> Tous les forumsSécurité

 Probleme de navigationSujet résolu
Statut du sujet : RESOLU Imprimer
 marlene13014
  Posté le 24/05/2008 @ 11:58  
 Petite astucienne

14 Messages

Bjr je c pas si je suis au bon endroit ms est ce que kelk1 pourais m aider depuis px avec Internet Explorer g plein de page de type CID qui souvre et avec Firefox je suis obliger de deconecter eMule pour pouvoir naviger sans probleme les page mettes 3jrs pour s ouvrire . G poste un raport HijackThis si kelk1 px m aider c sympa merci a tous

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:51, on 24/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\LED\LedWallpaper\LedWallpaper.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [axis web cake second] C:\Documents and Settings\All Users.WINDOWS\Application Data\Book Slow Axis Web\audio test.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WayAbout] C:\DOCUME~1\Admin\APPLIC~1\BALMRE~1\Vc Start Media.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: LedWallpaper.lnk = C:\Program Files\LED\LedWallpaper\LedWallpaper.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208452364343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208514407390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

--
End of file - 11787 bytes
 Afficher le profil de marlene13014 Envoyer un message privé à marlene13014
 
 
Publicité
 philae  Posté le 24/05/2008 à 17:38  
  Groupe Sécurité


36393 Messages

bonjour,

* Télécharge LOP S&D d'Eric71

* Double-clique dessus pour lancer l'installation.
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
* Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
* Patiente jusqu'à la fin du scan.
* Poste le rapport généré (situé aussi ici C:\lopR.txt )

( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )¨

Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Revenir en haut de la page
 marlene13014  Posté le 24/05/2008 à 19:36  
Petite astucienne

14 Messages

je te remerci voila le resultat du scan Lop S&D merci pour ton aide


-----------------------[ Lop S&D 4.2.0-9 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 3 ]
[ USER : Admin ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 24/05/2008 | 19:24:25,12 ] [ PC : XPSP2-55D7041F3 ]
[ MAJ : 16-05-2008 | 23:35 ]

-------------[ Listing des dossiers dans Application Data ]------------

[03/05/2008|11:00] C:\DOCUME~1\Admin\APPLIC~1\{C24DFA19-7930-41E9-870E-4D19512E909C}
[19/05/2008|15:57] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[17/04/2008|23:20] C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
[18/05/2008|11:21] C:\DOCUME~1\Admin\APPLIC~1\ATI
[10/05/2008|11:46] C:\DOCUME~1\Admin\APPLIC~1\BalmReadmeMemo
[19/04/2008|16:07] C:\DOCUME~1\Admin\APPLIC~1\CamfrogWEB
[18/05/2008|10:44] C:\DOCUME~1\Admin\APPLIC~1\Dealio
[17/04/2008|20:43] C:\DOCUME~1\Admin\APPLIC~1\desktop.ini
[18/05/2008|11:19] C:\DOCUME~1\Admin\APPLIC~1\DigitalPersona
[21/05/2008|11:45] C:\DOCUME~1\Admin\APPLIC~1\DMCache
[11/05/2008|11:55] C:\DOCUME~1\Admin\APPLIC~1\GlarySoft
[25/04/2008|09:08] C:\DOCUME~1\Admin\APPLIC~1\HP
[11/05/2008|11:52] C:\DOCUME~1\Admin\APPLIC~1\ma-config.com
[18/05/2008|14:57] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[24/05/2008|13:15] C:\DOCUME~1\Admin\APPLIC~1\Malwarebytes
[21/04/2008|14:19] C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic
[17/04/2008|23:26] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[17/04/2008|22:51] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[18/04/2008|17:47] C:\DOCUME~1\Admin\APPLIC~1\Nero
[18/05/2008|10:44] C:\DOCUME~1\Admin\APPLIC~1\Search Settings
[03/05/2008|12:05] C:\DOCUME~1\Admin\APPLIC~1\Sun
[19/04/2008|11:11] C:\DOCUME~1\Admin\APPLIC~1\TuneUp Software
[23/04/2008|10:59] C:\DOCUME~1\Admin\APPLIC~1\vlc
[21/05/2008|09:49] C:\DOCUME~1\Admin\APPLIC~1\WinRAR

[17/04/2008|20:43] C:\DOCUME~1\ADMINI~1.XPS\APPLIC~1\desktop.ini
[24/05/2008|13:28] C:\DOCUME~1\ADMINI~1.XPS\APPLIC~1\Malwarebytes
[18/05/2008|09:17] C:\DOCUME~1\ADMINI~1.XPS\APPLIC~1\Microsoft


[08/04/2008|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/04/2008|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[08/04/2008|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[07/04/2008|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Messenger 6.2.0205
[07/04/2008|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[08/04/2008|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/04/2008|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[12/05/2008|11:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\118300.34
[18/04/2008|18:10] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
[17/04/2008|23:19] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
[17/04/2008|23:20] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
[19/04/2008|17:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ATI
[27/04/2008|13:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Bluetooth
[10/05/2008|11:45] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Book Slow Axis Web
[17/04/2008|20:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\desktop.ini
[24/05/2008|07:20] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
[24/04/2008|18:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\HP
[25/04/2008|19:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\hpzinstall.log
[26/04/2008|16:54] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\IM
[26/04/2008|16:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\IncrediMail
[10/05/2008|19:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
[24/05/2008|13:15] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
[26/04/2008|20:08] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
[18/04/2008|17:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero
[22/05/2008|14:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\sandra.ldb
[22/04/2008|17:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\sandra.mda
[22/05/2008|15:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
[18/05/2008|10:21] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Trend Micro
[19/04/2008|11:11] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TuneUp Software
[17/04/2008|19:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
[20/04/2008|08:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WinZip
[26/04/2008|20:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller
[21/05/2008|11:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\xml24.tmp
[21/05/2008|11:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\xml25.tmp
[21/05/2008|11:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\xml26.tmp
[21/05/2008|11:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\xml27.tmp

[07/04/2008|22:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[07/04/2008|21:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[17/04/2008|20:43] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\desktop.ini
[18/05/2008|09:17] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft

[17/04/2008|18:55] C:\DOCUME~1\LOCALS~1.000\APPLIC~1\Microsoft

[17/04/2008|18:55] C:\DOCUME~1\NETWOR~1.000\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[24/05/2008 13:53][--a------] C:\WINDOWS\tasks\GlaryInitialize.job
[24/05/2008 19:00][--ah-----] C:\WINDOWS\tasks\A8DD6CCD9186E1BD.job
[27/04/2008 12:39][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[24/05/2008 19:00][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[23/05/2008 08:46][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[24/05/2008 13:52][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 18:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini

A8DD6CCD9186E1BD.job <--> c:\docume~1\admin\applic~1\balmre~1\Doeserrorlite.exe

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[11/04/2008|06:44] C:\Program Files\Adobe
[23/04/2008|14:21] C:\Program Files\adslTV
[11/05/2008|11:52] C:\Program Files\Ahead
[07/04/2008|22:39] C:\Program Files\Alwil Software
[20/04/2008|12:41] C:\Program Files\AMD
[19/04/2008|18:15] C:\Program Files\Apple Software Update
[09/04/2008|10:57] C:\Program Files\ATI Technologies
[09/04/2008|08:47] C:\Program Files\Auslogics
[24/05/2008|10:29] C:\Program Files\AxBx
[10/05/2008|11:47] C:\Program Files\BitDownload
[20/05/2008|22:50] C:\Program Files\BitTorrent Fastest Tool
[07/04/2008|21:47] C:\Program Files\BitTorrent++
[08/04/2008|23:00] C:\Program Files\Bonjour
[08/04/2008|10:36] C:\Program Files\Broadcom
[18/04/2008|17:59] C:\Program Files\CCleaner
[19/04/2008|16:07] C:\Program Files\CFWebAdvancedU
[08/04/2008|10:11] C:\Program Files\COMPAQ
[09/04/2008|13:33] C:\Program Files\Dealio
[08/04/2008|16:42] C:\Program Files\DIFX
[07/04/2008|22:29] C:\Program Files\DigitalPersona
[11/05/2008|11:52] C:\Program Files\DivX
[12/04/2008|10:56] C:\Program Files\Driver Magician
[07/04/2008|21:50] C:\Program Files\D-Tools
[24/05/2008|16:59] C:\Program Files\eMule
[11/05/2008|11:52] C:\Program Files\Fichiers communs
[11/04/2008|11:14] C:\Program Files\filehippo.com
[07/04/2008|21:48] C:\Program Files\FlashFXP
[07/04/2008|22:36] C:\Program Files\Free
[09/04/2008|13:31] C:\Program Files\Free Audio Pack
[09/04/2008|13:30] C:\Program Files\Free Easy Burner
[11/05/2008|11:44] C:\Program Files\Glary Utilities
[11/05/2008|11:54] C:\Program Files\Google
[24/04/2008|18:28] C:\Program Files\Hewlett-Packard
[24/04/2008|18:35] C:\Program Files\HP
[08/04/2008|10:16] C:\Program Files\HP USB Smart Card Keyboard
[26/04/2008|16:52] C:\Program Files\IncrediMail
[12/05/2008|11:05] C:\Program Files\InstallShield Installation Information
[08/04/2008|10:10] C:\Program Files\Intel Desktop Board
[17/04/2008|20:16] C:\Program Files\Internet Explorer
[08/04/2008|23:00] C:\Program Files\iPod
[08/04/2008|23:00] C:\Program Files\iTunes
[27/04/2008|13:28] C:\Program Files\IVT Corporation
[27/04/2008|15:05] C:\Program Files\Java
[17/04/2008|23:00] C:\Program Files\K-Lite Codec Pack
[08/04/2008|10:09] C:\Program Files\Lavalys
[27/04/2008|10:17] C:\Program Files\LED
[20/04/2008|12:28] C:\Program Files\ma-config.com
[24/05/2008|13:15] C:\Program Files\Malwarebytes' Anti-Malware
[17/05/2008|15:21] C:\Program Files\Messenger
[07/04/2008|21:50] C:\Program Files\MessengerPlus! 3
[08/04/2008|23:03] C:\Program Files\microsoft frontpage
[27/04/2008|12:37] C:\Program Files\Microsoft IntelliPoint
[27/04/2008|12:48] C:\Program Files\Microsoft IntelliType Pro
[26/04/2008|15:04] C:\Program Files\Microsoft Office
[22/05/2008|15:33] C:\Program Files\Microsoft Silverlight
[17/05/2008|15:20] C:\Program Files\movie maker
[24/05/2008|19:21] C:\Program Files\Mozilla Firefox
[19/04/2008|16:06] C:\Program Files\MSBuild
[26/04/2008|15:04] C:\Program Files\MSECache
[17/05/2008|15:20] C:\Program Files\msn
[17/04/2008|18:56] C:\Program Files\msn gaming zone
[09/04/2008|15:19] C:\Program Files\MSXML 6.0
[11/04/2008|11:15] C:\Program Files\My Drivers
[09/04/2008|17:09] C:\Program Files\Nero
[17/05/2008|15:13] C:\Program Files\NetMeeting
[03/05/2008|12:57] C:\Program Files\olibul
[17/05/2008|15:13] C:\Program Files\Outlook Express
[12/05/2008|10:50] C:\Program Files\Panda Security
[11/05/2008|11:52] C:\Program Files\PC Wizard 2008
[07/04/2008|21:52] C:\Program Files\Peer2Mail
[11/05/2008|11:52] C:\Program Files\QuickTime
[11/05/2008|11:52] C:\Program Files\Realtek
[20/04/2008|14:54] C:\Program Files\Realtek AC97
[19/04/2008|16:01] C:\Program Files\Reference Assemblies
[09/04/2008|13:33] C:\Program Files\Search Settings
[07/04/2008|21:42] C:\Program Files\Services en ligne
[21/05/2008|11:57] C:\Program Files\SiSoftware
[22/05/2008|17:07] C:\Program Files\Spybot - Search & Destroy
[12/05/2008|12:26] C:\Program Files\Spyware Doctor
[08/04/2008|23:21] C:\Program Files\TGTSoft
[14/05/2008|10:56] C:\Program Files\torrent_search
[24/05/2008|11:32] C:\Program Files\Trend Micro
[11/05/2008|11:54] C:\Program Files\TuneUp Utilities 2008
[26/04/2008|16:32] C:\Program Files\Tweak-XP Pro 4
[07/04/2008|21:58] C:\Program Files\Uninstall Information
[27/04/2008|14:33] C:\Program Files\Vimicro
[03/05/2008|11:01] C:\Program Files\VIRTUELSOFT
[10/05/2008|13:02] C:\Program Files\Web Hottest Videos Personal Player
[08/04/2008|10:20] C:\Program Files\WIDCOMM
[11/05/2008|11:52] C:\Program Files\Winamp
[11/04/2008|11:50] C:\Program Files\Winamp Remote
[11/04/2008|11:50] C:\Program Files\Winamp Toolbar
[08/04/2008|16:58] C:\Program Files\Windows Live
[18/05/2008|10:21] C:\Program Files\Windows Media Player
[17/05/2008|15:13] C:\Program Files\Windows NT
[07/04/2008|21:42] C:\Program Files\WindowsUpdate
[12/05/2008|15:42] C:\Program Files\WinRAR
[20/04/2008|08:50] C:\Program Files\WinZip
[08/04/2008|23:03] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[11/04/2008|06:44] C:\Program Files\Fichiers communs\Adobe
[07/04/2008|21:51] C:\Program Files\Fichiers communs\Ahead
[08/04/2008|22:59] C:\Program Files\Fichiers communs\Apple
[24/04/2008|18:24] C:\Program Files\Fichiers communs\Hewlett-Packard
[24/04/2008|19:00] C:\Program Files\Fichiers communs\HP
[27/04/2008|14:33] C:\Program Files\Fichiers communs\InstallShield
[09/04/2008|14:53] C:\Program Files\Fichiers communs\Java
[26/04/2008|15:04] C:\Program Files\Fichiers communs\Microsoft Shared
[07/04/2008|21:42] C:\Program Files\Fichiers communs\MSSoap
[09/04/2008|17:10] C:\Program Files\Fichiers communs\Nero
[17/04/2008|18:52] C:\Program Files\Fichiers communs\Services
[08/04/2008|23:03] C:\Program Files\Fichiers communs\speechengines
[17/05/2008|15:12] C:\Program Files\Fichiers communs\System
[11/05/2008|11:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[12/05/2008|12:18] C:\Program Files\Fichiers communs\Wise Installation Wizard

---------------------------[ Process ]--------------------------

... 64

iexplore.exe ~ [2936]
iexplore.exe ~ [3044]

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\Admin\APPLIC~1\BALMRE~1
C:\DOCUME~1\Admin\APPLIC~1\BALMRE~1\Does error lite.exe
C:\DOCUME~1\Admin\APPLIC~1\BALMRE~1\Vc Start Media.exe
C:\DOCUME~1\Admin\APPLIC~1\BALMRE~1\yrvlioqc.exe

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Book Slow Axis Web
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Book Slow Axis Web\audio test.exe
C:\DOCUME~1\Admin\APPLIC~1\balmre~1
C:\DOCUME~1\Admin\APPLIC~1\balmre~1\Does error lite.exe
C:\DOCUME~1\Admin\APPLIC~1\balmre~1\Vc Start Media.exe
C:\DOCUME~1\Admin\APPLIC~1\balmre~1\yrvlioqc.exe
C:\Program Files\Bitdownload
C:\Program Files\Bitdownload\session.store
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe
C:\Program Files\BitTorrent Fastest Tool\BitP.exe
C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
C:\Program Files\BitTorrent Fastest Tool\torrent_search.exe
C:\WINDOWS\Tasks\A8DD6CCD9186E1BD.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Meta drive axis]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Admin\\APPLIC~1\\BALMRE~1\\Vc Start Media.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WayAbout"="C:\\DOCUME~1\\Admin\\APPLIC~1\\BALMRE~1\\Vc Start Media.exe"
"WayAbout"="C:\\DOCUME~1\\Admin\\APPLIC~1\\BALMRE~1\\Vc Start Media.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"axis web cake second"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Book Slow Axis Web\\audio test.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 19:26:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\WINDOWS\system32\config\systemprofile\Favoris\Cracks - Serials
=> C:\Documents and Settings\Admin\Mes documents\Keygen
=> C:\Documents and Settings\Admin\Mes documents\Keygen\KeyMaker.exe
=> C:\Documents and Settings\Admin\Mes documents\Nouveau dossier\Avast.Antivirus.Pro.v4.8.1169.FR.Incl-Keygen.[emule-island.com].rar
=> C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw


[F:40][D:2]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:2][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:2][D:0]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 19:27:01,12 ]----------------------

Afficher le profil de marlene13014 Voir la configuration de marlene13014Envoyer un message privé à marlene13014
 Revenir en haut de la page
 philae  Posté le 24/05/2008 à 19:39  
  Groupe Sécurité


36393 Messages

re

on continue la manip

* Relance LOP S&D d'Eric71
* Choisis cette fois ci l'Option 2 ( Suppression )
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (situé aussi ici C:\lopR.txt )

( Si le Bureau ne réapparaît pas , lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

reposte ensuite un nouveau rapport HijackThis

ps : je serais là après diner

bon appétit

Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Revenir en haut de la page
 marlene13014  Posté le 24/05/2008 à 20:30  
Petite astucienne

14 Messages

voila les deux raport merci pour ton aide

bon appetit toi aussi merci


-----------------------[ Lop S&D 4.2.0-9 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 3 ]
[ USER : Admin ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 24/05/2008 | 20:18:34,78 ] [ PC : XPSP2-55D7041F3 ]
[ MAJ : 16-05-2008 | 23:35 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprimé! - C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Book Slow Axis Web\audio test.exe
Supprimé! - C:\DOCUME~1\Admin\APPLIC~1\balmre~1\Does error lite.exe
Supprimé! - C:\DOCUME~1\Admin\APPLIC~1\balmre~1\Vc Start Media.exe
Supprimé! - C:\DOCUME~1\Admin\APPLIC~1\balmre~1\yrvlioqc.exe
Supprimé! - C:\Program Files\Bitdownload\session.store
Supprimé! - C:\Program Files\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe
Supprimé! - C:\Program Files\BitTorrent Fastest Tool\BitP.exe
Supprimé! - C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
Supprimé! - C:\Program Files\BitTorrent Fastest Tool\torrent_search.exe
Supprimé! - C:\WINDOWS\Tasks\A8DD6CCD9186E1BD.job
Supprimé! - C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Book Slow Axis Web
Supprimé! - C:\DOCUME~1\Admin\APPLIC~1\balmre~1
Supprimé! - C:\Program Files\Bitdownload
Supprimé! - C:\Program Files\BitTorrent Fastest Tool
Restauré! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

[03/05/2008|11:00] C:\DOCUME~1\Admin\APPLIC~1\{C24DFA19-7930-41E9-870E-4D19512E909C}
[19/05/2008|15:57] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[17/04/2008|23:20] C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
[18/05/2008|11:21] C:\DOCUME~1\Admin\APPLIC~1\ATI
[19/04/2008|16:07] C:\DOCUME~1\Admin\APPLIC~1\CamfrogWEB
[18/05/2008|10:44] C:\DOCUME~1\Admin\APPLIC~1\Dealio
[17/04/2008|20:43] C:\DOCUME~1\Admin\APPLIC~1\desktop.ini
[18/05/2008|11:19] C:\DOCUME~1\Admin\APPLIC~1\DigitalPersona
[21/05/2008|11:45] C:\DOCUME~1\Admin\APPLIC~1\DMCache
[11/05/2008|11:55] C:\DOCUME~1\Admin\APPLIC~1\GlarySoft
[25/04/2008|09:08] C:\DOCUME~1\Admin\APPLIC~1\HP
[11/05/2008|11:52] C:\DOCUME~1\Admin\APPLIC~1\ma-config.com
[18/05/2008|14:57] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[24/05/2008|13:15] C:\DOCUME~1\Admin\APPLIC~1\Malwarebytes
[21/04/2008|14:19] C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic
[17/04/2008|23:26] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[17/04/2008|22:51] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[18/04/2008|17:47] C:\DOCUME~1\Admin\APPLIC~1\Nero
[18/05/2008|10:44] C:\DOCUME~1\Admin\APPLIC~1\Search Settings
[03/05/2008|12:05] C:\DOCUME~1\Admin\APPLIC~1\Sun
[19/04/2008|11:11] C:\DOCUME~1\Admin\APPLIC~1\TuneUp Software
[23/04/2008|10:59] C:\DOCUME~1\Admin\APPLIC~1\vlc
[21/05/2008|09:49] C:\DOCUME~1\Admin\APPLIC~1\WinRAR

[17/04/2008|20:43] C:\DOCUME~1\ADMINI~1.XPS\APPLIC~1\desktop.ini
[24/05/2008|13:28] C:\DOCUME~1\ADMINI~1.XPS\APPLIC~1\Malwarebytes
[18/05/2008|09:17] C:\DOCUME~1\ADMINI~1.XPS\APPLIC~1\Microsoft


[08/04/2008|14:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/04/2008|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[08/04/2008|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[07/04/2008|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Messenger 6.2.0205
[07/04/2008|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[08/04/2008|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/04/2008|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[12/05/2008|11:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\118300.34
[18/04/2008|18:10] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
[17/04/2008|23:19] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
[17/04/2008|23:20] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
[19/04/2008|17:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ATI
[27/04/2008|13:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Bluetooth
[17/04/2008|20:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\desktop.ini
[24/05/2008|07:20] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
[24/04/2008|18:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\HP
[25/04/2008|19:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\hpzinstall.log
[26/04/2008|16:54] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\IM
[26/04/2008|16:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\IncrediMail
[10/05/2008|19:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
[24/05/2008|13:15] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
[26/04/2008|20:08] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
[18/04/2008|17:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero
[22/05/2008|14:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\sandra.ldb
[22/04/2008|17:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\sandra.mda
[22/05/2008|15:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
[18/05/2008|10:21] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Trend Micro
[19/04/2008|11:11] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TuneUp Software
[17/04/2008|19:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
[20/04/2008|08:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WinZip
[26/04/2008|20:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller
[21/05/2008|11:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\xml24.tmp
[21/05/2008|11:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\xml25.tmp
[21/05/2008|11:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\xml26.tmp
[21/05/2008|11:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\xml27.tmp

[07/04/2008|22:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[07/04/2008|21:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[17/04/2008|20:43] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\desktop.ini
[18/05/2008|09:17] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft

[17/04/2008|18:55] C:\DOCUME~1\LOCALS~1.000\APPLIC~1\Microsoft

[17/04/2008|18:55] C:\DOCUME~1\NETWOR~1.000\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[24/05/2008 13:53][--a------] C:\WINDOWS\tasks\GlaryInitialize.job
[27/04/2008 12:39][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[24/05/2008 20:00][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[23/05/2008 08:46][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[24/05/2008 13:52][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 18:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[11/04/2008|06:44] C:\Program Files\Adobe
[23/04/2008|14:21] C:\Program Files\adslTV
[11/05/2008|11:52] C:\Program Files\Ahead
[07/04/2008|22:39] C:\Program Files\Alwil Software
[20/04/2008|12:41] C:\Program Files\AMD
[19/04/2008|18:15] C:\Program Files\Apple Software Update
[09/04/2008|10:57] C:\Program Files\ATI Technologies
[09/04/2008|08:47] C:\Program Files\Auslogics
[24/05/2008|10:29] C:\Program Files\AxBx
[07/04/2008|21:47] C:\Program Files\BitTorrent++
[08/04/2008|23:00] C:\Program Files\Bonjour
[08/04/2008|10:36] C:\Program Files\Broadcom
[18/04/2008|17:59] C:\Program Files\CCleaner
[19/04/2008|16:07] C:\Program Files\CFWebAdvancedU
[08/04/2008|10:11] C:\Program Files\COMPAQ
[09/04/2008|13:33] C:\Program Files\Dealio
[08/04/2008|16:42] C:\Program Files\DIFX
[07/04/2008|22:29] C:\Program Files\DigitalPersona
[11/05/2008|11:52] C:\Program Files\DivX
[12/04/2008|10:56] C:\Program Files\Driver Magician
[07/04/2008|21:50] C:\Program Files\D-Tools
[24/05/2008|19:28] C:\Program Files\eMule
[11/05/2008|11:52] C:\Program Files\Fichiers communs
[11/04/2008|11:14] C:\Program Files\filehippo.com
[07/04/2008|21:48] C:\Program Files\FlashFXP
[07/04/2008|22:36] C:\Program Files\Free
[09/04/2008|13:31] C:\Program Files\Free Audio Pack
[09/04/2008|13:30] C:\Program Files\Free Easy Burner
[11/05/2008|11:44] C:\Program Files\Glary Utilities
[11/05/2008|11:54] C:\Program Files\Google
[24/04/2008|18:28] C:\Program Files\Hewlett-Packard
[24/04/2008|18:35] C:\Program Files\HP
[08/04/2008|10:16] C:\Program Files\HP USB Smart Card Keyboard
[26/04/2008|16:52] C:\Program Files\IncrediMail
[12/05/2008|11:05] C:\Program Files\InstallShield Installation Information
[08/04/2008|10:10] C:\Program Files\Intel Desktop Board
[17/04/2008|20:16] C:\Program Files\Internet Explorer
[08/04/2008|23:00] C:\Program Files\iPod
[08/04/2008|23:00] C:\Program Files\iTunes
[27/04/2008|13:28] C:\Program Files\IVT Corporation
[27/04/2008|15:05] C:\Program Files\Java
[17/04/2008|23:00] C:\Program Files\K-Lite Codec Pack
[08/04/2008|10:09] C:\Program Files\Lavalys
[27/04/2008|10:17] C:\Program Files\LED
[20/04/2008|12:28] C:\Program Files\ma-config.com
[24/05/2008|13:15] C:\Program Files\Malwarebytes' Anti-Malware
[17/05/2008|15:21] C:\Program Files\Messenger
[07/04/2008|21:50] C:\Program Files\MessengerPlus! 3
[08/04/2008|23:03] C:\Program Files\microsoft frontpage
[27/04/2008|12:37] C:\Program Files\Microsoft IntelliPoint
[27/04/2008|12:48] C:\Program Files\Microsoft IntelliType Pro
[26/04/2008|15:04] C:\Program Files\Microsoft Office
[22/05/2008|15:33] C:\Program Files\Microsoft Silverlight
[17/05/2008|15:20] C:\Program Files\movie maker
[24/05/2008|20:13] C:\Program Files\Mozilla Firefox
[19/04/2008|16:06] C:\Program Files\MSBuild
[26/04/2008|15:04] C:\Program Files\MSECache
[17/05/2008|15:20] C:\Program Files\msn
[17/04/2008|18:56] C:\Program Files\msn gaming zone
[09/04/2008|15:19] C:\Program Files\MSXML 6.0
[11/04/2008|11:15] C:\Program Files\My Drivers
[09/04/2008|17:09] C:\Program Files\Nero
[17/05/2008|15:13] C:\Program Files\NetMeeting
[03/05/2008|12:57] C:\Program Files\olibul
[17/05/2008|15:13] C:\Program Files\Outlook Express
[12/05/2008|10:50] C:\Program Files\Panda Security
[11/05/2008|11:52] C:\Program Files\PC Wizard 2008
[07/04/2008|21:52] C:\Program Files\Peer2Mail
[11/05/2008|11:52] C:\Program Files\QuickTime
[11/05/2008|11:52] C:\Program Files\Realtek
[20/04/2008|14:54] C:\Program Files\Realtek AC97
[19/04/2008|16:01] C:\Program Files\Reference Assemblies
[09/04/2008|13:33] C:\Program Files\Search Settings
[07/04/2008|21:42] C:\Program Files\Services en ligne
[21/05/2008|11:57] C:\Program Files\SiSoftware
[22/05/2008|17:07] C:\Program Files\Spybot - Search & Destroy
[12/05/2008|12:26] C:\Program Files\Spyware Doctor
[08/04/2008|23:21] C:\Program Files\TGTSoft
[14/05/2008|10:56] C:\Program Files\torrent_search
[24/05/2008|11:32] C:\Program Files\Trend Micro
[11/05/2008|11:54] C:\Program Files\TuneUp Utilities 2008
[26/04/2008|16:32] C:\Program Files\Tweak-XP Pro 4
[07/04/2008|21:58] C:\Program Files\Uninstall Information
[27/04/2008|14:33] C:\Program Files\Vimicro
[03/05/2008|11:01] C:\Program Files\VIRTUELSOFT
[10/05/2008|13:02] C:\Program Files\Web Hottest Videos Personal Player
[08/04/2008|10:20] C:\Program Files\WIDCOMM
[11/05/2008|11:52] C:\Program Files\Winamp
[11/04/2008|11:50] C:\Program Files\Winamp Remote
[11/04/2008|11:50] C:\Program Files\Winamp Toolbar
[08/04/2008|16:58] C:\Program Files\Windows Live
[18/05/2008|10:21] C:\Program Files\Windows Media Player
[17/05/2008|15:13] C:\Program Files\Windows NT
[07/04/2008|21:42] C:\Program Files\WindowsUpdate
[12/05/2008|15:42] C:\Program Files\WinRAR
[20/04/2008|08:50] C:\Program Files\WinZip
[08/04/2008|23:03] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[11/04/2008|06:44] C:\Program Files\Fichiers communs\Adobe
[07/04/2008|21:51] C:\Program Files\Fichiers communs\Ahead
[08/04/2008|22:59] C:\Program Files\Fichiers communs\Apple
[24/04/2008|18:24] C:\Program Files\Fichiers communs\Hewlett-Packard
[24/04/2008|19:00] C:\Program Files\Fichiers communs\HP
[27/04/2008|14:33] C:\Program Files\Fichiers communs\InstallShield
[09/04/2008|14:53] C:\Program Files\Fichiers communs\Java
[26/04/2008|15:04] C:\Program Files\Fichiers communs\Microsoft Shared
[07/04/2008|21:42] C:\Program Files\Fichiers communs\MSSoap
[09/04/2008|17:10] C:\Program Files\Fichiers communs\Nero
[17/04/2008|18:52] C:\Program Files\Fichiers communs\Services
[08/04/2008|23:03] C:\Program Files\Fichiers communs\speechengines
[17/05/2008|15:12] C:\Program Files\Fichiers communs\System
[11/05/2008|11:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[12/05/2008|12:18] C:\Program Files\Fichiers communs\Wise Installation Wizard

---------------------------[ Process ]--------------------------

... 62

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 20:20:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\WINDOWS\system32\config\systemprofile\Favoris\Cracks - Serials
=> C:\Documents and Settings\Admin\Mes documents\Keygen
=> C:\Documents and Settings\Admin\Mes documents\Keygen\KeyMaker.exe
=> C:\Documents and Settings\Admin\Mes documents\Nouveau dossier\Avast.Antivirus.Pro.v4.8.1169.FR.Incl-Keygen.[emule-island.com].rar
=> C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw


[F:44][D:3]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:19][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:567][D:4]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 20:20:56,20 ]----------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:05, on 24/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\LED\LedWallpaper\LedWallpaper.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: LedWallpaper.lnk = C:\Program Files\LED\LedWallpaper\LedWallpaper.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208452364343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208514407390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

--
End of file - 11346 bytes

Merci @+

Afficher le profil de marlene13014 Voir la configuration de marlene13014Envoyer un message privé à marlene13014
 Revenir en haut de la page
 philae  Posté le 24/05/2008 à 20:40  
  Groupe Sécurité


36393 Messages

re

ok parfait,

maintenant :

* lance HijackThis puis coche ces lignes :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime-------------inutile au démarrage

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" -------itou

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe----itou
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" -----itou

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"----------itou

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020------------inutile au démarrage

O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

* ferme toutes les applications ouvertes et clique sur "fix checked"

ensuite

* fait un scan antivirus en ligne bitdefender

http://forum.pcastuces.com/bitdefender_online_scanner___tutoriel-f31s2.htm

poste le rapport généré ici ensuite

Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Revenir en haut de la page
 marlene13014  Posté le 24/05/2008 à 20:42  
Petite astucienne

14 Messages

Re ce soir je serais peut etre pas la car vie de famille oblige avec les enfant ms demain je reprendrais la suite

encore merci pour t conseille

@+ ou a demain

Afficher le profil de marlene13014 Voir la configuration de marlene13014Envoyer un message privé à marlene13014
 Revenir en haut de la page
 marlene13014  Posté le 25/05/2008 à 08:54  
Petite astucienne

14 Messages

Bonjour voila le rapport de BitDefender

BitDefender Online Scanner

Rapport d'analyse généré à: Sun, May 25, 2008 - 08:44:17

Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;

Statistiques

Temps

00:25:22

Fichiers

80778

Directoires

7780

Secteurs de boot

2

Archives

1436

Paquets programmes

6692

Résultats

Virus identifiés

2

Fichiers infectés

2

Fichiers suspects

0

Avertissements

0

Désinfectés

0

Fichiers effacés

3

Info sur les moteurs

Définition virus

1234113

Version des moteurs

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins

16

Archive des plugins

42

Unpack des plugins

7

E-mail plugins

6

Système plugins

5

Paramètres d'analyse

Première action

Désinfecté

Seconde Action

Supprimé

Heuristique

Oui

Acceptez les avertissements

Oui

Extensions analysées

exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d'emails

Oui

Analyse des Archives

Oui

Analyser paquets programmes

Oui

Analyse des fichiers

Oui

Analyse de boot

Oui

Fichier analysé

Statut

C:\Lop SD\Backup-Lop\F\BitDownload-4.5-setup.exe=>(Instyler o)=>(Instyler Module 10)

Infecté par: Trojan.Swizzor.WB

C:\Lop SD\Backup-Lop\F\BitDownload-4.5-setup.exe=>(Instyler o)=>(Instyler Module 10)

Supprimé

C:\Lop SD\Backup-Lop\F\BitDownload-4.5-setup.exe=>(Instyler o)

Echec de la mise à jour

C:\Program Files\AxBx\PC Security Test 2008\test_vir.dat=>(Quarantine-PE)

Détecté avec: Application.VTesttool.C

C:\Program Files\AxBx\PC Security Test 2008\test_vir.dat=>(Quarantine-PE)

Supprimé

@+

Afficher le profil de marlene13014 Voir la configuration de marlene13014Envoyer un message privé à marlene13014
 Revenir en haut de la page
 philae  Posté le 25/05/2008 à 13:45  
  Groupe Sécurité


36393 Messages

bonjour,

OK. as tu encore des soucis ?

Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Revenir en haut de la page
 marlene13014  Posté le 25/05/2008 à 13:52  
Petite astucienne

14 Messages

re oui c tjr pareil les page de navigation mette 3jrs pour souvrir si je laisse eMule connecter ms o niveaux des pages CID sa a l air bon .

si tu px me donner un coup de main au niveau de ma navigation sa serait bien je te remerci

Afficher le profil de marlene13014 Voir la configuration de marlene13014Envoyer un message privé à marlene13014
 Revenir en haut de la page
 philae  Posté le 25/05/2008 à 13:54  
  Groupe Sécurité


36393 Messages

bonjour,

ne compte pas sur moi pour t'aider concernant eMule. Franchement comment veux tu ne pas être infectée.....

vire déjà ce qui pose problème. et fait un scan antivirus en ligne

http://forum.pcastuces.com/kaspersky_online_scanner___tutoriel-f31s10.htm

poste le rapport ici ensuite


--------------------[ Recherche d'autres infections ]---------------------

=> C:\WINDOWS\system32\config\systemprofile\Favoris\Cracks - Serials
=> C:\Documents and Settings\Admin\Mes documents\Keygen
=> C:\Documents and Settings\Admin\Mes documents\Keygen\KeyMaker.exe
=> C:\Documents and Settings\Admin\Mes documents\Nouveau dossier\Avast.Antivirus.Pro.v4.8.1169.FR.Incl-Keygen.[emule-island.com].rar
=> C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw

Afficher le profil de philae Voir la configuration de philaeEnvoyer un message privé à philae
 Revenir en haut de la page
 marlene13014  Posté le 30/05/2008 à 15:44  
Petite astucienne

14 Messages

Bonjour et desole pour tous se temp ms je n ai pas eu le temps de m en occuper

voila le resultat du scan de Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, May 29, 2008 9:38:40 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 29/05/2008
Enregistrements dans la base antivirus Kaspersky : 723584
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\

Statistiques de l'analyse:
Total d'objets analysés: 66529
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 02:31:31

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\y69sunk9.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\y69sunk9.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\y69sunk9.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\y69sunk9.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\y69sunk9.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\y69sunk9.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\y69sunk9.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Ahead\Nero Home\is2.db L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\omtv13@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\omtv13@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\omtv13@hotmail.com\SharingMetadata\Working\database_F248_CAF4_48CA_B69F\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\omtv13@hotmail.com\SharingMetadata\Working\database_F248_CAF4_48CA_B69F\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\omtv13@hotmail.com\SharingMetadata\Working\database_F248_CAF4_48CA_B69F\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\omtv13@hotmail.com\SharingMetadata\Working\database_F248_CAF4_48CA_B69F\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\omtv13@hotmail.com\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\omtv13@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\y69sunk9.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\y69sunk9.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\y69sunk9.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\y69sunk9.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Historique\History.IE5\MSHist012008052920080530\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Temp\fla5E9.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Temp\Perflib_Perfdata_a60.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Temp\~DF7D8A.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Temp\~DF7DA3.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Temp\~DF99CC.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Temp\~DF99FD.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Temp\~DFF886.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Admin\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df980354bc0eeee3929137b647908f22_c9b30c92-68c4-4446-a99e-b929bc5df0e6 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd9c32a909255d8f882cbe41021c2670_43192217-6f06-450d-8a83-4d823e2b2972 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.000\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.000\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Temp\Perflib_Perfdata_6a0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT