Votre question

virus qui bloque les antivirus

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Novembre 2007 11:31:12

bonjour,

mes antivirus ne fonctionnent plus sur mon pc, ni avast, ni spybot.
j'ai essayé EliBaglA, mais ça n'a pas fonctionné.
voici le rapport de Hijackthis

si vous pouvez m'indiquez quoi fixer ou supprimer, merci d'avance ;) 

Logfile of HijackThis v1.99.1
Scan saved at 11:30:12, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\BITTOR~1\BitP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mobile Master\MMAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mobile Master\MMScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mobiswing] C:\PROGRA~1\BITTOR~1\BitP.exe
O4 - HKLM\..\Run: [find trust seek mail] C:\Documents and Settings\All Users\Application Data\Defy Memo Find Trust\01 NURB.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan....
O17 - HKLM\System\CCS\Services\Tcpip\..\{461419BB-85C8-4017-872A-1AC1FDD6AF4A}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampplite\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

Autres pages sur : virus bloque antivirus

a b 8 Sécurité
5 Novembre 2007 13:16:22

Bonjour,

Télécharge Lop S&D.zip.
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier Lop S&D puis double-clique sur Scan.bat. Tape sur "R" puis valide en appuyant sur "Entrée".
Un rapport sera généré, poste son contenu ici.
5 Novembre 2007 17:36:57

voici le rapport,
et merci d'avance à toi, angeldark


------------------------------[ Lop S&D 1.5 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "C:\Documents and Settings\blein\Bureau\LopSD\Lop S&D"

Rapport créé Le 05/11/2007 à 17:35:05,64 PC : JLG

! Faire analyser le rapport par un Helper avant intervention !

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and settings\All Users\Application Data\Grisoft
C:\Documents and settings\All Users\Application Data\Defy Memo Find Trust
C:\Documents and settings\All Users\Application Data\QTSBandwidthCache
C:\Documents and settings\All Users\Application Data\Apple
C:\Documents and settings\All Users\Application Data\Ciel
C:\Documents and settings\All Users\Application Data\FLEXnet
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Minnetonka Audio Software
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\Macromedia
C:\Documents and settings\All Users\Application Data\Nero
C:\Documents and settings\All Users\Application Data\Apple Computer
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\CanonBJ
C:\Documents and settings\All Users\Application Data\Real
C:\Documents and settings\All Users\Application Data\Adobe Systems
C:\Documents and settings\All Users\Application Data\desktop.ini

C:\Documents and settings\blein\Application Data\Gridfastbarb
C:\Documents and settings\blein\Application Data\BitDownload
C:\Documents and settings\blein\Application Data\Macromedia
C:\Documents and settings\blein\Application Data\Adobe
C:\Documents and settings\blein\Application Data\Microsoft
C:\Documents and settings\blein\Application Data\MyPhoneExplorer
C:\Documents and settings\blein\Application Data\Inspiration Software
C:\Documents and settings\blein\Application Data\Google
C:\Documents and settings\blein\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and settings\blein\Application Data\Download Manager
C:\Documents and settings\blein\Application Data\Mobile Master
C:\Documents and settings\blein\Application Data\InstallShield
C:\Documents and settings\blein\Application Data\Leadertech
C:\Documents and settings\blein\Application Data\Apple Computer
C:\Documents and settings\blein\Application Data\Opera
C:\Documents and settings\blein\Application Data\Nero
C:\Documents and settings\blein\Application Data\ZoomBrowser EX
C:\Documents and settings\blein\Application Data\Canon
C:\Documents and settings\blein\Application Data\vlc
C:\Documents and settings\blein\Application Data\Inkscape
C:\Documents and settings\blein\Application Data\Ahead
C:\Documents and settings\blein\Application Data\Sun
C:\Documents and settings\blein\Application Data\Real
C:\Documents and settings\blein\Application Data\AdobeUM
C:\Documents and settings\blein\Application Data\Mozilla
C:\Documents and settings\blein\Application Data\Media Player Classic
C:\Documents and settings\blein\Application Data\Talkback
C:\Documents and settings\blein\Application Data\Thunderbird
C:\Documents and settings\blein\Application Data\Help
C:\Documents and settings\blein\Application Data\desktop.ini
C:\Documents and settings\blein\Application Data\Identities

C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Microsoft

C:\Documents and settings\LocalService\Application Data\Microsoft
C:\Documents and settings\LocalService\Application Data\Ahead

C:\Documents and settings\NetworkService\Application Data\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\A5AC859791A339A3.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\@Last Software
C:\Program Files\7-Zip
C:\Program Files\Adobe
C:\Program Files\Agfa
C:\Program Files\Alcohol Soft
C:\Program Files\Alwil Software
C:\Program Files\Apple Software Update
C:\Program Files\AskTBar
C:\Program Files\ASUS
C:\Program Files\ATI Technologies
C:\Program Files\BitDownload
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\Bonjour
C:\Program Files\CamStudio
C:\Program Files\Canon
C:\Program Files\CCleaner
C:\Program Files\CDBurnerXP Pro 3
C:\Program Files\CDisplay
C:\Program Files\Ciel
C:\Program Files\ComPlus Applications
C:\Program Files\DC++
C:\Program Files\DS-Monkey Audio Source
C:\Program Files\EasyPHP1-8
C:\Program Files\eMule
C:\Program Files\Extensis
C:\Program Files\Fichiers communs
C:\Program Files\FontLab
C:\Program Files\Freeplayer
C:\Program Files\FreeplayerPack
C:\Program Files\frostwire-4.13.1.6.windows.exe
C:\Program Files\GENIUS TABLET
C:\Program Files\Google
C:\Program Files\Gridfastbarb
C:\Program Files\Grisoft
C:\Program Files\Hijackthis
C:\Program Files\Hijackthis Version Fran‡aise
C:\Program Files\Inkscape
C:\Program Files\INSTALL.LOG
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\K-Lite Codec Pack
C:\Program Files\Lavalys
C:\Program Files\Logitech
C:\Program Files\Macromedia
C:\Program Files\Marvell
C:\Program Files\Messenger
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Mobile Master
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\Mozilla Thunderbird
C:\Program Files\MSN
C:\Program Files\MSN Apps
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MyPhoneExplorer
C:\Program Files\Navman
C:\Program Files\Nero
C:\Program Files\NetMeeting
C:\Program Files\OCAD 9.3 Demo
C:\Program Files\Online Services
C:\Program Files\Orange
C:\Program Files\Outlook Express
C:\Program Files\Panda Security
C:\Program Files\Paris Premiere Video
C:\Program Files\Picasa2
C:\Program Files\QuickTime
C:\Program Files\Rainbow Technologies
C:\Program Files\Realtek
C:\Program Files\Services en ligne
C:\Program Files\SimpleOCR
C:\Program Files\Sony Ericsson
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\ToniArts
C:\Program Files\Windows Media Components
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\xerox
C:\Program Files\Yahoo!

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Adobe Systems Shared
C:\program files\fichiers communs\Agfa
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\Apple
C:\program files\fichiers communs\Canon
C:\program files\fichiers communs\Ciel
C:\program files\fichiers communs\Designer
C:\program files\fichiers communs\FontLab
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\Logitech
C:\program files\fichiers communs\Macromedia
C:\program files\fichiers communs\Macrovision Shared
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Real
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\System
C:\program files\fichiers communs\Wise Installation Wizard

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"find trust seek mail"="C:\\Documents and Settings\\All Users\\Application Data\\Defy Memo Find Trust\\01 NURB.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]


-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

C:\Documents and settings\All Users\Application Data\Defy Memo Find Trust
C:\WINDOWS\Prefetch\01 NURB.EXE-1C3BA4EA.pf
C:\Program Files\Bitdownload
C:\Documents and settings\blein\Application Data\Bitdownload
C:\WINDOWS\tasks\A5AC859791A339A3.job

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : MODIFIE

127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 17:35:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:49,47,47,21,2b,0b,fd,da,38,ef,84,92,bd,2d,88,8c,62,5d,af,c6,ce,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:49,47,47,21,2b,0b,fd,da,38,ef,84,92,bd,2d,88,8c,62,5d,af,c6,ce,..
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

--------------------[ Fin du rapport à 17:35:54,82 ]----------------------
Contenus similaires
a b 8 Sécurité
5 Novembre 2007 18:09:51

Re,

Ouvre le dossier Lop S&D puis double-clique sur Scan.bat. Tape sur "S" puis valide en appuyant sur "Entrée".
[#ff0000]! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
5 Novembre 2007 21:37:23

Re,

Voici le rapport après avoir taper "S"


------------------------------[ Lop S&D 1.5 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "C:\Documents and Settings\blein\Bureau\LopSD\Lop S&D"

Rapport créé Le 05/11/2007 à 21:35:28,96 PC : JLG

! Faire analyser le rapport par un Helper avant intervention !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////////

Supprimé - C:\WINDOWS\Prefetch\01 NURB.EXE-1C3BA4EA.pf
Supprimé - C:\Documents and settings\All Users\Application Data\Defy Memo Find Trust
Supprimé - C:\Program Files\Bitdownload
Supprimé - C:\Documents and settings\blein\Application Data\Bitdownload
Supprimé - C:\WINDOWS\tasks\A5AC859791A339A3.job
Restauré - Fichier Hosts

\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Copié ! - [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
Copié ! - [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
Supprimé - HKLM\Software\Microsoft\Windows\CurrentVersion\Run | find trust seek mail

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and settings\All Users\Application Data\Grisoft
C:\Documents and settings\All Users\Application Data\QTSBandwidthCache
C:\Documents and settings\All Users\Application Data\Apple
C:\Documents and settings\All Users\Application Data\Ciel
C:\Documents and settings\All Users\Application Data\FLEXnet
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Minnetonka Audio Software
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\Macromedia
C:\Documents and settings\All Users\Application Data\Nero
C:\Documents and settings\All Users\Application Data\Apple Computer
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\CanonBJ
C:\Documents and settings\All Users\Application Data\Real
C:\Documents and settings\All Users\Application Data\Adobe Systems
C:\Documents and settings\All Users\Application Data\desktop.ini

C:\Documents and settings\blein\Application Data\Gridfastbarb
C:\Documents and settings\blein\Application Data\Macromedia
C:\Documents and settings\blein\Application Data\Adobe
C:\Documents and settings\blein\Application Data\Microsoft
C:\Documents and settings\blein\Application Data\MyPhoneExplorer
C:\Documents and settings\blein\Application Data\Inspiration Software
C:\Documents and settings\blein\Application Data\Google
C:\Documents and settings\blein\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and settings\blein\Application Data\Download Manager
C:\Documents and settings\blein\Application Data\Mobile Master
C:\Documents and settings\blein\Application Data\InstallShield
C:\Documents and settings\blein\Application Data\Leadertech
C:\Documents and settings\blein\Application Data\Apple Computer
C:\Documents and settings\blein\Application Data\Opera
C:\Documents and settings\blein\Application Data\Nero
C:\Documents and settings\blein\Application Data\ZoomBrowser EX
C:\Documents and settings\blein\Application Data\Canon
C:\Documents and settings\blein\Application Data\vlc
C:\Documents and settings\blein\Application Data\Inkscape
C:\Documents and settings\blein\Application Data\Ahead
C:\Documents and settings\blein\Application Data\Sun
C:\Documents and settings\blein\Application Data\Real
C:\Documents and settings\blein\Application Data\AdobeUM
C:\Documents and settings\blein\Application Data\Mozilla
C:\Documents and settings\blein\Application Data\Media Player Classic
C:\Documents and settings\blein\Application Data\Talkback
C:\Documents and settings\blein\Application Data\Thunderbird
C:\Documents and settings\blein\Application Data\Help
C:\Documents and settings\blein\Application Data\desktop.ini
C:\Documents and settings\blein\Application Data\Identities

C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Microsoft

C:\Documents and settings\LocalService\Application Data\Microsoft
C:\Documents and settings\LocalService\Application Data\Ahead

C:\Documents and settings\NetworkService\Application Data\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\@Last Software
C:\Program Files\7-Zip
C:\Program Files\Adobe
C:\Program Files\Agfa
C:\Program Files\Alcohol Soft
C:\Program Files\Alwil Software
C:\Program Files\Apple Software Update
C:\Program Files\AskTBar
C:\Program Files\ASUS
C:\Program Files\ATI Technologies
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\Bonjour
C:\Program Files\CamStudio
C:\Program Files\Canon
C:\Program Files\CCleaner
C:\Program Files\CDBurnerXP Pro 3
C:\Program Files\CDisplay
C:\Program Files\Ciel
C:\Program Files\ComPlus Applications
C:\Program Files\DC++
C:\Program Files\DS-Monkey Audio Source
C:\Program Files\EasyPHP1-8
C:\Program Files\eMule
C:\Program Files\Extensis
C:\Program Files\Fichiers communs
C:\Program Files\FontLab
C:\Program Files\Freeplayer
C:\Program Files\FreeplayerPack
C:\Program Files\frostwire-4.13.1.6.windows.exe
C:\Program Files\GENIUS TABLET
C:\Program Files\Google
C:\Program Files\Gridfastbarb
C:\Program Files\Grisoft
C:\Program Files\Hijackthis
C:\Program Files\Hijackthis Version Fran‡aise
C:\Program Files\Inkscape
C:\Program Files\INSTALL.LOG
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\K-Lite Codec Pack
C:\Program Files\Lavalys
C:\Program Files\Logitech
C:\Program Files\Macromedia
C:\Program Files\Marvell
C:\Program Files\Messenger
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Mobile Master
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\Mozilla Thunderbird
C:\Program Files\MSN
C:\Program Files\MSN Apps
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MyPhoneExplorer
C:\Program Files\Navman
C:\Program Files\Nero
C:\Program Files\NetMeeting
C:\Program Files\OCAD 9.3 Demo
C:\Program Files\Online Services
C:\Program Files\Orange
C:\Program Files\Outlook Express
C:\Program Files\Panda Security
C:\Program Files\Paris Premiere Video
C:\Program Files\Picasa2
C:\Program Files\QuickTime
C:\Program Files\Rainbow Technologies
C:\Program Files\Realtek
C:\Program Files\Services en ligne
C:\Program Files\SimpleOCR
C:\Program Files\Sony Ericsson
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\ToniArts
C:\Program Files\Windows Media Components
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\xerox
C:\Program Files\Yahoo!

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Adobe Systems Shared
C:\program files\fichiers communs\Agfa
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\Apple
C:\program files\fichiers communs\Canon
C:\program files\fichiers communs\Ciel
C:\program files\fichiers communs\Designer
C:\program files\fichiers communs\FontLab
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\Logitech
C:\program files\fichiers communs\Macromedia
C:\program files\fichiers communs\Macrovision Shared
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Real
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\System
C:\program files\fichiers communs\Wise Installation Wizard

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]


-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

Aucun dossier Lop trouvé !

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : Propre

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 21:35:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:49,47,47,21,2b,0b,fd,da,38,ef,84,92,bd,2d,88,8c,62,5d,af,c6,ce,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:49,47,47,21,2b,0b,fd,da,38,ef,84,92,bd,2d,88,8c,62,5d,af,c6,ce,..
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

--------------------[ Fin du rapport à 21:36:18,03 ]----------------------

Que dois-je faire maintenant?
a b 8 Sécurité
5 Novembre 2007 21:51:17

C'est mieux ?
6 Novembre 2007 09:23:05

oui, c'est mieux :
j'ai pu réinstaller spybot ainsi que avast antivirus : ils fonctionnent.
Cependant, j'ai toujours au démarrage une page d'internet exploreur qui s'ouvre toute seule, et réouvre par moment. Je pense qu'il doit toujours y avoir un chose dans l'ordi.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS