Se connecter / S'enregistrer
Votre question

affichage d'une fenêtre de téléchargement de "indexint.htm" + pub

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Octobre 2007 18:29:03

Bonjour,
J'ai un problème concernant l'affichage de publicités genre : http://be.celldorado.com ainsi que d'une fenêtre de téléchargement de indexint.htm!
Je ne sais pas quoi faire, pouvez-vous m'aider?
Voici mon rapport hijack :



Logfile of HijackThis v1.98.2
Scan saved at 18:21:02, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\Baloo (G)\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cake Wipe Inside Wma] C:\Documents and Settings\All Users\Application Data\flag barb cake wipe\road online.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Olivier\APPLIC~1\ELSEPL~1\AXISNEW.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Autres pages sur : affichage fenetre telechargement indexint htm pub

23 Octobre 2007 23:57:42

bonsoir et [:bienvenue]

Citation :
Logfile of HijackThis v1.98.2


ta version de hijackthis date un peu, supprime-là :) 

1

Télécharge Lop S&D.zip.
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier Lop S&D puis double-clique sur Scan.bat.
Sélectionne la langue en tapant sur 1 puis en validant avec la touche Entrée.
Tape sur "R" puis valide en appuyant sur "Entrée".
Un rapport sera généré, poste son contenu ici.

2

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
24 Octobre 2007 13:10:18

Merci de m'aider ;)  !
Voilà mon rapport générer par Lop S&D :


------------------------------[ Lop S&D 1.3 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "C:\Documents and Settings\Olivier\Bureau\Lop S&D"

Rapport créé Le 24/10/2007 à 13:06:54,71 PC : BALOO

! Faire analyser le rapport par un Helper avant intervention !

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\Default User\Application Data\Identities
C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Microsoft

C:\Documents and settings\All Users\Application Data\Lavasoft
C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and settings\All Users\Application Data\flag barb cake wipe
C:\Documents and settings\All Users\Application Data\Apple
C:\Documents and settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and settings\All Users\Application Data\Google
C:\Documents and settings\All Users\Application Data\Microsoft Help
C:\Documents and settings\All Users\Application Data\NtiDvdCopy
C:\Documents and settings\All Users\Application Data\QTSBandwidthCache
C:\Documents and settings\All Users\Application Data\DVD Shrink
C:\Documents and settings\All Users\Application Data\Messenger Plus!
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Apple Computer
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\avg7
C:\Documents and settings\All Users\Application Data\Grisoft
C:\Documents and settings\All Users\Application Data\Intel
C:\Documents and settings\All Users\Application Data\desktop.ini
C:\Documents and settings\All Users\Application Data\Microsoft

C:\Documents and settings\NetworkService\Application Data\Microsoft

C:\Documents and settings\LocalService\Application Data\AVG7
C:\Documents and settings\LocalService\Application Data\Microsoft

C:\Documents and settings\Olivier\Application Data\Else plus
C:\Documents and settings\Olivier\Application Data\vlc
C:\Documents and settings\Olivier\Application Data\La Bataille pour la Terre du Milieu T II
C:\Documents and settings\Olivier\Application Data\Intel
C:\Documents and settings\Olivier\Application Data\Help
C:\Documents and settings\Olivier\Application Data\Screenshot Sender
C:\Documents and settings\Olivier\Application Data\MathWorks
C:\Documents and settings\Olivier\Application Data\CyberLink
C:\Documents and settings\Olivier\Application Data\Sun
C:\Documents and settings\Olivier\Application Data\DivX
C:\Documents and settings\Olivier\Application Data\Apple Computer
C:\Documents and settings\Olivier\Application Data\AdobeUM
C:\Documents and settings\Olivier\Application Data\Adobe
C:\Documents and settings\Olivier\Application Data\BSplayer
C:\Documents and settings\Olivier\Application Data\Thunderbird
C:\Documents and settings\Olivier\Application Data\Macromedia
C:\Documents and settings\Olivier\Application Data\Talkback
C:\Documents and settings\Olivier\Application Data\Mozilla
C:\Documents and settings\Olivier\Application Data\Logitech
C:\Documents and settings\Olivier\Application Data\AVG7
C:\Documents and settings\Olivier\Application Data\Identities
C:\Documents and settings\Olivier\Application Data\desktop.ini
C:\Documents and settings\Olivier\Application Data\Microsoft

C:\Documents and settings\Invit‚\Application Data\Else plus
C:\Documents and settings\Invit‚\Application Data\Thunderbird
C:\Documents and settings\Invit‚\Application Data\vlc
C:\Documents and settings\Invit‚\Application Data\Apple Computer
C:\Documents and settings\Invit‚\Application Data\Macromedia
C:\Documents and settings\Invit‚\Application Data\Talkback
C:\Documents and settings\Invit‚\Application Data\Mozilla
C:\Documents and settings\Invit‚\Application Data\BSplayer
C:\Documents and settings\Invit‚\Application Data\DivX
C:\Documents and settings\Invit‚\Application Data\Logitech
C:\Documents and settings\Invit‚\Application Data\AVG7
C:\Documents and settings\Invit‚\Application Data\Identities
C:\Documents and settings\Invit‚\Application Data\desktop.ini
C:\Documents and settings\Invit‚\Application Data\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\B43466AD9A301991.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\acer
C:\Program Files\Acer Inc
C:\Program Files\Adobe
C:\Program Files\Apple Software Update
C:\Program Files\Arcade
C:\Program Files\ATI Technologies
C:\Program Files\ComPlus Applications
C:\Program Files\CONEXANT
C:\Program Files\Cyanide
C:\Program Files\CyberLink
C:\Program Files\DivX
C:\Program Files\DVD Shrink
C:\Program Files\dx5frn.exe
C:\Program Files\Else plus
C:\Program Files\Fichiers communs
C:\Program Files\Google
C:\Program Files\Grisoft
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Launch Manager
C:\Program Files\Lavasoft
C:\Program Files\Logitech
C:\Program Files\MagicISO
C:\Program Files\MBsysLab
C:\Program Files\Messenger
C:\Program Files\Messenger Plus! Live
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Microsoft Visual Studio 8
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft.NET
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\Mozilla Thunderbird
C:\Program Files\MSBuild
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\NetMeeting
C:\Program Files\NewTech Infosystems
C:\Program Files\Outlook Express
C:\Program Files\PowerISO
C:\Program Files\QuickTime
C:\Program Files\Reference Assemblies
C:\Program Files\Services en ligne
C:\Program Files\Setup
C:\Program Files\Sierra On-Line
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Synaptics
C:\Program Files\VideoLAN
C:\Program Files\Webteh
C:\Program Files\Windows Live
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinPCap
C:\Program Files\WinRAR
C:\Program Files\xerox

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\Apple
C:\program files\fichiers communs\DESIGNER
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\Logitech
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\muvee Technologies
C:\program files\fichiers communs\NewTech Infosystems
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\System
C:\program files\fichiers communs\Wise Installation Wizard

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"Cake Wipe Inside Wma"="C:\\Documents and Settings\\All Users\\Application Data\\flag barb cake wipe\\road online.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"book ante"="C:\\DOCUME~1\\Olivier\\APPLIC~1\\ELSEPL~1\\AXISNEW.exe"

-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

C:\Documents and settings\All Users\Application Data\flag barb cake wipe
C:\Documents and settings\Olivier\Application Data\ELSEPL~1
C:\Documents and settings\Invit‚\Application Data\ELSEPL~1
C:\Program Files\ELSEPL~1
C:\WINDOWS\Prefetch\ROAD ONLINE.EXE-2A138B54.pf
C:\WINDOWS\Prefetch\AXISNEW.EXE-316A3543.pf
C:\WINDOWS\tasks\B43466AD9A301991.job

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : MODIFIE

127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-24 13:07:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

E:\Autorun.inf


--------------------[ Fin du rapport à 13:08:22,09 ]----------------------
Contenus similaires
24 Octobre 2007 13:13:32

Et voici mon rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:32, on 24/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cake Wipe Inside Wma] C:\Documents and Settings\All Users\Application Data\flag barb cake wipe\road online.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Olivier\APPLIC~1\ELSEPL~1\AXISNEW.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - G:\Matlab\webserver\bin\win32\matlabserver.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 0: (no name) - http://64.4.26.250/cgi-bin/getmsg/DSC00880%2eJPG?&msg=8...

--
End of file - 9471 bytes
24 Octobre 2007 19:06:52

bonsoir


Ouvre le dossier Lop S&D puis double-clique sur Scan.bat. Tape sur "S" puis valide en appuyant sur "Entrée".
[#ff0000]! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer.exe puis valide.
26 Octobre 2007 11:41:20

Bonjour,

Voilà ce que donne mon rapport après la suppression :





------------------------------[ Lop S&D 1.3 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "C:\Documents and Settings\Olivier\Bureau\Lop S&D"

Rapport créé Le 26/10/2007 à 11:36:42,34 PC : BALOO

! Faire analyser le rapport par un Helper avant intervention !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////////

Supprimé - C:\WINDOWS\Prefetch\ROAD ONLINE.EXE-2A138B54.pf
Supprimé - C:\WINDOWS\Prefetch\AXISNEW.EXE-316A3543.pf
Supprimé - C:\Program Files\ELSEPL~1
Supprimé - C:\Documents and settings\All Users\Application Data\flag barb cake wipe
Supprimé - C:\Documents and settings\Olivier\Application Data\ELSEPL~1
Supprimé - C:\Documents and settings\Invit‚\Application Data\ELSEPL~1
Supprimé - C:\WINDOWS\tasks\B43466AD9A301991.job
Restauré - Fichier Hosts
Présent! - E:\autorun.inf

\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////

Présent! - E:\autorun.inf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Copié ! - [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
Copié ! - [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
Supprimé - HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Cake Wipe Inside Wma
Supprimé - HKCU\Software\Microsoft\Windows\CurrentVersion\Run | book ante

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\Default User\Application Data\Identities
C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Microsoft

C:\Documents and settings\All Users\Application Data\Lavasoft
C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and settings\All Users\Application Data\Apple
C:\Documents and settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and settings\All Users\Application Data\Google
C:\Documents and settings\All Users\Application Data\Microsoft Help
C:\Documents and settings\All Users\Application Data\NtiDvdCopy
C:\Documents and settings\All Users\Application Data\QTSBandwidthCache
C:\Documents and settings\All Users\Application Data\DVD Shrink
C:\Documents and settings\All Users\Application Data\Messenger Plus!
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Apple Computer
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\avg7
C:\Documents and settings\All Users\Application Data\Grisoft
C:\Documents and settings\All Users\Application Data\Intel
C:\Documents and settings\All Users\Application Data\desktop.ini
C:\Documents and settings\All Users\Application Data\Microsoft

C:\Documents and settings\NetworkService\Application Data\Microsoft

C:\Documents and settings\LocalService\Application Data\AVG7
C:\Documents and settings\LocalService\Application Data\Microsoft

C:\Documents and settings\Olivier\Application Data\vlc
C:\Documents and settings\Olivier\Application Data\La Bataille pour la Terre du Milieu T II
C:\Documents and settings\Olivier\Application Data\Intel
C:\Documents and settings\Olivier\Application Data\Help
C:\Documents and settings\Olivier\Application Data\Screenshot Sender
C:\Documents and settings\Olivier\Application Data\MathWorks
C:\Documents and settings\Olivier\Application Data\CyberLink
C:\Documents and settings\Olivier\Application Data\Sun
C:\Documents and settings\Olivier\Application Data\DivX
C:\Documents and settings\Olivier\Application Data\Apple Computer
C:\Documents and settings\Olivier\Application Data\AdobeUM
C:\Documents and settings\Olivier\Application Data\Adobe
C:\Documents and settings\Olivier\Application Data\BSplayer
C:\Documents and settings\Olivier\Application Data\Thunderbird
C:\Documents and settings\Olivier\Application Data\Macromedia
C:\Documents and settings\Olivier\Application Data\Talkback
C:\Documents and settings\Olivier\Application Data\Mozilla
C:\Documents and settings\Olivier\Application Data\Logitech
C:\Documents and settings\Olivier\Application Data\AVG7
C:\Documents and settings\Olivier\Application Data\Identities
C:\Documents and settings\Olivier\Application Data\desktop.ini
C:\Documents and settings\Olivier\Application Data\Microsoft

C:\Documents and settings\Invit‚\Application Data\Thunderbird
C:\Documents and settings\Invit‚\Application Data\vlc
C:\Documents and settings\Invit‚\Application Data\Apple Computer
C:\Documents and settings\Invit‚\Application Data\Macromedia
C:\Documents and settings\Invit‚\Application Data\Talkback
C:\Documents and settings\Invit‚\Application Data\Mozilla
C:\Documents and settings\Invit‚\Application Data\BSplayer
C:\Documents and settings\Invit‚\Application Data\DivX
C:\Documents and settings\Invit‚\Application Data\Logitech
C:\Documents and settings\Invit‚\Application Data\AVG7
C:\Documents and settings\Invit‚\Application Data\Identities
C:\Documents and settings\Invit‚\Application Data\desktop.ini
C:\Documents and settings\Invit‚\Application Data\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\acer
C:\Program Files\Acer Inc
C:\Program Files\Adobe
C:\Program Files\Apple Software Update
C:\Program Files\Arcade
C:\Program Files\ATI Technologies
C:\Program Files\ComPlus Applications
C:\Program Files\CONEXANT
C:\Program Files\Cyanide
C:\Program Files\CyberLink
C:\Program Files\DivX
C:\Program Files\DVD Shrink
C:\Program Files\dx5frn.exe
C:\Program Files\Fichiers communs
C:\Program Files\Google
C:\Program Files\Grisoft
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Launch Manager
C:\Program Files\Lavasoft
C:\Program Files\Logitech
C:\Program Files\MagicISO
C:\Program Files\MBsysLab
C:\Program Files\Messenger
C:\Program Files\Messenger Plus! Live
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Microsoft Visual Studio 8
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft.NET
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\Mozilla Thunderbird
C:\Program Files\MSBuild
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\NetMeeting
C:\Program Files\NewTech Infosystems
C:\Program Files\Outlook Express
C:\Program Files\PowerISO
C:\Program Files\QuickTime
C:\Program Files\Reference Assemblies
C:\Program Files\Services en ligne
C:\Program Files\Setup
C:\Program Files\Sierra On-Line
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Synaptics
C:\Program Files\Trend Micro
C:\Program Files\VideoLAN
C:\Program Files\Webteh
C:\Program Files\Windows Live
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinPCap
C:\Program Files\WinRAR
C:\Program Files\xerox

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\Apple
C:\program files\fichiers communs\DESIGNER
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\Logitech
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\muvee Technologies
C:\program files\fichiers communs\NewTech Infosystems
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\System
C:\program files\fichiers communs\Wise Installation Wizard

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]


-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

Aucun dossier Lop trouvé !

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : Propre

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 11:36:51
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

E:\Autorun.inf


--------------------[ Fin du rapport à 11:38:20,12 ]----------------------
26 Octobre 2007 16:58:02

bonjour

pour:

Citation :
--------------------[ Recherche d'autres infections ]---------------------

E:\Autorun.inf


Télécharge Flash Disinfector
Connectes tes supports amovibles sur ton PC. (lecteur mp3, DD externe, clé USB...)
Connecte tous les périphériques externes ( DD , USB , ..... )
Double clique sur Flash Disinfector et laisse toi guider

supprime si toujours présent:

E:\Autorun.inf
Note :
Citation :
Pour afficher les dossiers et fichiers cachés du système:
Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système.

Les fichiers et dossiers cachés du système apparaissent alors dans l'explorateur Windows en transparence.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS