Votre question

Infection iexplore.exe

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Décembre 2008 16:39:15

Voila comme je l'ai vu sur d'autres post, j'ai un pc sous XP qui a plusieurs processus iexplore qui boufent la ressource.

Voici le rapport HiJackThis comme le veut la coutume.

En attendant vos instructions. Merci d'avance.

Info: je ne parvien pas à virer Mcafee, la desinstallation a échoué.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:31, on 09/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\martine\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [the bone download 1] C:\Documents and Settings\All Users\Application Data\axis wait the bone\One Face.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [iso first] C:\DOCUME~1\martine\APPLIC~1\TYPEFI~1\ExtraHtmMp3.exe
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://www.cyber-infos.net/files/OnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/j...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1739C0B9-B88D-44F5-9F06-D711390C875A}: NameServer = 10.0.0.100,10.0.0.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{1739C0B9-B88D-44F5-9F06-D711390C875A}: NameServer = 10.0.0.100,10.0.0.101
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - (no file)
O20 - AppInit_DLLs: owospc.dll qwmbmy.dll
O20 - Winlogon Notify: reset5e - reset5e.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor (mbackmonitor) - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service (mcafee siteadvisor service) - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 12304 bytes

Autres pages sur : infection iexplore exe

a c 296 8 Sécurité
a b 9 Windows
9 Décembre 2008 16:53:19

Salut,

Ton PC est bien infecté.

  • Télécharge Lop S&D sur ton Bureau.
  • Double-clique dessus pour lancer l'installation.
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
  • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) .
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré (C:\lopR.txt).
    12 Décembre 2008 01:14:11

    ok,

    Merci de ton aide,

    Je fais ça demain et je poste le rapport.

    Contenus similaires
    16 Décembre 2008 10:19:21


    voici le rapport:


    --------------------\\ Lop S&D 4.2.4-9c XP/Vista


    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 16/12/2008|10:11 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [15/11/2004|13:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [15/11/2004|13:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
    [09/12/2008|12:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
    [15/11/2004|13:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [15/11/2004|13:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
    [15/11/2004|13:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
    [05/12/2008|15:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
    [15/11/2004|13:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

    [01/10/2006|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [27/09/2007|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [18/08/2008|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [11/01/2007|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [22/10/2008|03:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone
    [24/03/2006|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
    [15/11/2004|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [09/12/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [29/08/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
    [29/08/2008|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
    [09/12/2008|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [09/12/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    [31/03/2007|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
    [18/07/2005|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [23/01/2006|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [19/11/2004|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    [27/07/2007|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NurbBibRdrCurb
    [27/12/2006|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
    [21/08/2007|18:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PROGRAM MAPI 1 AXIS
    [15/11/2004|13:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [15/11/2004|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [10/12/2004|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
    [11/11/2008|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
    [28/09/2007|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [28/09/2007|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [02/07/2006|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
    [15/11/2004|13:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [02/07/2006|22:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [18/12/2006|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [18/02/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [15/11/2004|13:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [15/11/2004|13:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
    [15/11/2004|13:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [15/11/2004|13:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
    [15/11/2004|13:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
    [15/11/2004|13:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [17/02/2007|10:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
    [27/09/2005|05:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
    [21/07/2005|08:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
    [17/02/2007|10:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [11/11/2008|20:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore


    [13/12/2007|19:18] C:\DOCUME~1\martine\APPLIC~1\Adobe
    [06/11/2007|17:14] C:\DOCUME~1\martine\APPLIC~1\AdobeUM
    [03/03/2007|15:41] C:\DOCUME~1\martine\APPLIC~1\Apple Computer
    [15/05/2005|13:48] C:\DOCUME~1\martine\APPLIC~1\Canon
    [30/01/2007|18:08] C:\DOCUME~1\martine\APPLIC~1\Creative
    [24/09/2005|22:21] C:\DOCUME~1\martine\APPLIC~1\CyberLink
    [12/11/2006|11:03] C:\DOCUME~1\martine\APPLIC~1\Google
    [22/08/2006|09:19] C:\DOCUME~1\martine\APPLIC~1\Help
    [15/11/2004|13:08] C:\DOCUME~1\martine\APPLIC~1\Identities
    [11/06/2008|18:18] C:\DOCUME~1\martine\APPLIC~1\InstallShield
    [15/11/2004|13:37] C:\DOCUME~1\martine\APPLIC~1\Jasc Software Inc
    [08/08/2005|09:29] C:\DOCUME~1\martine\APPLIC~1\Leadertech
    [27/02/2005|18:53] C:\DOCUME~1\martine\APPLIC~1\Macromedia
    [09/12/2008|12:19] C:\DOCUME~1\martine\APPLIC~1\Malwarebytes
    [13/01/2007|13:06] C:\DOCUME~1\martine\APPLIC~1\Microsoft
    [10/04/2007|16:02] C:\DOCUME~1\martine\APPLIC~1\Mozilla
    [21/06/2008|10:55] C:\DOCUME~1\martine\APPLIC~1\MSN6
    [11/04/2008|13:22] C:\DOCUME~1\martine\APPLIC~1\OD2
    [08/08/2005|09:29] C:\DOCUME~1\martine\APPLIC~1\Sonic
    [28/09/2007|17:20] C:\DOCUME~1\martine\APPLIC~1\Sphinx
    [15/11/2004|13:32] C:\DOCUME~1\martine\APPLIC~1\Sun
    [12/10/2008|12:59] C:\DOCUME~1\martine\APPLIC~1\Template
    [08/11/2008|11:49] C:\DOCUME~1\martine\APPLIC~1\type film window
    [05/12/2008|15:56] C:\DOCUME~1\martine\APPLIC~1\U3
    [15/11/2004|13:40] C:\DOCUME~1\martine\APPLIC~1\You've Got Pictures Screensaver

    [15/11/2004|13:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [12/01/2007|20:48] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver



    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [09/12/2008 16:00][--ah-----] C:\WINDOWS\tasks\A53D880C93FE38EC.job
    [21/08/2008 20:51][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [20/11/2004 19:30][--a------] C:\WINDOWS\tasks\Rappel d'abonnement 1 auprŠs de l'ISP.job
    [16/12/2008 10:01][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [30/08/2002 08:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

    ( A53D880C93FE38EC.job )=( c:\docume~1\martine\applic~1\typefi~1\Bintoolvc.exe )

    --------------------\\ Listing des dossiers dans C:\Program Files

    [27/09/2007|17:46] C:\Program Files\Adobe
    [28/09/2007|19:54] C:\Program Files\Advanced Messenger Plus
    [12/10/2007|18:44] C:\Program Files\Adverts
    [21/12/2005|14:02] C:\Program Files\Ahead
    [18/08/2008|15:22] C:\Program Files\Apple Software Update
    [16/11/2005|16:12] C:\Program Files\ArcSoft
    [08/08/2008|12:29] C:\Program Files\Avanquest update
    [18/08/2008|15:24] C:\Program Files\Bonjour
    [20/11/2004|16:11] C:\Program Files\Canon
    [09/12/2008|15:34] C:\Program Files\CCleaner
    [10/10/2008|16:35] C:\Program Files\Circle Developement
    [08/08/2008|12:26] C:\Program Files\Common Files
    [30/06/2006|18:16] C:\Program Files\Control Kids
    [11/06/2008|16:55] C:\Program Files\Controle Parental
    [27/12/2006|19:10] C:\Program Files\Creative
    [15/11/2004|13:37] C:\Program Files\CyberLink
    [15/11/2004|13:37] C:\Program Files\Dell
    [21/12/2004|17:22] C:\Program Files\Dell 720
    [15/11/2004|13:37] C:\Program Files\Dell Computer
    [03/11/2008|21:46] C:\Program Files\Fichiers communs
    [09/12/2008|14:50] C:\Program Files\Google
    [13/05/2005|17:39] C:\Program Files\Guitar Pro 4 Demo
    [16/11/2005|16:11] C:\Program Files\HP
    [29/08/2008|18:19] C:\Program Files\IncrediMail
    [08/08/2008|12:26] C:\Program Files\InstallShield Installation Information
    [15/11/2004|13:37] C:\Program Files\Intel
    [22/08/2008|20:27] C:\Program Files\Internet Explorer
    [22/08/2008|16:51] C:\Program Files\iPod
    [22/08/2008|16:51] C:\Program Files\iTunes
    [15/11/2004|13:38] C:\Program Files\Jasc Software Inc
    [11/11/2008|21:51] C:\Program Files\Java
    [01/06/2007|18:43] C:\Program Files\Lexmark
    [28/09/2007|20:03] C:\Program Files\Lexmark X74-X75
    [18/05/2005|19:15] C:\Program Files\Logitech
    [29/08/2008|18:31] C:\Program Files\Magentic
    [09/12/2008|12:23] C:\Program Files\Malwarebytes' Anti-Malware
    [09/12/2008|12:46] C:\Program Files\McAfee
    [22/08/2008|20:29] C:\Program Files\Messenger
    [04/09/2008|14:27] C:\Program Files\Messenger Plus! Live
    [13/09/2006|12:56] C:\Program Files\MessengerPlus! 3
    [20/06/2008|18:45] C:\Program Files\Microsoft ActiveSync
    [24/04/2008|20:04] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [10/12/2004|22:27] C:\Program Files\microsoft frontpage
    [10/12/2004|22:28] C:\Program Files\Microsoft Office
    [15/11/2004|13:37] C:\Program Files\Microsoft Works
    [27/09/2007|17:46] C:\Program Files\Modem Helper
    [15/11/2004|13:37] C:\Program Files\Modem On Hold
    [08/08/2008|12:29] C:\Program Files\Motorola Phone Tools
    [22/08/2008|18:26] C:\Program Files\Movie Maker
    [09/12/2008|16:28] C:\Program Files\Mozilla Firefox
    [15/11/2004|13:08] C:\Program Files\MSN
    [15/11/2004|13:08] C:\Program Files\MSN Gaming Zone
    [27/12/2006|19:09] C:\Program Files\Music Manager
    [05/02/2007|13:19] C:\Program Files\Navman
    [22/08/2008|18:23] C:\Program Files\NetMeeting
    [22/08/2008|18:23] C:\Program Files\Outlook Express
    [17/08/2006|11:42] C:\Program Files\PhotoFiltre
    [18/08/2008|15:24] C:\Program Files\QuickTime
    [15/11/2004|13:39] C:\Program Files\Real
    [20/04/2005|16:17] C:\Program Files\RF Logiciels
    [11/06/2008|16:25] C:\Program Files\SAGEM
    [28/09/2007|20:08] C:\Program Files\SAGEM Wi-Fi USB 802.11g
    [04/11/2006|08:46] C:\Program Files\Samsung
    [11/06/2008|16:24] C:\Program Files\Securitoo
    [15/11/2004|13:08] C:\Program Files\Services en ligne
    [10/12/2004|22:27] C:\Program Files\Snapshot Viewer
    [15/11/2004|13:40] C:\Program Files\Sonic
    [11/11/2008|20:13] C:\Program Files\Sun
    [22/10/2008|03:34] C:\Program Files\type film window
    [21/02/2005|16:07] C:\Program Files\Ubisoft
    [30/11/2005|14:59] C:\Program Files\Ulead Systems
    [15/11/2004|13:32] C:\Program Files\Uninstall Information
    [15/11/2004|13:40] C:\Program Files\Viewpoint
    [16/12/2008|10:01] C:\Program Files\Wanadoo
    [19/09/2005|18:09] C:\Program Files\Wanadoo Messager
    [18/02/2008|17:41] C:\Program Files\Windows Live
    [28/09/2007|17:09] C:\Program Files\Windows Live Safety Center
    [27/09/2007|13:05] C:\Program Files\Windows Live Toolbar
    [14/01/2007|13:37] C:\Program Files\Windows Media Connect 2
    [22/08/2008|18:37] C:\Program Files\Windows Media Player
    [22/08/2008|18:23] C:\Program Files\Windows NT
    [15/11/2004|13:08] C:\Program Files\XEROX
    [27/09/2007|13:02] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [01/10/2006|12:52] C:\Program Files\Fichiers communs\Adobe
    [27/09/2007|17:50] C:\Program Files\Fichiers communs\AOL
    [18/08/2008|15:21] C:\Program Files\Fichiers communs\Apple
    [10/12/2004|22:24] C:\Program Files\Fichiers communs\Designer
    [16/04/2005|17:05] C:\Program Files\Fichiers communs\FotoWire
    [16/11/2005|16:08] C:\Program Files\Fichiers communs\HP
    [20/04/2005|16:17] C:\Program Files\Fichiers communs\InstallShield
    [15/11/2004|13:32] C:\Program Files\Fichiers communs\Java
    [16/04/2005|17:03] C:\Program Files\Fichiers communs\Logitech
    [09/12/2008|12:47] C:\Program Files\Fichiers communs\McAfee
    [18/02/2008|17:47] C:\Program Files\Fichiers communs\Microsoft Shared
    [08/08/2008|12:26] C:\Program Files\Fichiers communs\Motorola Shared
    [15/11/2004|13:08] C:\Program Files\Fichiers communs\MSSoap
    [15/11/2004|13:40] C:\Program Files\Fichiers communs\Nullsoft
    [15/11/2004|13:39] C:\Program Files\Fichiers communs\Real
    [15/11/2004|13:08] C:\Program Files\Fichiers communs\Services
    [15/11/2004|13:41] C:\Program Files\Fichiers communs\Sonic
    [15/11/2004|13:08] C:\Program Files\Fichiers communs\SpeechEngines
    [13/10/2006|18:51] C:\Program Files\Fichiers communs\SWF Studio
    [22/08/2008|18:23] C:\Program Files\Fichiers communs\System
    [30/11/2005|15:01] C:\Program Files\Fichiers communs\Ulead Systems
    [27/09/2007|17:46] C:\Program Files\Fichiers communs\Vbox
    [18/02/2008|17:44] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 59 Processes )

    IEXPLORE.EXE ~ [PID:3472]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone\HTM OBJ.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone\name scr.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone\One Cake.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone\One Face.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone\sign browse.exe
    C:\DOCUME~1\martine\APPLIC~1\typefi~1
    C:\DOCUME~1\martine\APPLIC~1\typefi~1\Bin tool vc.exe
    C:\DOCUME~1\martine\APPLIC~1\typefi~1\dwgtbtxp.exe
    C:\DOCUME~1\martine\APPLIC~1\typefi~1\ExtraHtmMp3.exe
    C:\DOCUME~1\martine\APPLIC~1\typefi~1\flrifgif.exe
    C:\DOCUME~1\martine\APPLIC~1\typefi~1\iannzohl.exe
    C:\DOCUME~1\martine\APPLIC~1\typefi~1\qxaymmcf.exe
    C:\DOCUME~1\martine\APPLIC~1\typefi~1\scr slow mode third.exe
    C:\Program Files\typefi~1
    C:\Program Files\Adverts
    C:\Program Files\Circle Developement
    C:\WINDOWS\Tasks\A53D880C93FE38EC.job

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iso first"="C:\\DOCUME~1\\martine\\APPLIC~1\\TYPEFI~1\\ExtraHtmMp3.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "the bone download 1"="C:\\Documents and Settings\\All Users\\Application Data\\axis wait the bone\\One Face.exe"

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts MODIFIE

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    -> 6598 [ 70 ## added by CiD ]

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-16 10:12:31
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 171

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\system32\BacMlnpo.ini
    C:\WINDOWS\system32\BacMlnpo.ini2
    C:\WINDOWS\system32\HiSYaccf.ini
    C:\WINDOWS\system32\HiSYaccf.ini2
    ==> VUNDO <==

    --------------------\\ ROOTKIT !!

    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_tdssserv.sys]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\legacy_tdssserv.sys]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_tdssserv.sys]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv.sys]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv.sys]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv.sys]

    --------------------\\ Suspect ..

    C:\WINDOWS\system32\TDSSmqlt.dat



    [F:15][D:6]-> C:\DOCUME~1\martine\LOCALS~1\Temp
    [F:20][D:0]-> C:\DOCUME~1\martine\Cookies
    [F:405][D:5]-> C:\DOCUME~1\martine\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 16/12/2008|10:13 - Option : [1]

    --------------------\\ Fin du rapport a 10:13:40
    a c 296 8 Sécurité
    a b 9 Windows
    16 Décembre 2008 16:20:37

  • Relance Lop S&D.
  • Choisis cette fois-ci l'option 2 (Suppression).
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt).

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
    19 Décembre 2008 00:11:05

    Merci, ça fonctionne.
    iexplore ne mange plus mes ressources.

    Merci beaucoup pour le coup de main.
    a c 296 8 Sécurité
    a b 9 Windows
    19 Décembre 2008 02:14:32

    La désinfection n'est pas terminée, tu es infecté par le rootkit TDSSServ et par Vundo.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS