Se connecter / S'enregistrer
Votre question

Fenetre vide internet explorer qui s ouvrent toutes seules [Résolu]

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Janvier 2008 12:58:08

Bonjour !!

Voilà j'ai un ptit soucis :
J'ai des fenetres qui s'ouvrent d'internet explorer alors que je ne les demande pas ( je n'ai pas crée de raccourci) et là tout de suite j'ai recu un message de windows me disant que je n'avais pas le droit de télécharger ce type de fichier alors que je ne téléchargeais rien du tout !

Je pense avoir été piratée, je ne vois pas de fichiers bizarres dans mon pc j'ai juste fait un scan avast qui n'a rien détécté.

Les fenetres s ouvrent tres fréquemment et je les soupconne de télécharger des fichiers soit pour que ce soit piraté soit pour bouffer ma mémoire.

J'ai eu un trojan qu avast a mis en quarantaine des réception d un téléchargement que j'ai fait volontairement.

Cordialement,

Gwen

Autres pages sur : fenetre vide internet explorer ouvrent seules resolu

17 Janvier 2008 13:28:28

Je prend de l'avance je vous poste mon rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:43, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\MP3 OPEN.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ROAMLESS] C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy\BuildTray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.fr/startpage/dialup/fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gwenika.spaces.live.com//PhotoUpload/MsnPUpld.ca...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9030 bytes
18 Janvier 2008 13:15:35

Bonjour,

Je n'ai toujours pas de réponses, je précise que j'ai fait un scan navilog qui etait nickel semble t il et que ce sont des pages CID ou des pubs de jeux en ligne !

Contenus similaires
18 Janvier 2008 13:55:41

Bonjour, toujours pas de réponse ?
Voilà le resultat de combo fix :

ComboFix 08-01-18.4 - Compaq_Propriétaire 2008-01-18 13:43:41.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.69 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Mes fichiers reçus\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.

2008-01-18 13:42 . 2008-01-18 13:42 <REP> d-------- C:\Program Files\Lop SD
2008-01-18 13:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 14:23 . 2008-01-17 14:51 <REP> d-------- C:\Program Files\Navilog1
2008-01-17 13:26 . 2008-01-17 13:26 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 12:33 . 2008-01-17 12:33 <REP> d-------- C:\Program Files\GramCopy
2008-01-17 12:31 . 2008-01-17 12:31 106 --a------ C:\WINDOWS\yesmessenger.ini
2008-01-14 23:56 . 2008-01-17 12:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Cast ping base frag
2008-01-14 23:55 . 2008-01-17 12:59 <REP> d-------- C:\Program Files\BitDownload
2008-01-14 23:55 . 2008-01-17 12:34 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GramCopy
2008-01-14 23:43 . 2008-01-14 23:43 <REP> d-------- C:\Program Files\LimeWire
2008-01-14 23:43 . 2008-01-15 00:30 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
2007-12-18 22:49 . 2007-12-18 22:49 <REP> d-------- C:\Documents and Settings\Compaq_Propri‚taire\Bureau

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-17 12:21 --------- d-----w C:\Program Files\Yahoo!
2008-01-17 12:20 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-17 12:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-17 12:00 --------- d-----w C:\Program Files\Google
2008-01-16 18:09 --------- d-----w C:\Program Files\eMule
2007-12-26 11:36 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 11:36 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-23 19:17 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Canon
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-21 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Newsoft
2007-11-21 11:45 --------- d-----w C:\Program Files\Fichiers communs\Digi338
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-01-15 14:34 172 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2006-12-15 07:30 14,364,584 ----a-w C:\Program Files\zlsSetup_65_737_000_fr.exe
2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-09-24 22:04 88 --sh--r C:\WINDOWS\system32\8CB847DAF3.sys
2007-09-24 22:04 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-05-10 12:01 598920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ROAMLESS"="C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy\BuildTray.exe" [2008-01-17 12:33 433152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-25 03:15 1519616 C:\WINDOWS\system32\nwiz.exe]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 02:46 147456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-25 03:15 7311360]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-02 22:59 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-06 15:52 98304]
"Base frag grid bows"="C:\Documents and Settings\All Users\Application Data\Cast ping base frag\MP3 OPEN.exe" [2008-01-18 13:40 1697280]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 22:32:17]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 22:32:17]

C:\Documents and Settings\Fred‚rique\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 22:32:17]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 22:32:17]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-25 03:15 7311360 C:\WINDOWS\system32\NvCpl.dll

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 HSFHWCD2;HSFHWCD2;C:\WINDOWS\system32\DRIVERS\HSFHWCD2.sys [2004-08-10 16:17]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-18 12:00:00 C:\WINDOWS\Tasks\AB6C7745918BF21D.job"
- c:\docume~1\compaq~1\applic~1\gramcopy\Insidemodefrag.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 13:46:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 13:48:34
ComboFix-quarantined-files.txt 2008-01-18 12:48:25
.
2008-01-09 19:12:45 --- E O F ---
18 Janvier 2008 15:13:38

bonjour
n'utilise pas d'outils au hasard, ça peut être dangereux pour ton pc.

Télécharge Lop S&D.zip.
Enregistre-le sur ton Bureau uniquement.
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
* Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
18 Janvier 2008 15:43:36

salut
le lien pour le log est pas valide !!
18 Janvier 2008 16:11:33

j'ai edité
18 Janvier 2008 16:33:20

Merci,
Pendant le scan avast m a dit que j avais un cheval de trois : win 32 inject je l'ai mis en quarantaine voilà le rapport :



-----------------------------[ Lop S&D 2.0.5 ]---------------------------

[ Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

[ USER: Compaq_Propri‚taire ] [ "C:\Program Files\Lop SD" ]

[ 18/01/2008 | 16:30:17,26 ] [ MAMIE ]


-------------[ Listing des dossiers dans Application Data ]------------

[02/01/2006|23:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[02/01/2006|23:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
[02/01/2006|23:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
[02/01/2006|22:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[26/10/2005|23:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[23/11/2004|16:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini

[17/01/2008|14:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[17/01/2008|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[17/01/2008|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[17/01/2008|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
[21/11/2007|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Newsoft
[21/06/2007|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[13/06/2007|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[19/05/2007|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/05/2007|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/04/2007|17:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[31/01/2007|13:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/12/2006|08:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winferno
[18/11/2006|01:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[24/09/2006|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[13/09/2006|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[12/09/2006|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[09/09/2006|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[09/09/2006|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[09/09/2006|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06/09/2006|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[06/09/2006|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[22/08/2006|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[02/01/2006|23:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[02/01/2006|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[02/01/2006|23:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[02/01/2006|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[02/01/2006|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[02/01/2006|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[23/11/2004|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[11/05/2007|12:33] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft
[11/05/2007|12:33] C:\DOCUME~1\APPLIC~1\APPLIC~1\..
[11/05/2007|12:33] C:\DOCUME~1\APPLIC~1\APPLIC~1\.

[17/01/2008|12:59] C:\DOCUME~1\COMPAQ~1\APPLIC~1\..
[17/01/2008|12:59] C:\DOCUME~1\COMPAQ~1\APPLIC~1\.
[17/01/2008|12:34] C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy
[15/01/2008|00:30] C:\DOCUME~1\COMPAQ~1\APPLIC~1\LimeWire
[23/12/2007|20:17] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Canon
[14/11/2007|19:30] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Yahoo!
[26/10/2007|00:26] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Corel
[27/06/2007|14:13] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
[24/06/2007|15:24] C:\DOCUME~1\COMPAQ~1\APPLIC~1\QuickZip45.ini
[21/06/2007|18:19] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Screenshot Sender
[02/06/2007|18:48] C:\DOCUME~1\COMPAQ~1\APPLIC~1\dvdcss
[11/05/2007|12:33] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MySpace
[17/04/2007|17:20] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Microsoft
[08/04/2007|21:40] C:\DOCUME~1\COMPAQ~1\APPLIC~1\HP
[08/04/2007|21:37] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ArcSoft
[29/01/2007|14:30] C:\DOCUME~1\COMPAQ~1\APPLIC~1\BitTorrent
[18/01/2007|15:29] C:\DOCUME~1\COMPAQ~1\APPLIC~1\vlc
[15/01/2007|15:34] C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
[12/01/2007|02:46] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Media Player Classic
[23/12/2006|22:13] C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
[16/12/2006|00:03] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Template
[25/11/2006|15:11] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sonic
[25/11/2006|15:11] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Leadertech
[18/11/2006|01:35] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Google
[13/11/2006|20:15] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Lavasoft
[24/10/2006|18:59] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mozilla
[08/10/2006|20:53] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Help
[07/10/2006|13:18] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Real
[28/09/2006|17:02] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Adobe
[12/09/2006|10:23] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sun
[10/09/2006|20:10] C:\DOCUME~1\COMPAQ~1\APPLIC~1\CyberLink
[08/09/2006|19:25] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MSNInstaller
[06/09/2006|16:05] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ACD Systems
[06/09/2006|09:48] C:\DOCUME~1\COMPAQ~1\APPLIC~1\HPQ
[05/09/2006|19:47] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Macromedia
[22/08/2006|18:32] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ScanSoft
[26/10/2005|23:34] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Identities
[23/11/2004|16:13] C:\DOCUME~1\COMPAQ~1\APPLIC~1\desktop.ini


[02/01/2006|23:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/01/2006|23:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[02/01/2006|23:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[02/01/2006|22:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[26/10/2005|23:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[23/11/2004|16:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[15/08/2007|16:38] C:\DOCUME~1\FREDRI~1\APPLIC~1\Real
[09/07/2007|20:57] C:\DOCUME~1\FREDRI~1\APPLIC~1\Corel
[09/07/2007|20:48] C:\DOCUME~1\FREDRI~1\APPLIC~1\..
[09/07/2007|20:48] C:\DOCUME~1\FREDRI~1\APPLIC~1\.
[08/07/2007|20:02] C:\DOCUME~1\FREDRI~1\APPLIC~1\Grisoft
[08/07/2007|20:01] C:\DOCUME~1\FREDRI~1\APPLIC~1\Microsoft
[25/02/2007|14:05] C:\DOCUME~1\FREDRI~1\APPLIC~1\ArcSoft
[24/02/2007|19:33] C:\DOCUME~1\FREDRI~1\APPLIC~1\CyberLink
[22/02/2007|23:24] C:\DOCUME~1\FREDRI~1\APPLIC~1\Adobe
[03/01/2007|01:54] C:\DOCUME~1\FREDRI~1\APPLIC~1\AdobeUM
[30/12/2006|02:00] C:\DOCUME~1\FREDRI~1\APPLIC~1\ScanSoft
[29/12/2006|14:51] C:\DOCUME~1\FREDRI~1\APPLIC~1\HP
[29/12/2006|14:44] C:\DOCUME~1\FREDRI~1\APPLIC~1\Leadertech
[28/12/2006|14:30] C:\DOCUME~1\FREDRI~1\APPLIC~1\Google
[29/10/2006|17:49] C:\DOCUME~1\FREDRI~1\APPLIC~1\Mozilla
[28/10/2006|10:48] C:\DOCUME~1\FREDRI~1\APPLIC~1\Macromedia
[26/10/2005|23:34] C:\DOCUME~1\FREDRI~1\APPLIC~1\Identities
[23/11/2004|16:13] C:\DOCUME~1\FREDRI~1\APPLIC~1\desktop.ini

[11/05/2007|12:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/01/2006|22:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[02/01/2006|22:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[24/09/2007|21:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[02/01/2006|22:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[02/01/2006|22:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\.

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[18/01/2008 16:00][--ah-----] C:\WINDOWS\tasks\AB6C7745918BF21D.job
[18/01/2008 13:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 12:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[18/01/2008|16:30] C:\Program Files\Lop SD
[18/01/2008|14:28] C:\Program Files\Mozilla Firefox
[18/01/2008|13:42] C:\Program Files\.
[18/01/2008|13:42] C:\Program Files\..
[17/01/2008|14:51] C:\Program Files\Navilog1
[17/01/2008|13:26] C:\Program Files\Trend Micro
[17/01/2008|13:21] C:\Program Files\WinRAR
[17/01/2008|13:21] C:\Program Files\Yahoo!
[17/01/2008|13:20] C:\Program Files\Windows Live Toolbar
[17/01/2008|13:19] C:\Program Files\InstallShield Installation Information
[17/01/2008|13:17] C:\Program Files\Microsoft Office
[17/01/2008|13:04] C:\Program Files\Fichiers communs
[17/01/2008|13:00] C:\Program Files\Google
[17/01/2008|12:59] C:\Program Files\BitDownload
[17/01/2008|12:33] C:\Program Files\GramCopy
[16/01/2008|19:09] C:\Program Files\eMule
[14/01/2008|23:43] C:\Program Files\LimeWire
[26/12/2007|12:36] C:\Program Files\Messenger Plus! Live
[26/12/2007|12:36] C:\Program Files\MSN Messenger
[12/12/2007|23:12] C:\Program Files\Internet Explorer
[26/10/2007|00:26] C:\Program Files\Corel
[25/10/2007|13:19] C:\Program Files\Spybot - Search & Destroy
[24/09/2007|21:31] C:\Program Files\Ubi Soft
[24/08/2007|15:34] C:\Program Files\DivX
[24/06/2007|20:11] C:\Program Files\Wanadoo
[24/06/2007|13:34] C:\Program Files\CCleaner
[14/06/2007|00:45] C:\Program Files\Outlook Express
[14/06/2007|00:38] C:\Program Files\NASA
[06/06/2007|09:42] C:\Program Files\Windows Live
[29/05/2007|13:22] C:\Program Files\WinamaxPoker
[29/05/2007|13:18] C:\Program Files\MSN
[29/05/2007|13:15] C:\Program Files\MySpace
[29/05/2007|13:08] C:\Program Files\MSN Spy 2004
[29/05/2007|13:00] C:\Program Files\EuroPoker
[10/05/2007|02:06] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[13/04/2007|10:57] C:\Program Files\IncrediMail
[10/04/2007|10:22] C:\Program Files\QuickTime
[01/04/2007|12:03] C:\Program Files\Multi_Media
[23/02/2007|21:10] C:\Program Files\Audacity
[08/02/2007|21:43] C:\Program Files\Services en ligne
[07/02/2007|23:06] C:\Program Files\BitTorrent
[02/02/2007|22:37] C:\Program Files\Grisoft
[29/01/2007|17:04] C:\Program Files\Windows Media Player
[21/01/2007|23:03] C:\Program Files\WinAce
[18/01/2007|15:22] C:\Program Files\VideoLAN
[17/01/2007|21:06] C:\Program Files\Windows Media Connect 2
[15/12/2006|08:30] C:\Program Files\zlsSetup_65_737_000_fr.exe
[14/11/2006|23:37] C:\Program Files\MSXML 4.0
[13/11/2006|20:15] C:\Program Files\Lavasoft
[23/10/2006|15:40] C:\Program Files\SAGEM
[23/10/2006|15:29] C:\Program Files\Securitoo
[28/09/2006|17:01] C:\Program Files\Adobe
[12/09/2006|17:50] C:\Program Files\Logitech
[09/09/2006|15:54] C:\Program Files\Alwil Software
[06/09/2006|15:54] C:\Program Files\ACD Systems
[06/09/2006|09:22] C:\Program Files\Messenger
[05/09/2006|19:17] C:\Program Files\CONEXANT
[23/08/2006|14:44] C:\Program Files\AzureBay
[22/08/2006|18:31] C:\Program Files\ScanSoft
[22/08/2006|18:30] C:\Program Files\ArcSoft
[22/08/2006|18:29] C:\Program Files\Canon
[21/08/2006|14:58] C:\Program Files\Microsoft.NET
[21/08/2006|14:58] C:\Program Files\Windows Messaging
[21/08/2006|14:41] C:\Program Files\microsoft frontpage
[02/01/2006|23:26] C:\Program Files\Hewlett-Packard
[02/01/2006|23:02] C:\Program Files\CyberLink
[02/01/2006|23:02] C:\Program Files\HP
[02/01/2006|23:00] C:\Program Files\Sonic
[02/01/2006|22:59] C:\Program Files\Real
[02/01/2006|22:41] C:\Program Files\Java
[26/10/2005|23:37] C:\Program Files\xerox
[26/10/2005|23:36] C:\Program Files\Windows NT
[26/10/2005|23:36] C:\Program Files\NetMeeting
[26/10/2005|23:36] C:\Program Files\Online Services
[26/10/2005|23:36] C:\Program Files\MSN Gaming Zone
[26/10/2005|23:36] C:\Program Files\Movie Maker
[20/10/2005|20:06] C:\Program Files\ComPlus Applications
[20/10/2005|20:06] C:\Program Files\Uninstall Information
[20/10/2005|20:05] C:\Program Files\WindowsUpdate

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[17/01/2008|13:17] C:\Program Files\Fichiers communs\Microsoft Shared
[17/01/2008|13:04] C:\Program Files\Fichiers communs\..
[17/01/2008|13:04] C:\Program Files\Fichiers communs\.
[21/11/2007|12:45] C:\Program Files\Fichiers communs\Digi338
[14/06/2007|00:45] C:\Program Files\Fichiers communs\System
[07/02/2007|23:12] C:\Program Files\Fichiers communs\Adobe
[27/09/2006|17:41] C:\Program Files\Fichiers communs\ScanSoft Shared
[14/09/2006|17:43] C:\Program Files\Fichiers communs\AOL
[12/09/2006|17:51] C:\Program Files\Fichiers communs\Logitech
[12/09/2006|17:50] C:\Program Files\Fichiers communs\InstallShield
[09/09/2006|15:51] C:\Program Files\Fichiers communs\Symantec Shared
[09/09/2006|15:35] C:\Program Files\Fichiers communs\Panda Software
[06/09/2006|15:54] C:\Program Files\Fichiers communs\ACD Systems
[21/08/2006|15:00] C:\Program Files\Fichiers communs\DESIGNER
[02/01/2006|23:00] C:\Program Files\Fichiers communs\TiVo Shared
[02/01/2006|23:00] C:\Program Files\Fichiers communs\SureThing Shared
[02/01/2006|23:00] C:\Program Files\Fichiers communs\Sonic Shared
[02/01/2006|22:59] C:\Program Files\Fichiers communs\xing shared
[02/01/2006|22:59] C:\Program Files\Fichiers communs\Real
[02/01/2006|22:55] C:\Program Files\Fichiers communs\HP
[02/01/2006|22:40] C:\Program Files\Fichiers communs\Java
[26/10/2005|23:35] C:\Program Files\Fichiers communs\SpeechEngines
[26/10/2005|23:35] C:\Program Files\Fichiers communs\Services
[26/10/2005|23:35] C:\Program Files\Fichiers communs\MSSoap
[26/10/2005|23:35] C:\Program Files\Fichiers communs\ODBC

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy
C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy\BuildTray.exe
C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy\Insidemodefrag.exe
C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy\jwndcutw.exe
C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy\sofoaliz.exe

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\Program Files\Bitdownload
C:\Program Files\Multi_Media
C:\Program Files\Multi_Media\INSTALL.LOG
C:\DOCUME~1\COMPAQ~1\Bureau\BitDownload Downloads.lnk
C:\WINDOWS\Tasks\AB6C7745918BF21D.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\forkwmatrans]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\COMPAQ~1\\APPLIC~1\\GramCopy\\BuildTray.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ROAMLESS"="C:\\DOCUME~1\\COMPAQ~1\\APPLIC~1\\GramCopy\\BuildTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts MODIFIE

127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 16:32:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

/!\ [Fich:12][Doss:2] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
/!\ [Fich:8][Doss:4] C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 16:32:18,31 ]----------------------
18 Janvier 2008 16:49:57

re

Relance Lop S&D

  • Choisis cette fois ci l'Option 2 (Suppression)
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    18 Janvier 2008 17:06:48

    Re,

    pendant le scan avast s est déclanclé et a trouvé ca :


    Win32:Inject-EV [Trj]
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cgeuyjyx.dll
    Je l'ai mis en quarantaine mais je l'avais déjà fait ce midi.

    Voila le rapport :



    -----------------------------[ Lop S&D 2.0.5 ]---------------------------

    [ Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

    [ USER: Compaq_Propri‚taire ] [ "C:\Program Files\Lop SD" ]

    [ 18/01/2008 | 17:00:27,70 ] [ MAMIE ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\Program Files\Multi_Media\INSTALL.LOG
    Supprimé! - C:\DOCUME~1\COMPAQ~1\Bureau\BitDownload Downloads.lnk
    Supprimé! - C:\WINDOWS\Tasks\AB6C7745918BF21D.job
    Supprimé! - C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy\BuildTray.exe
    Supprimé! - C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy\Insidemodefrag.exe
    Supprimé! - C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy\jwndcutw.exe
    Supprimé! - C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy\sofoaliz.exe
    Supprimé! - C:\Program Files\Bitdownload
    Supprimé! - C:\Program Files\Multi_Media
    Supprimé! - C:\DOCUME~1\COMPAQ~1\APPLIC~1\GramCopy
    Supprimé! - C:\Program Files\GramCopy
    Restauré! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [02/01/2006|23:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [02/01/2006|23:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
    [02/01/2006|23:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
    [02/01/2006|22:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    [26/10/2005|23:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [23/11/2004|16:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini

    [17/01/2008|14:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [17/01/2008|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [17/01/2008|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [17/01/2008|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
    [21/11/2007|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Newsoft
    [21/06/2007|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    [13/06/2007|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
    [19/05/2007|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [08/05/2007|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [17/04/2007|17:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [31/01/2007|13:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [15/12/2006|08:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winferno
    [18/11/2006|01:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [24/09/2006|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [13/09/2006|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
    [12/09/2006|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [09/09/2006|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
    [09/09/2006|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
    [09/09/2006|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [06/09/2006|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
    [06/09/2006|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [22/08/2006|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
    [02/01/2006|23:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
    [02/01/2006|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [02/01/2006|23:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [02/01/2006|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [02/01/2006|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [02/01/2006|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [23/11/2004|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

    [11/05/2007|12:33] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft
    [11/05/2007|12:33] C:\DOCUME~1\APPLIC~1\APPLIC~1\..
    [11/05/2007|12:33] C:\DOCUME~1\APPLIC~1\APPLIC~1\.

    [18/01/2008|17:00] C:\DOCUME~1\COMPAQ~1\APPLIC~1\..
    [18/01/2008|17:00] C:\DOCUME~1\COMPAQ~1\APPLIC~1\.
    [15/01/2008|00:30] C:\DOCUME~1\COMPAQ~1\APPLIC~1\LimeWire
    [23/12/2007|20:17] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Canon
    [14/11/2007|19:30] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Yahoo!
    [26/10/2007|00:26] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Corel
    [27/06/2007|14:13] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
    [24/06/2007|15:24] C:\DOCUME~1\COMPAQ~1\APPLIC~1\QuickZip45.ini
    [21/06/2007|18:19] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Screenshot Sender
    [02/06/2007|18:48] C:\DOCUME~1\COMPAQ~1\APPLIC~1\dvdcss
    [11/05/2007|12:33] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MySpace
    [17/04/2007|17:20] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Microsoft
    [08/04/2007|21:40] C:\DOCUME~1\COMPAQ~1\APPLIC~1\HP
    [08/04/2007|21:37] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ArcSoft
    [29/01/2007|14:30] C:\DOCUME~1\COMPAQ~1\APPLIC~1\BitTorrent
    [18/01/2007|15:29] C:\DOCUME~1\COMPAQ~1\APPLIC~1\vlc
    [15/01/2007|15:34] C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
    [12/01/2007|02:46] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Media Player Classic
    [23/12/2006|22:13] C:\DOCUME~1\COMPAQ~1\APPLIC~1\DivX
    [16/12/2006|00:03] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Template
    [25/11/2006|15:11] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sonic
    [25/11/2006|15:11] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Leadertech
    [18/11/2006|01:35] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Google
    [13/11/2006|20:15] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Lavasoft
    [24/10/2006|18:59] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mozilla
    [08/10/2006|20:53] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Help
    [07/10/2006|13:18] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Real
    [28/09/2006|17:02] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Adobe
    [12/09/2006|10:23] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Sun
    [10/09/2006|20:10] C:\DOCUME~1\COMPAQ~1\APPLIC~1\CyberLink
    [08/09/2006|19:25] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MSNInstaller
    [06/09/2006|16:05] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ACD Systems
    [06/09/2006|09:48] C:\DOCUME~1\COMPAQ~1\APPLIC~1\HPQ
    [05/09/2006|19:47] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Macromedia
    [22/08/2006|18:32] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ScanSoft
    [26/10/2005|23:34] C:\DOCUME~1\COMPAQ~1\APPLIC~1\Identities
    [23/11/2004|16:13] C:\DOCUME~1\COMPAQ~1\APPLIC~1\desktop.ini


    [02/01/2006|23:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [02/01/2006|23:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [02/01/2006|23:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [02/01/2006|22:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [26/10/2005|23:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [23/11/2004|16:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

    [15/08/2007|16:38] C:\DOCUME~1\FREDRI~1\APPLIC~1\Real
    [09/07/2007|20:57] C:\DOCUME~1\FREDRI~1\APPLIC~1\Corel
    [09/07/2007|20:48] C:\DOCUME~1\FREDRI~1\APPLIC~1\..
    [09/07/2007|20:48] C:\DOCUME~1\FREDRI~1\APPLIC~1\.
    [08/07/2007|20:02] C:\DOCUME~1\FREDRI~1\APPLIC~1\Grisoft
    [08/07/2007|20:01] C:\DOCUME~1\FREDRI~1\APPLIC~1\Microsoft
    [25/02/2007|14:05] C:\DOCUME~1\FREDRI~1\APPLIC~1\ArcSoft
    [24/02/2007|19:33] C:\DOCUME~1\FREDRI~1\APPLIC~1\CyberLink
    [22/02/2007|23:24] C:\DOCUME~1\FREDRI~1\APPLIC~1\Adobe
    [03/01/2007|01:54] C:\DOCUME~1\FREDRI~1\APPLIC~1\AdobeUM
    [30/12/2006|02:00] C:\DOCUME~1\FREDRI~1\APPLIC~1\ScanSoft
    [29/12/2006|14:51] C:\DOCUME~1\FREDRI~1\APPLIC~1\HP
    [29/12/2006|14:44] C:\DOCUME~1\FREDRI~1\APPLIC~1\Leadertech
    [28/12/2006|14:30] C:\DOCUME~1\FREDRI~1\APPLIC~1\Google
    [29/10/2006|17:49] C:\DOCUME~1\FREDRI~1\APPLIC~1\Mozilla
    [28/10/2006|10:48] C:\DOCUME~1\FREDRI~1\APPLIC~1\Macromedia
    [26/10/2005|23:34] C:\DOCUME~1\FREDRI~1\APPLIC~1\Identities
    [23/11/2004|16:13] C:\DOCUME~1\FREDRI~1\APPLIC~1\desktop.ini

    [11/05/2007|12:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [02/01/2006|22:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [02/01/2006|22:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

    [24/09/2007|21:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [02/01/2006|22:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [02/01/2006|22:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\.

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [18/01/2008 13:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 12:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [18/01/2008|17:00] C:\Program Files\Lop SD
    [18/01/2008|17:00] C:\Program Files\..
    [18/01/2008|17:00] C:\Program Files\.
    [18/01/2008|14:28] C:\Program Files\Mozilla Firefox
    [17/01/2008|14:51] C:\Program Files\Navilog1
    [17/01/2008|13:26] C:\Program Files\Trend Micro
    [17/01/2008|13:21] C:\Program Files\WinRAR
    [17/01/2008|13:21] C:\Program Files\Yahoo!
    [17/01/2008|13:20] C:\Program Files\Windows Live Toolbar
    [17/01/2008|13:19] C:\Program Files\InstallShield Installation Information
    [17/01/2008|13:17] C:\Program Files\Microsoft Office
    [17/01/2008|13:04] C:\Program Files\Fichiers communs
    [17/01/2008|13:00] C:\Program Files\Google
    [16/01/2008|19:09] C:\Program Files\eMule
    [14/01/2008|23:43] C:\Program Files\LimeWire
    [26/12/2007|12:36] C:\Program Files\Messenger Plus! Live
    [26/12/2007|12:36] C:\Program Files\MSN Messenger
    [12/12/2007|23:12] C:\Program Files\Internet Explorer
    [26/10/2007|00:26] C:\Program Files\Corel
    [25/10/2007|13:19] C:\Program Files\Spybot - Search & Destroy
    [24/09/2007|21:31] C:\Program Files\Ubi Soft
    [24/08/2007|15:34] C:\Program Files\DivX
    [24/06/2007|20:11] C:\Program Files\Wanadoo
    [24/06/2007|13:34] C:\Program Files\CCleaner
    [14/06/2007|00:45] C:\Program Files\Outlook Express
    [14/06/2007|00:38] C:\Program Files\NASA
    [06/06/2007|09:42] C:\Program Files\Windows Live
    [29/05/2007|13:22] C:\Program Files\WinamaxPoker
    [29/05/2007|13:18] C:\Program Files\MSN
    [29/05/2007|13:15] C:\Program Files\MySpace
    [29/05/2007|13:08] C:\Program Files\MSN Spy 2004
    [29/05/2007|13:00] C:\Program Files\EuroPoker
    [10/05/2007|02:06] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [13/04/2007|10:57] C:\Program Files\IncrediMail
    [10/04/2007|10:22] C:\Program Files\QuickTime
    [23/02/2007|21:10] C:\Program Files\Audacity
    [08/02/2007|21:43] C:\Program Files\Services en ligne
    [07/02/2007|23:06] C:\Program Files\BitTorrent
    [02/02/2007|22:37] C:\Program Files\Grisoft
    [29/01/2007|17:04] C:\Program Files\Windows Media Player
    [21/01/2007|23:03] C:\Program Files\WinAce
    [18/01/2007|15:22] C:\Program Files\VideoLAN
    [17/01/2007|21:06] C:\Program Files\Windows Media Connect 2
    [15/12/2006|08:30] C:\Program Files\zlsSetup_65_737_000_fr.exe
    [14/11/2006|23:37] C:\Program Files\MSXML 4.0
    [13/11/2006|20:15] C:\Program Files\Lavasoft
    [23/10/2006|15:40] C:\Program Files\SAGEM
    [23/10/2006|15:29] C:\Program Files\Securitoo
    [28/09/2006|17:01] C:\Program Files\Adobe
    [12/09/2006|17:50] C:\Program Files\Logitech
    [09/09/2006|15:54] C:\Program Files\Alwil Software
    [06/09/2006|15:54] C:\Program Files\ACD Systems
    [06/09/2006|09:22] C:\Program Files\Messenger
    [05/09/2006|19:17] C:\Program Files\CONEXANT
    [23/08/2006|14:44] C:\Program Files\AzureBay
    [22/08/2006|18:31] C:\Program Files\ScanSoft
    [22/08/2006|18:30] C:\Program Files\ArcSoft
    [22/08/2006|18:29] C:\Program Files\Canon
    [21/08/2006|14:58] C:\Program Files\Microsoft.NET
    [21/08/2006|14:58] C:\Program Files\Windows Messaging
    [21/08/2006|14:41] C:\Program Files\microsoft frontpage
    [02/01/2006|23:26] C:\Program Files\Hewlett-Packard
    [02/01/2006|23:02] C:\Program Files\CyberLink
    [02/01/2006|23:02] C:\Program Files\HP
    [02/01/2006|23:00] C:\Program Files\Sonic
    [02/01/2006|22:59] C:\Program Files\Real
    [02/01/2006|22:41] C:\Program Files\Java
    [26/10/2005|23:37] C:\Program Files\xerox
    [26/10/2005|23:36] C:\Program Files\Windows NT
    [26/10/2005|23:36] C:\Program Files\NetMeeting
    [26/10/2005|23:36] C:\Program Files\Online Services
    [26/10/2005|23:36] C:\Program Files\MSN Gaming Zone
    [26/10/2005|23:36] C:\Program Files\Movie Maker
    [20/10/2005|20:06] C:\Program Files\ComPlus Applications
    [20/10/2005|20:06] C:\Program Files\Uninstall Information
    [20/10/2005|20:05] C:\Program Files\WindowsUpdate

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [17/01/2008|13:17] C:\Program Files\Fichiers communs\Microsoft Shared
    [17/01/2008|13:04] C:\Program Files\Fichiers communs\..
    [17/01/2008|13:04] C:\Program Files\Fichiers communs\.
    [21/11/2007|12:45] C:\Program Files\Fichiers communs\Digi338
    [14/06/2007|00:45] C:\Program Files\Fichiers communs\System
    [07/02/2007|23:12] C:\Program Files\Fichiers communs\Adobe
    [27/09/2006|17:41] C:\Program Files\Fichiers communs\ScanSoft Shared
    [14/09/2006|17:43] C:\Program Files\Fichiers communs\AOL
    [12/09/2006|17:51] C:\Program Files\Fichiers communs\Logitech
    [12/09/2006|17:50] C:\Program Files\Fichiers communs\InstallShield
    [09/09/2006|15:51] C:\Program Files\Fichiers communs\Symantec Shared
    [09/09/2006|15:35] C:\Program Files\Fichiers communs\Panda Software
    [06/09/2006|15:54] C:\Program Files\Fichiers communs\ACD Systems
    [21/08/2006|15:00] C:\Program Files\Fichiers communs\DESIGNER
    [02/01/2006|23:00] C:\Program Files\Fichiers communs\TiVo Shared
    [02/01/2006|23:00] C:\Program Files\Fichiers communs\SureThing Shared
    [02/01/2006|23:00] C:\Program Files\Fichiers communs\Sonic Shared
    [02/01/2006|22:59] C:\Program Files\Fichiers communs\xing shared
    [02/01/2006|22:59] C:\Program Files\Fichiers communs\Real
    [02/01/2006|22:55] C:\Program Files\Fichiers communs\HP
    [02/01/2006|22:40] C:\Program Files\Fichiers communs\Java
    [26/10/2005|23:35] C:\Program Files\Fichiers communs\SpeechEngines
    [26/10/2005|23:35] C:\Program Files\Fichiers communs\Services
    [26/10/2005|23:35] C:\Program Files\Fichiers communs\MSSoap
    [26/10/2005|23:35] C:\Program Files\Fichiers communs\ODBC

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-18 17:03:48
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:15][Doss:4] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
    /!\ [Fich:9][Doss:4] C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 17:04:11,00 ]----------------------
    18 Janvier 2008 17:40:05

    re
    reposte un log hijackthis :) 
    18 Janvier 2008 17:47:40

    re

    voici voila :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:47:20, on 18/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\WINDOWS\SYSTEM32\taskmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\MP3 OPEN.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.fr/startpage/dialup/fr/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gwenika.spaces.live.com//PhotoUpload/MsnPUpld.ca...
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 8677 bytes
    18 Janvier 2008 22:16:28

    re
    ~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\MP3 OPEN.exe


    Clique sur Fix checked (en bas à gauche)


    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\Documents and Settings\All Users\Application Data\Cast ping base frag

    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur MoveIt![/#f]

    [#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.

    Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ->Informations sur le logiciel<-
    19 Janvier 2008 12:46:45

    Bonjour,

    Voilà le rapport :

    C:\Documents and Settings\All Users\Application Data\Cast ping base frag moved successfully.
    File/Folder not found.

    Created on 01/19/2008 12:45:12
    19 Janvier 2008 13:50:40

    bonjour
    bien

    Voilà ce qu'on va faire, tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec et poster le rapport. :) 


    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->Tuto<--


    Pourquoi changer ? : Avast! vs Antivir
    19 Janvier 2008 17:54:21

    Voilà avast est desinstallé j 'ai mis l autre a la place et le rapport du scan donne ca :




    AntiVir PersonalEdition Classic
    Report file date: samedi 19 janvier 2008 14:39

    Scanning for 1056958 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: MAMIE

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:37:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 13:37:15
    ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 13:37:15
    ANTIVIR3.VDF : 7.0.2.20 225792 Bytes 18/01/2008 13:37:15
    AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 19/01/2008 13:37:15
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/01/2008 13:37:15
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 19 janvier 2008 14:39

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'CLSched.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    35 processes with 35 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '35' files ).


    Starting the file scan:

    Begin scan in 'C:\' <PRESARIO>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <PRESARIO_RP>


    End of the scan: samedi 19 janvier 2008 15:30
    Used time: 50:58 min

    The scan has been done completely.

    6434 Scanning directories
    416805 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    416805 Files not concerned
    15139 Archives were scanned
    1 Warnings
    0 Notes

    19 Janvier 2008 18:17:16

    parfait :) 
    Supprime tous les programmes installés pour la désinfection. (sauf AntiVir évidemment :)  )


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    19 Janvier 2008 19:03:09

    Merci beaucoup !!!!!!!!!!!!!!
    19 Janvier 2008 20:21:31

    bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS