenger Plus! Live
[31/07/2008|14:15] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[18/12/2006|22:10] C:\Program Files\Microsoft Office
[14/08/2008|11:04] C:\Program Files\Microsoft Works
[23/08/2008|16:41] C:\Program Files\Movie Maker
[02/11/2006|14:35] C:\Program Files\MSBuild
[02/11/2006|14:35] C:\Program Files\MSN
[29/07/2008|21:41] C:\Program Files\MSN Messenger
[06/10/2007|18:12] C:\Program Files\MSXML 4.0
[12/06/2008|17:59] C:\Program Files\Orange
[12/02/2008|11:44] C:\Program Files\PC Connectivity Solution
[18/06/2008|17:45] C:\Program Files\QuickTime
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[18/12/2006|21:58] C:\Program Files\Roxio
[12/06/2008|17:51] C:\Program Files\SAGEM
[12/06/2008|17:50] C:\Program Files\Securitoo
[18/12/2006|22:21] C:\Program Files\Services en ligne
[18/06/2008|17:47] C:\Program Files\Sony
[18/06/2008|17:47] C:\Program Files\Sony Ericsson
[22/08/2008|11:15] C:\Program Files\Spyware Doctor
[18/12/2006|21:37] C:\Program Files\Synaptics
[28/08/2008|11:50] C:\Program Files\Trend Micro
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[29/08/2008|07:34] C:\Program Files\V-Gear BEE
[06/10/2007|18:28] C:\Program Files\Windows Calendar
[02/11/2006|14:40] C:\Program Files\Windows Collaboration
[06/10/2007|18:28] C:\Program Files\Windows Defender
[22/01/2008|19:21] C:\Program Files\Windows Live
[14/08/2008|16:38] C:\Program Files\Windows Mail
[22/01/2008|20:47] C:\Program Files\Windows Media Player
[09/11/2006|20:14] C:\Program Files\Windows NT
[02/11/2006|14:40] C:\Program Files\Windows Photo Gallery
[23/01/2008|23:57] C:\Program Files\Windows Sidebar

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[18/12/2006|22:15] C:\Program Files\Common Files\Adobe
[10/06/2008|20:10] C:\Program Files\Common Files\France Telecom
[18/12/2006|22:14] C:\Program Files\Common Files\InstallShield
[18/06/2008|17:39] C:\Program Files\Common Files\microsoft shared
[15/08/2008|21:54] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[18/12/2006|21:58] C:\Program Files\Common Files\SureThing Shared
[15/03/2008|21:16] C:\Program Files\Common Files\SWF Studio
[06/10/2007|19:00] C:\Program Files\Common Files\Symantec Shared
[06/10/2007|18:28] C:\Program Files\Common Files\System

--------------------\\ Process

( 52 Processus )

iexplore.exe ~ [PID:2344]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\buildmovemove.4be1n
C:\ProgramData\buildmovemove.5mk70
C:\ProgramData\buildmovemove.z2t24
C:\ProgramData\buildmovemove.dc8vo2
C:\ProgramData\buildmovemove.qe2u1d
C:\ProgramData\buildmovemove.uoacyi
C:\ProgramData\Settings tray loud.jy3hdy3

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Admin Inter 1 Mags
C:\Users\linepow\AppData\Local\Temp\msgpl_afce.tmp
C:\Program Files\Circle Developement
C:\Users\linepow\AppData\Roaming\MICROS~1\Windows\Cookies\linepow@advertising[1].txt
C:\Users\linepow\AppData\Roaming\MICROS~1\Windows\Cookies\linepow@adopt.euroclick[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmenSite"="\"C:\\ProgramData\\buildmovemove.dc8vo2\""
"1 mags 16 more"="\"C:\\ProgramData\\Settings tray loud.jy3hdy3\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 07:43:06
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 21

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\PROGRA~2\SoftLand Ltd

Aucune autre infection trouvée !

[F:3569][D:310]-> C:\Users\linepow\AppData\Local\Temp
[F:2782][D:1]-> C:\Users\linepow\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1901][D:9]-> C:\Users\linepow\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:2]-> C:\$Recycle.Bin

--------------------\\ Fin du rapport a 7:45:55
[ UAC => 1 ]

Vous me demandiez si j'avais installé le programme Erosero la réponse est non comme je vous l'ai expliqué c'est un pc que l'on me prète pour les cours de ma fille mais apparemment il a été entre d'autres mains et infecté et mon amie ne savait pas comment le réparé.

Autre chose je n'ai pas trouvé les programmes :

Cid help
Circle Developement
Adverts
Le sponsor de MSN Plus!

J'ai désactivé UAC

Merci

no.ppp

Posté le 29/08/2008 à 09:26

Petit astucien

997 Messages

Bonjour nanou65,

Beaucoup se plaignent d'Eorezo, à toi de voir si tu souhaites qu'on le désinstalle.

--------------------\\ Fin du rapport a 7:45:55
[ UAC => 1 ]

Lop SD a réactivé l'UAC, je vais te demander le de désactiver à nouveau, les outils pourraient ne pas fonctionner correctement sinon.

C:\PROGRA~2\SoftLand Ltd

Un outil nommé SDFix aurait pu nous aider ici, mais il n'est pas compatible Vista, nous allons donc faire autrement.

Commençons par ce qu'a trouvé Lop S&D.

Relance LopS&D
Choisis l'option 2
Copie/colle le rapport (C:\lopR.txt)

Télécharge et installe MalwareByte's
Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour" : si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.

Ne jamais redémarrer en mode sans échec via MSConfig

Redémarre en Mode Sans Échec
Lance une analyse complète.
A la fin du scan, clique sur "Afficher les résultats" > "Supprimer la sélection" ou "Remove Selected"
Copie/colle le rapport final.

Aide en images

Supprime ce dossier : C:\Program Files\Circle Developement

Modifié par no.ppp le 29/08/2008 09:28

nanou65

Posté le 30/08/2008 à 07:24

Petite astucienne

34 Messages

Bonjour,

C'est quoi ce programme Eorezo ? S'il ne sert à rien on le désinstalle.

Merci bon j'attaque la suite.

nanou65

Posté le 30/08/2008 à 07:37

Petite astucienne

34 Messages

Coucou voilà la suite raport "lop S§D"

--------------------\\ Lop S&D 4.2.3-6 XP/Vista

"C:\Lop SD" ( MAJ : 27-08-2008|22:40 )
Option : [2] ( 30/08/2008| 7:31 )

[ UAC => 0 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\linepow\AppData\Local\Temp\msgpl_afce.tmp
Supprime! - C:\Users\linepow\AppData\Roaming\MICROS~1\Windows\Cookies\linepow@advertising[1].txt
Supprime! - C:\Users\linepow\AppData\Roaming\MICROS~1\Windows\Cookies\linepow@adopt.euroclick[2].txt
Supprime! - C:\ProgramData\buildmovemove.4be1n
Supprime! - C:\ProgramData\buildmovemove.5mk70
Supprime! - C:\ProgramData\buildmovemove.z2t24
Supprime! - C:\ProgramData\buildmovemove.dc8vo2
Supprime! - C:\ProgramData\buildmovemove.qe2u1d
Supprime! - C:\ProgramData\buildmovemove.uoacyi
Supprime! - C:\ProgramData\Settings tray loud.jy3hdy3
Supprime! - C:\ProgramData\Admin Inter 1 Mags
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[22/01/2008|15:10] C:\Users\linepow\AppData\Local\Adobe
[18/06/2008|17:41] C:\Users\linepow\AppData\Local\Apple
[08/07/2008|13:22] C:\Users\linepow\AppData\Local\Apple Computer
[11/09/2007|19:17] C:\Users\linepow\AppData\Local\Application Data
[13/06/2008|22:42] C:\Users\linepow\AppData\Local\Asobo Studio
[11/09/2007|19:27] C:\Users\linepow\AppData\Local\AtStart.txt
[22/07/2008|16:50] C:\Users\linepow\AppData\Local\d3d9caps.dat
[30/07/2008|19:57] C:\Users\linepow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[11/09/2007|19:27] C:\Users\linepow\AppData\Local\DSwitch.txt
[16/08/2008|10:11] C:\Users\linepow\AppData\Local\GDIPFONTCACHEV1.DAT
[11/09/2007|23:41] C:\Users\linepow\AppData\Local\Google
[11/09/2007|19:17] C:\Users\linepow\AppData\Local\Historique
[30/08/2008|07:25] C:\Users\linepow\AppData\Local\IconCache.db
[22/01/2008|20:35] C:\Users\linepow\AppData\Local\Magentic
[23/08/2008|15:15] C:\Users\linepow\AppData\Local\Microsoft
[12/09/2007|13:03] C:\Users\linepow\AppData\Local\Microsoft Games
[11/09/2007|19:27] C:\Users\linepow\AppData\Local\QSwitch.txt
[09/04/2008|11:44] C:\Users\linepow\AppData\Local\QuickPlay
[18/06/2008|17:49] C:\Users\linepow\AppData\Local\Sony
[30/08/2008|07:31] C:\Users\linepow\AppData\Local\Temp
[11/09/2007|19:17] C:\Users\linepow\AppData\Local\Temporary Internet Files
[03/10/2007|11:10] C:\Users\linepow\AppData\Local\VirtualStore
[30/07/2008|22:07] C:\Users\linepow\AppData\Local\WindowsUpdate

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[29/08/2008 07:20][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{2A785B6A-FDDC-4F01-83EB-D552C93143CC}.job
[30/08/2008 07:27][--ah-----] C:\Windows\tasks\SA.DAT
[30/08/2008 07:26][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[18/12/2006|22:16] C:\ProgramData\Adobe
[18/06/2008|17:41] C:\ProgramData\Apple
[18/06/2008|17:44] C:\ProgramData\Apple Computer
[02/11/2006|14:59] C:\ProgramData\Application Data
[09/11/2006|20:14] C:\ProgramData\Bureau
[18/12/2006|22:15] C:\ProgramData\CyberLink
[02/11/2006|14:59] C:\ProgramData\Desktop
[02/11/2006|14:59] C:\ProgramData\Documents
[02/07/2008|15:52] C:\ProgramData\Downloaded Installations
[22/01/2008|11:37] C:\ProgramData\DVD Shrink
[09/11/2006|20:14] C:\ProgramData\Favoris
[02/11/2006|14:59] C:\ProgramData\Favorites
[09/01/2008|20:50] C:\ProgramData\FaxCtr
[18/12/2006|22:19] C:\ProgramData\Google
[18/12/2006|22:32] C:\ProgramData\Hewlett-Packard
[12/09/2007|21:24] C:\ProgramData\HP
[18/12/2006|21:48] C:\ProgramData\InstallShield
[29/07/2008|21:42] C:\ProgramData\Link Less Each
[28/08/2008|11:47] C:\ProgramData\Malwarebytes
[09/11/2006|20:14] C:\ProgramData\Menu D‚marrer
[22/01/2008|19:23] C:\ProgramData\Messenger Plus!
[23/08/2008|15:15] C:\ProgramData\Microsoft
[09/11/2006|20:14] C:\ProgramData\ModŠles
[12/02/2008|11:50] C:\ProgramData\PC Suite
[15/08/2008|21:49] C:\ProgramData\Roxio
[08/08/2008|16:45] C:\ProgramData\services
[08/08/2008|16:39] C:\ProgramData\SoftLand Ltd
[07/02/2008|19:41] C:\ProgramData\Sonic
[18/06/2008|17:51] C:\ProgramData\Sony
[08/06/2008|16:04] C:\ProgramData\SPL7FEC.tmp
[02/11/2006|14:59] C:\ProgramData\Start Menu
[06/10/2007|18:52] C:\ProgramData\Symantec
[27/08/2008|19:50] C:\ProgramData\TEMP
[02/11/2006|14:59] C:\ProgramData\Templates

--------------------\\ Listing des dossiers dans C:\Program Files

[18/12/2006|22:15] C:\Program Files\Adobe
[06/10/2007|18:45] C:\Program Files\Alwil Software
[18/06/2008|17:41] C:\Program Files\Apple Software Update
[22/01/2008|21:50] C:\Program Files\BitComet
[28/08/2008|11:46] C:\Program Files\CCleaner
[15/08/2008|21:50] C:\Program Files\Common Files
[18/12/2006|21:37] C:\Program Files\CONEXANT
[10/07/2008|10:19] C:\Program Files\desktop.ini
[15/03/2008|21:19] C:\Program Files\directx
[10/08/2008|11:30] C:\Program Files\EoRezo
[09/11/2006|20:14] C:\Program Files\Fichiers communs [c:\Program Files\Common Files]
[06/10/2007|18:28] C:\Program Files\Google
[18/12/2006|22:29] C:\Program Files\Hewlett-Packard
[18/12/2006|22:18] C:\Program Files\HP
[13/06/2008|22:42] C:\Program Files\InstallShield Installation Information
[14/08/2008|16:38] C:\Program Files\Internet Explorer
[15/08/2008|20:05] C:\Program Files\ItsLabel
[18/12/2006|22:32] C:\Program Files\Java
[09/01/2008|20:51] C:\Program Files\Lexmark 2400 Series
[09/01/2008|20:50] C:\Program Files\Lexmark Fax Solutions
[09/01/2008|21:07] C:\Program Files\Lexmark Toolbar
[09/01/2008|21:04] C:\Program Files\lx_cats
[28/08/2008|11:47] C:\Program Files\Malwarebytes' Anti-Malware
[22/01/2008|19:21] C:\Program Files\Messenger Plus! Live
[31/07/2008|14:15] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[18/12/2006|22:10] C:\Program Files\Microsoft Office
[14/08/2008|11:04] C:\Program Files\Microsoft Works
[23/08/2008|16:41] C:\Program Files\Movie Maker
[02/11/2006|14:35] C:\Program Files\MSBuild
[02/11/2006|14:35] C:\Program Files\MSN
[29/07/2008|21:41] C:\Program Files\MSN Messenger
[06/10/2007|18:12] C:\Program Files\MSXML 4.0
[12/06/2008|17:59] C:\Program Files\Orange
[12/02/2008|11:44] C:\Program Files\PC Connectivity Solution
[18/06/2008|17:45] C:\Program Files\QuickTime
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[18/12/2006|21:58] C:\Program Files\Roxio
[12/06/2008|17:51] C:\Program Files\SAGEM
[12/06/2008|17:50] C:\Program Files\Securitoo
[18/12/2006|22:21] C:\Program Files\Services en ligne
[18/06/2008|17:47] C:\Program Files\Sony
[18/06/2008|17:47] C:\Program Files\Sony Ericsson
[22/08/2008|11:15] C:\Program Files\Spyware Doctor
[18/12/2006|21:37] C:\Program Files\Synaptics
[28/08/2008|11:50] C:\Program Files\Trend Micro
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[29/08/2008|07:34] C:\Program Files\V-Gear BEE
[06/10/2007|18:28] C:\Program Files\Windows Calendar
[02/11/2006|14:40] C:\Program Files\Windows Collaboration
[06/10/2007|18:28] C:\Program Files\Windows Defender
[22/01/2008|19:21] C:\Program Files\Windows Live
[14/08/2008|16:38] C:\Program Files\Windows Mail
[22/01/2008|20:47] C:\Program Files\Windows Media Player
[09/11/2006|20:14] C:\Program Files\Windows NT
[02/11/2006|14:40] C:\Program Files\Windows Photo Gallery
[23/01/2008|23:57] C:\Program Files\Windows Sidebar

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

--------------------\\ Process

( 55 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 07:31:21
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 21

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\PROGRA~2\SoftLand Ltd

Aucune autre infection trouvée !

[F:3569][D:310]-> C:\Users\linepow\AppData\Local\Temp
[F:2790][D:1]-> C:\Users\linepow\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2566][D:9]-> C:\Users\linepow\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:11][D:2]-> C:\$Recycle.Bin

--------------------\\ Fin du rapport a 7:34:55
[ UAC => 1 ]

Bon courage

nanou65

Posté le 30/08/2008 à 08:51

Petite astucienne

34 Messages

Voici la suite Malwarebytes :

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1097
Windows 6.0.6000

08:49:43 30/08/2008
mbam-log-08-30-2008 (08-49-43).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 134190
Temps écoulé: 58 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 43

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\SoftLand Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\ProgramData\SoftLand Ltd (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\BASE (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\DELETED (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\SAVED (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\BASE\vbase.bak (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\BASE\vbase.dat (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080808164030924.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080808175435053.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080809072218508.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080809195150443.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080810102000532.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080810163009224.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080811105433787.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080811151328734.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080811200859363.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080812094000230.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080812133134599.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080813105425394.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080813110219497.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080813151804470.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080813201714571.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080814105729443.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080814174033728.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080814175117108.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080814192257188.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080815094111598.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080815121430089.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080815193617865.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080815212900618.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080816101000035.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080817105929654.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080818103306689.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080818201247950.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080819161526321.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080819164048095.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080820093800691.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080820170337256.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080821093450891.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080821124749765.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080822110401563.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080823150934187.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080823154848223.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080823163527698.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080823165018487.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080827154123874.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080827185810731.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080828095432490.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

nanou65

Posté le 30/08/2008 à 09:11

Petite astucienne

34 Messages

Encore moi

Bon je ne trouve pas c:/ progam files / circle developement

enfin même pas program files en passant par l'explorer bizarre ?

Est-ce dû a vista est-il dans un sous dossier ?

J'ai fait par "rechercher" et rien !!!!!

Bon courage

no.ppp

Posté le 30/08/2008 à 09:54

Petit astucien

997 Messages

Bonjour nanou65,

Eorezo, c'est des petits gadgets.

Normal que tu ne le trouves pas, Lop S&D l'a supprimé

Télécharge DirLook (de jpshortstuff )

Clique-droit sur DirLook.exe > Exécuter en tant qu'administrateur pour le lancer.
Assure-toi que Show Hidden Files et BBCode Ouput soient tous les deux cochés.
Copie le contenu de la boîte ci-dessous dans le champ texte principal :

C:\ProgramData\services
Clique sur le bouton DirLook pour lancer l'examen.
Quand il est terminé, une fenêtre du Bloc-notes s'ouvre avec le résultat du scan. Merci de poster ce rapport dans ta prochaine réponse. (Note : Le rapport peut aussi être trouvé dans C:\dl_log.txt)

Note : Il se peut que l'examen prenne plus de temps pour les gros répertoires.

nanou65

Posté le 31/08/2008 à 08:07

Petite astucienne

34 Messages

Bonjour voici le résultat de Dirlook :

apparemmment fichier introuvable

DirLook.exe by jpshortstuff
Log created at 8:03:42 on 31/08/2008

==============================

Contents of "C:\ProgramData\services" (inc. hidden/system files/folders)

[color=blue]---FOLDERS---[/color]

[color=blue]---FILES---[/color]

==============================

[color=blue]=EOF=[/color]

A bientôt

no.ppp

Posté le 31/08/2008 à 09:27

Petit astucien

997 Messages

Bonjour nanou65,

Poste un nouveau HijackThis que l'on voit un peu où on en est.

nanou65

Posté le 01/09/2008 à 08:17

Petite astucienne

34 Messages

Bonjour,

Ce matin j'ai voulu faire un rapport "hijackthis" mais j'ai un message : for some reason your system denied write access to the hosts files.........

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:42, on 28/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

--
End of file - 8319 bytes
Merci bon courage

nanou65

Posté le 01/09/2008 à 08:36

Petite astucienne

34 Messages

Comme le message me paraissait bizzarre j'aai refait HijackThis en le reinstallant et voici le rapport je n'ai comparé poour voir si c'est le même que précédemment :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:33:19, on 01/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [etMonitor] C:\Windows\etMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: GigaTribe.lnk = F:\PROGRAMS FILE\GigaTribe\gigatribe.exe
O4 - Startup: RocketDock.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BEE Service.lnk = C:\Program Files\V-Gear BEE\VBService.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9ABCEAF-E568-4164-BBC1-AE00C6481B91}: NameServer = 192.168.1.1
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8337 bytes
A plus tard.

no.ppp

Posté le 01/09/2008 à 09:21

Petit astucien

997 Messages

Bonjour nanou65,

Que fait-on alors pour eoRezo ?

Tu as des restes de Norton. L'as-tu désinstallé via le petit utilitaire fait pour ? http://www.pcastuces.com/newsletter/adj/1630.htm

BitDefender
Fais un scan en ligne Bitdefender
Une fois sur le site clique sur le bouton BitDefender Scan Online > < inclued picture > http://www.bitdefender.fr/files/Main/img/scanonline.jpg" />
Vois la démo de Balltrap34 si tu n'y arrives pas
Copie/colle le rapport final.

Aide en images :
http://forum.pcastuces.com/bitdefender_online_scanner___tutoriel-f31s2.htm

Modifié par no.ppp le 01/09/2008 09:21

nanou65

Posté le 02/09/2008 à 08:05

Petite astucienne

34 Messages

Bonjour petit astucien

On désinstalle Eorezo pas de problème.

nanou65

Posté le 02/09/2008 à 08:23

Petite astucienne

34 Messages

Je n'arrive pas à defaire le reste de norton quand je passe par le lien que tu m'as donné il me dit que c'est expiré.

Bon j'attaque le scan a+