Accès au Site
 FAQFAQ   RechercherCharte   RechercherRechercher   MembresMembres   UtilisateursUtilisateurs   S'enregistrerS'enregistrer   ProfilProfil   Vérifier ses messages privésVérifier ses messages privés   ConnexionConnexion
 
Aide sur log hijackthis : Adware Lop [Résolu]
Aller à la page 1, 2  Suivante
 
Répondre au sujet Le site -> Assiste PC Index du Forum -> Désinfection des virus & analyses de logs HijackThisCréer un flux RSS 2.0
Auteur Message
thv02
Habitué
Habitué


Inscrit le: 18 Nov 2006
Message(s): 51
Localisation: Montaigu (02)
MessagePosté le: 24 Déc 2007 7:51    Sujet du message: Aide sur log hijackthis : Adware Lop [Résolu] Répondre en citant
Bonjour à toutes et à tous !!!
Quelqu'un peut-il analyser mon log Hujackthis et me dire se qu'il en pense !!
Merci
THIERRY
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 06:40:04, on 24/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [wave defy logo cdrom] C:\Documents and Settings\All Users\Application Data\BASH OOZE WAVE DEFY\meal start.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [puremail] C:\DOCUME~1\CARROY\APPLIC~1\CLOCKA~1\intra grim chin.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2d279ba4d7ea40b9a7253de93d2e4003
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2d279ba4d7ea40b9a7253de93d2e4003
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181765560750
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1e1fb98a6ac337cb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 10416 bytes

_________________
Fan N°1 de Sév
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé
APC
Invité
MessagePosté le: 24 Déc 2007 8:19    Sujet du message: Répondre en citant
Bonjour Thierry,

Ta version de HijackThis est obsolète et instable, la version 2 n'est plus en bêta, re-télécharge là à partir de cette page et reposte un nouveau log.

Avast est une passoire, ta version de Java n'est pas à jour... mais on ne voit pas tout avec HijackThis.

Ce qui serait bien c'est que tu me dises pourquoi tu souhaites une analyse de ton log. Wink

Bye
Revenir en haut de page
thv02
Habitué
Habitué


Inscrit le: 18 Nov 2006
Message(s): 51
Localisation: Montaigu (02)
MessagePosté le: 24 Déc 2007 9:31    Sujet du message: Répondre en citant
Bonjour SEV et joyeux Noel
Revoici un log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:24:16, on 24/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [wave defy logo cdrom] C:\Documents and Settings\All Users\Application Data\BASH OOZE WAVE DEFY\meal start.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [puremail] C:\DOCUME~1\CARROY\APPLIC~1\CLOCKA~1\intra grim chin.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2d279ba4d7ea40b9a7253de93d2e4003
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2d279ba4d7ea40b9a7253de93d2e4003
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181765560750
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1e1fb98a6ac337cb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9064 bytes


Je navigue avec firefox et je ne rencontre aucun problème, cependant, je suis obligé de me servir de IE pour aller sur le site de ma banque postale car je ne peus pas consulter mon à partir de Firefox (!!!???) Lorsque je lance IE, parfois, d'autre pages s'ouvrent avec de la pub (pas de porno)!!! C'est pour cela que j'ai posté un log !!!
Merci pour ton aide précieuse !!!
THIERRY
_________________
Fan N°1 de Sév
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé
APC
Invité
MessagePosté le: 24 Déc 2007 12:43    Sujet du message: Répondre en citant
On dirait qu'il y a du Lop là dessous.

Poste un rapport de Lop S&D et un nouveau log HijackThis.

T'as pas honte de me faire travailler un 24 décembre ? Lol

Passe de bonnes fêtes toi aussi. Smile

Bye
Revenir en haut de page
thv02
Habitué
Habitué


Inscrit le: 18 Nov 2006
Message(s): 51
Localisation: Montaigu (02)
MessagePosté le: 24 Déc 2007 15:46    Sujet du message: Répondre en citant
Bonjour
voici le log Lop S&D:

   ------------------------------[  Lop S&D 1.5 ]----------------------------

   Version      : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
                         
   Lancé depuis : "C:\Documents and Settings\CARROY\Bureau\Lop S&D"

   Rapport créé Le 24/12/2007 à 14:36:40,43   PC : LAURENCE

   [b]! Faire analyser le rapport par un Helper avant intervention ![/b]

   -------------[ Listing des Dossiers dans Application Data ]------------- 

   C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
   C:\Documents and settings\All Users\Application Data\BASH OOZE WAVE DEFY
   C:\Documents and settings\All Users\Application Data\BOONTY
   C:\Documents and settings\All Users\Application Data\BVRP Software
   C:\Documents and settings\All Users\Application Data\Microsoft
   C:\Documents and settings\All Users\Application Data\avg7
   C:\Documents and settings\All Users\Application Data\Grisoft
   C:\Documents and settings\All Users\Application Data\PKP_DLds.DAT
   C:\Documents and settings\All Users\Application Data\Images
   C:\Documents and settings\All Users\Application Data\Instrument Library
   C:\Documents and settings\All Users\Application Data\PKP_DLec.DAT
   C:\Documents and settings\All Users\Application Data\Ultima_T15
   C:\Documents and settings\All Users\Application Data\EnterNHelp
   C:\Documents and settings\All Users\Application Data\Apple Computer
   C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
   C:\Documents and settings\All Users\Application Data\TEMP
   C:\Documents and settings\All Users\Application Data\Messenger Plus!
   C:\Documents and settings\All Users\Application Data\Google
   C:\Documents and settings\All Users\Application Data\EBP
   C:\Documents and settings\All Users\Application Data\PlayFirst
   C:\Documents and settings\All Users\Application Data\AOL
   C:\Documents and settings\All Users\Application Data\Windows Live Toolbar
   C:\Documents and settings\All Users\Application Data\Viewpoint
   C:\Documents and settings\All Users\Application Data\Symantec
   C:\Documents and settings\All Users\Application Data\Ahead
   C:\Documents and settings\All Users\Application Data\hpzinstall.log
   C:\Documents and settings\All Users\Application Data\QuickTime
   C:\Documents and settings\All Users\Application Data\SBSI
   C:\Documents and settings\All Users\Application Data\desktop.ini

   C:\Documents and settings\CARROY\Application Data\clockaxis
   C:\Documents and settings\CARROY\Application Data\WinRAR
   C:\Documents and settings\CARROY\Application Data\FileZilla
   C:\Documents and settings\CARROY\Application Data\LivingActor
   C:\Documents and settings\CARROY\Application Data\Talkback
   C:\Documents and settings\CARROY\Application Data\SecuROM
   C:\Documents and settings\CARROY\Application Data\Microsoft
   C:\Documents and settings\CARROY\Application Data\Internet Plug-Ins
   C:\Documents and settings\CARROY\Application Data\Apple Computer
   C:\Documents and settings\CARROY\Application Data\Nikon
   C:\Documents and settings\CARROY\Application Data\AdobeUM
   C:\Documents and settings\CARROY\Application Data\AVG7
   C:\Documents and settings\CARROY\Application Data\Grisoft
   C:\Documents and settings\CARROY\Application Data\Mozilla
   C:\Documents and settings\CARROY\Application Data\PlayFirst
   C:\Documents and settings\CARROY\Application Data\AOL
   C:\Documents and settings\CARROY\Application Data\Help
   C:\Documents and settings\CARROY\Application Data\EBP
   C:\Documents and settings\CARROY\Application Data\Adobe
   C:\Documents and settings\CARROY\Application Data\Macromedia
   C:\Documents and settings\CARROY\Application Data\You've Got Pictures Screensaver
   C:\Documents and settings\CARROY\Application Data\DVD Shrink
   C:\Documents and settings\CARROY\Application Data\Ahead
   C:\Documents and settings\CARROY\Application Data\NeroVision
   C:\Documents and settings\CARROY\Application Data\Google
   C:\Documents and settings\CARROY\Application Data\Hewlett-Packard
   C:\Documents and settings\CARROY\Application Data\wklnhst.dat
   C:\Documents and settings\CARROY\Application Data\Sonic
   C:\Documents and settings\CARROY\Application Data\Leadertech
   C:\Documents and settings\CARROY\Application Data\InterVideo
   C:\Documents and settings\CARROY\Application Data\Symantec
   C:\Documents and settings\CARROY\Application Data\Identities
   C:\Documents and settings\CARROY\Application Data\Sun
   C:\Documents and settings\CARROY\Application Data\desktop.ini

   C:\Documents and settings\Default User\Application Data\Identities
   C:\Documents and settings\Default User\Application Data\Symantec
   C:\Documents and settings\Default User\Application Data\Apple Computer
   C:\Documents and settings\Default User\Application Data\Sonic
   C:\Documents and settings\Default User\Application Data\Microsoft
   C:\Documents and settings\Default User\Application Data\Sun
   C:\Documents and settings\Default User\Application Data\desktop.ini

   C:\Documents and settings\Invit‚\Application Data\Microsoft
   C:\Documents and settings\Invit‚\Application Data\Identities
   C:\Documents and settings\Invit‚\Application Data\Symantec
   C:\Documents and settings\Invit‚\Application Data\Apple Computer
   C:\Documents and settings\Invit‚\Application Data\Sonic
   C:\Documents and settings\Invit‚\Application Data\Sun
   C:\Documents and settings\Invit‚\Application Data\desktop.ini

   C:\Documents and settings\LocalService\Application Data\Microsoft
   C:\Documents and settings\LocalService\Application Data\AVG7

   C:\Documents and settings\NetworkService\Application Data\Microsoft

 
   ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

   C:\WINDOWS\tasks\BA38A4E3885F5BF7.job
   C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
   C:\WINDOWS\tasks\HP Usg Daily.job
   C:\WINDOWS\tasks\SA.DAT
   C:\WINDOWS\tasks\desktop.ini
 
   ---------------[ Listing des dossiers dans Program Files ]--------------
 
   C:\Program Files\Adobe
   C:\Program Files\Ahead
   C:\Program Files\Alwil Software
   C:\Program Files\Anuman Interactive
   C:\Program Files\B-Association
   C:\Program Files\CCleaner
   C:\Program Files\Cdiscount photos
   C:\Program Files\Circle Developement
   C:\Program Files\clockaxis
   C:\Program Files\Common Files
   C:\Program Files\CONEXANT
   C:\Program Files\CursorXP
   C:\Program Files\Easy Internet signup
   C:\Program Files\EBP
   C:\Program Files\Fichiers communs
   C:\Program Files\Google
   C:\Program Files\Grisoft
   C:\Program Files\Hewlett-Packard
   C:\Program Files\HP
   C:\Program Files\HPQ
   C:\Program Files\Intel
   C:\Program Files\Internet Explorer
   C:\Program Files\iTunes
   C:\Program Files\Java
   C:\Program Files\La cave du sommelier
   C:\Program Files\Learn2.com
   C:\Program Files\LiveUpdate
   C:\Program Files\Ludiclub
   C:\Program Files\Macrogaming
   C:\Program Files\Maxis
   C:\Program Files\Messenger
   C:\Program Files\Messenger Plus! Live
   C:\Program Files\Microsoft CAPICOM 2.1.0.2
   C:\Program Files\microsoft frontpage
   C:\Program Files\Microsoft Office
   C:\Program Files\Microsoft Visual Studio
   C:\Program Files\Microsoft Works
   C:\Program Files\Microsoft.NET
   C:\Program Files\mobile PhoneTools
   C:\Program Files\Movie Maker
   C:\Program Files\Mozilla Firefox
   C:\Program Files\MSN
   C:\Program Files\MSN Gaming Zone
   C:\Program Files\MSN Messenger
   C:\Program Files\MSXML 4.0
   C:\Program Files\Navilog1
   C:\Program Files\NetMeeting
   C:\Program Files\Nikon
   C:\Program Files\Online Services
   C:\Program Files\orange
   C:\Program Files\Outlook Express
   C:\Program Files\PC Camera
   C:\Program Files\QuickTime
   C:\Program Files\Real
   C:\Program Files\SAGEM
   C:\Program Files\Services en ligne
   C:\Program Files\Sonic
   C:\Program Files\Spybot - Search & Destroy
   C:\Program Files\Synaptics
   C:\Program Files\Viewpoint
   C:\Program Files\Wanadoo
   C:\Program Files\WinCave24
   C:\Program Files\Windows Live
   C:\Program Files\Windows Live Favorites
   C:\Program Files\Windows Live Toolbar
   C:\Program Files\Windows Media Connect 2
   C:\Program Files\Windows Media Player
   C:\Program Files\Windows NT
   C:\Program Files\WinRAR
   C:\Program Files\WinZip
   C:\Program Files\xerox
 
   ------[ Listing des dossiers dans Program Files\Fichiers Communs ]------
             
   C:\program files\fichiers communs\Adobe
   C:\program files\fichiers communs\Ahead
   C:\program files\fichiers communs\AOL
   C:\program files\fichiers communs\BOONTY Shared
   C:\program files\fichiers communs\DESIGNER
   C:\program files\fichiers communs\EBP
   C:\program files\fichiers communs\InstallShield
   C:\program files\fichiers communs\Java
   C:\program files\fichiers communs\Microsoft Shared
   C:\program files\fichiers communs\MSSoap
   C:\program files\fichiers communs\muvee Technologies
   C:\program files\fichiers communs\Nikon
   C:\program files\fichiers communs\Nullsoft
   C:\program files\fichiers communs\Oberon Media
   C:\program files\fichiers communs\ODBC
   C:\program files\fichiers communs\Real
   C:\program files\fichiers communs\Services
   C:\program files\fichiers communs\Sonic
   C:\program files\fichiers communs\SpeechEngines
   C:\program files\fichiers communs\SureThing Shared
   C:\program files\fichiers communs\System
 
   ----------------------[ Recherche dans le Registre ]----------------------

   [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
 
   "wave defy logo cdrom"="C:\\Documents and Settings\\All Users\\Application Data\\BASH OOZE WAVE DEFY\\meal start.exe"
 
   [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
 
   "puremail"="C:\\DOCUME~1\\CARROY\\APPLIC~1\\CLOCKA~1\\intra grim chin.exe"

   -----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

   C:\Documents and settings\All Users\Application Data\BASH OOZE WAVE DEFY
   C:\Documents and settings\CARROY\Application Data\CLOCKA~1
   C:\Program Files\CLOCKA~1 
   C:\WINDOWS\Prefetch\MEAL START.EXE-13613528.pf 
   C:\WINDOWS\tasks\BA38A4E3885F5BF7.job
 
   --------------------[ Vérification du fichier Hosts ]---------------------
 
   Fichier Hosts : [b]MODIFIE[/b]
 
   127.0.0.1       localhost
   127.0.0.1 bin.errorprotector.com ## added by CiD
   127.0.0.1 br.errorsafe.com ## added by CiD
   127.0.0.1 br.winantivirus.com ## added by CiD
   127.0.0.1 br.winfixer.com ## added by CiD
   127.0.0.1 cdn.drivecleaner.com ## added by CiD
   127.0.0.1 cdn.errorsafe.com ## added by CiD
   127.0.0.1 cdn.winsoftware.com ## added by CiD
   127.0.0.1 de.errorsafe.com ## added by CiD
   127.0.0.1 de.winantivirus.com ## added by CiD
   127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
   127.0.0.1 download.cdn.errorsafe.com ## added by CiD
   127.0.0.1 download.cdn.winsoftware.com ## added by CiD
   127.0.0.1 download.errorsafe.com ## added by CiD
   127.0.0.1 download.systemdoctor.com ## added by CiD
   127.0.0.1 download.winantispyware.com ## added by CiD
   127.0.0.1 download.windrivecleaner.com ## added by CiD
   127.0.0.1 download.winfixer.com ## added by CiD
   127.0.0.1 drivecleaner.com ## added by CiD
   127.0.0.1 dynamique.drivecleaner.com ## added by CiD
   127.0.0.1 errorprotector.com ## added by CiD
   127.0.0.1 errorsafe.com ## added by CiD
   127.0.0.1 es.winantivirus.com ## added by CiD
   127.0.0.1 fr.winantivirus.com ## added by CiD
   127.0.0.1 fr.winfixer.com ## added by CiD
   127.0.0.1 go.drivecleaner.com ## added by CiD
   127.0.0.1 go.errorsafe.com ## added by CiD
   127.0.0.1 go.winantispyware.com ## added by CiD
   127.0.0.1 go.winantivirus.com ## added by CiD
   127.0.0.1 hk.winantivirus.com ## added by CiD
   127.0.0.1 instlog.errorsafe.com ## added by CiD
   127.0.0.1 instlog.winantivirus.com ## added by CiD
   127.0.0.1 instlog.winfixer.com ## added by CiD
   127.0.0.1 jsp.drivecleaner.com ## added by CiD
   127.0.0.1 kb.errorsafe.com ## added by CiD
   127.0.0.1 kb.winantivirus.com ## added by CiD
   127.0.0.1 nl.errorsafe.com ## added by CiD
   127.0.0.1 se.errorsafe.com ## added by CiD
   127.0.0.1 secure.drivecleaner.com ## added by CiD
   127.0.0.1 secure.errorsafe.com ## added by CiD
   127.0.0.1 secure.winantispam.com ## added by CiD
   127.0.0.1 secure.winantispy.com ## added by CiD
   127.0.0.1 secure.winantivirus.com ## added by CiD
   127.0.0.1 support.winantivirus.com ## added by CiD
   127.0.0.1 trial.updates.winsoftware.com ## added by CiD
   127.0.0.1 ulog.winantivirus.com ## added by CiD
   127.0.0.1 utils.errorsafe.com ## added by CiD
   127.0.0.1 utils.winantivirus.com ## added by CiD
   127.0.0.1 utils.winfixer.com ## added by CiD
   127.0.0.1 winantispyware.com ## added by CiD
   127.0.0.1 winantivirus.com ## added by CiD
   127.0.0.1 winfixer.com ## added by CiD
   127.0.0.1 winfixer2006.com ## added by CiD
   127.0.0.1 winsoftware.com ## added by CiD
   127.0.0.1 www.drivecleaner.com ## added by CiD
   127.0.0.1 www.errorprotector.com ## added by CiD
   127.0.0.1 www.errorsafe.com ## added by CiD
   127.0.0.1 www.systemdoctor.com ## added by CiD
   127.0.0.1 www.utils.winfixer.com ## added by CiD
   127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
   127.0.0.1 www.win-virus-pro.com ## added by CiD
   127.0.0.1 www.winantispam.com ## added by CiD
   127.0.0.1 www.winantispy.com ## added by CiD
   127.0.0.1 www.winantispyware.com ## added by CiD
   127.0.0.1 www.winantivirus.com ## added by CiD
   127.0.0.1 www.winantiviruspro.com ## added by CiD
   127.0.0.1 www.windrivecleaner.com ## added by CiD
   127.0.0.1 www.windrivesafe.com ## added by CiD
   127.0.0.1 www.winfixer.com ## added by CiD
   127.0.0.1 www.winfixer2006.com ## added by CiD
   127.0.0.1 www.winsoftware.com ## added by CiD

   --------------[ Recherche de fichiers cachés avec Catchme ]---------------
 
   catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2007-12-24 14:37:28
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden services & system hive ...
   scanning hidden files ...
   scan completed successfully
   hidden files: 0
 
   --------------------[ Recherche d'autres infections ]---------------------
 
   D:\Autorun.inf
 
 
   --------------------[ Fin du rapport à 14:38:59,03  ]----------------------


Et un nouveau log hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:18, on 24/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe
C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [wave defy logo cdrom] C:\Documents and Settings\All Users\Application Data\BASH OOZE WAVE DEFY\meal start.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [puremail] C:\DOCUME~1\CARROY\APPLIC~1\CLOCKA~1\intra grim chin.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2d279ba4d7ea40b9a7253de93d2e4003
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2d279ba4d7ea40b9a7253de93d2e4003
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181765560750
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1e1fb98a6ac337cb.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9157 bytes

MERCI POUR TOUT ET BONNES FETES
_________________
Fan N°1 de Sév
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé
APC
Invité
MessagePosté le: 24 Déc 2007 19:13    Sujet du message: Répondre en citant
On dirait que l'infection a été exécutée à partir d'un CD Sarcastique

Relance Lop S&D en tapant 1 pour la langue Française, puis S pour lancer la suppression.

Poste le rapport obtenu avec un nouveau log HijackThis.

Bon réveillon,
Bye
Revenir en haut de page
thv02
Habitué
Habitué


Inscrit le: 18 Nov 2006
Message(s): 51
Localisation: Montaigu (02)
MessagePosté le: 26 Déc 2007 14:34    Sujet du message: Répondre en citant
Bonjour lorsque je clique sur "S", cela me dit que "le lecteur D n'est pas un programme interne ou externe, ni un fichier de programmme ou un fichier commande"
Si j'enlève le cd qui se trouve dans D et choisi "S", ca me dit "Pas de cd dans le lecteur D"
Si je relance lopS&D et choisi "R", ca plante l'ordi !!!
Je ne sais pas trop quoi faire !!!
Merci
THIERRY
_________________
Fan N°1 de Sév
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé
APC
Invité
MessagePosté le: 26 Déc 2007 20:26    Sujet du message: Répondre en citant
Bonsoir Thierry,

C'est curieux ça Neutre

Laisse Lop S&D de côté pour l'instant on y reviendra plus tard si besoin.

Fais ce qui suit :

  • Télécharge combofix.exe, de sUBs, sur ton Bureau,

    Désactive ton antivirus et tes autres protections pour que Combofix puisse s'éxécuter normalement

    • Ferme toutes tes applications en cours, il peut y avoir un redémarrage du PC,
    • Double clique combofix.exe,
    • Tape sur la touche 1 (Yes) pour démarrer le scan,

      Exclamation Ne clique pas dans la fenêtre de Combofix pendant qu'il effectue son scan.

    • Lorsque le scan sera complété, un rapport apparaîtra.
    • Poste l'intégralité du rapport sous forme de lien dans ta prochaine réponse

      NB : Le rapport se trouve également là : C:\Combofix.txt.
Revenir en haut de page
thv02
Habitué
Habitué


Inscrit le: 18 Nov 2006
Message(s): 51
Localisation: Montaigu (02)
MessagePosté le: 27 Déc 2007 13:29    Sujet du message: Répondre en citant
Bonjour
Voici le scan:
ComboFix 07-12-21.4 - CARROY 2007-12-27 12:03:01.1 - NTFSx86
Running from: C:\Documents and Settings\CARROY\Bureau\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2007-11-27 to 2007-12-27  ))))))))))))))))))))))))))))))))))))
.

2007-12-25 19:31 . 2007-12-25 19:31   268   --ah-----   C:\sqmdata02.sqm
2007-12-25 19:31 . 2007-12-25 19:31   244   --ah-----   C:\sqmnoopt02.sqm
2007-12-20 17:58 . 2007-12-20 17:58   <REP>   d--------   C:\Program Files\Circle Developement
2007-12-02 11:35 . 2007-12-02 11:35   <REP>   d--------   C:\Program Files\Windows Live Favorites

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 11:20   ---------   d-----w   C:\Program Files\Wanadoo
2007-12-21 18:35   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 16:58   ---------   d-----w   C:\Program Files\Messenger Plus! Live
2007-12-04 14:56   93,264   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55   94,544   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04   837,496   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54   95,608   ----a-w   C:\WINDOWS\system32\AvastSS.scr
2007-12-02 10:36   ---------   d-----w   C:\Program Files\Windows Live Toolbar
2007-11-25 05:55   ---------   d-----w   C:\Program Files\WinCave24
2007-11-25 05:54   ---------   d-----w   C:\Program Files\Anuman Interactive
2007-11-22 05:24   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\BOONTY
2007-11-22 05:23   ---------   d-----w   C:\Program Files\Fichiers communs\BOONTY Shared
2007-11-14 07:28   450,560   ------w   C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 04:19   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-08 17:35   ---------   d-----w   C:\Program Files\mobile PhoneTools
2007-11-08 17:28   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-11-08 17:28   ---------   d-----w   C:\Program Files\LiveUpdate
2007-11-02 17:38   ---------   d-----w   C:\Program Files\Ludiclub
2007-11-02 10:49   ---------   d-----w   C:\Program Files\iTunes
2007-10-30 10:18   3,079,680   ------w   C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43   1,293,824   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43   1,293,824   ------w   C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 05:50   ---------   d-----w   C:\Documents and Settings\CARROY\Application Data\FileZilla
2007-10-25 16:56   8,510,976   ------w   C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28   222,720   ----a-w   C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28   222,720   ------w   C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:13   96,768   ------w   C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:13   663,552   ------w   C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:13   617,472   ------w   C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:13   55,808   ------w   C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:13   532,480   ------w   C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:13   474,624   ------w   C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13   449,024   ------w   C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:13   39,424   ------w   C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:13   357,888   ------w   C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:13   251,392   ------w   C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:13   205,312   ------w   C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:13   16,384   ------w   C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:13   152,064   ------w   C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13   146,432   ------w   C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:13   1,495,040   ------w   C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13   1,056,768   ------w   C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13   1,024,000   ------w   C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16   18,432   ------w   C:\WINDOWS\system32\dllcache\iedw.exe
2007-09-20 13:54   0   ---h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-09-20 12:37   20   ---h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2005-03-29 20:28   412   ----a-w   C:\Documents and Settings\CARROY\Application Data\wklnhst.dat
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34]
"puremail"="C:\DOCUME~1\CARROY\APPLIC~1\CLOCKA~1\intra grim chin.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 21:48]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 21:43]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 17:25]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 17:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 15:21]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 11:33]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-05 06:18]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-19 14:34]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-06-13 17:37]
"wave defy logo cdrom"="C:\Documents and Settings\All Users\Application Data\BASH OOZE WAVE DEFY\meal start.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 09:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^CARROY^Menu Démarrer^Programmes^Démarrage^WkCalRem.LNK]
path=C:\Documents and Settings\CARROY\Menu Démarrer\Programmes\Démarrage\WkCalRem.LNK
backup=C:\WINDOWS\pss\WkCalRem.LNKStartup
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
         C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-10-13 17:34   229438   --a------   C:\Program Files\HPQ\Default Settings\cpqset.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
         C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2003-10-14 12:20   1224754   ---------   C:\Program Files\Ahead\InCD\InCD.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
         C:\Program Files\IncrediMail\bin\IncMail.exe /c
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
         C:\Program Files\iTunes\iTunesHelper.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
         C:\PROGRA~1\Magentic\bin\Magentic.exe /c
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-09-07 12:55   1871872   ---------   C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
         C:\Program Files\QuickTime\qttask.exe -atboottime
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
         C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 14:07   49263   --a------   C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
         C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
         C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe /r

S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-11-22 06:23]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-27 08:08:02 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2007-12-27 10:27:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 12:18:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-27 12:25:22 - machine was rebooted
.
2007-12-22 02:07:47   --- E O F --- 

Merci
THIERRY
_________________
Fan N°1 de Sév
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé
APC
Invité
MessagePosté le: 28 Déc 2007 11:53    Sujet du message: Répondre en citant
Bonjour Thierry,

  • Désinstalle Sweetim par Ajout / Suppression de Programmes ainsi que MSN Plus s'il a été installé avec le sponsor (Clique sur Modifier et Désinstaller le sponsor).

    Exclamation Désactive ton antivirus et tes autres protections pour que Combofix puisse s'éxécuter normalement,

  • Ouvre le bloc notes et enregistre la totalité du texte ci-dessous :

    Citation:
    File::
    C:\WINDOWS\tasks\BA38A4E3885F5BF7.job
    C:\WINDOWS\Prefetch\MEAL START.EXE-13613528.pf
    D:\Autorun.inf

    Folder::
    C:\\Documents and Settings\\All Users\\Application Data\\BASH OOZE WAVE DEFY
    C:\Documents and settings\CARROY\Application Data\CLOCKA~1
    C:\Program Files\CLOCKA~1


  • Enregistre le fichier en le nommant CFScript.txt et fais un glisser/déposer du fichier vers Combofix comme sur l'image ci-dessous :



  • Double-clique Combofix.exe et laisse le s'exécuter (ne touche à rien pendant toute la durée du scan)

  • Une fois le scan terminé un rapport Combofix.log va apparaître, enregistre-le sur ton Bureau pour pouvoir le retrouver plus facilement.

  • Poste un nouveau log HijackThis


++
Revenir en haut de page
thv02
Habitué
Habitué


Inscrit le: 18 Nov 2006
Message(s): 51
Localisation: Montaigu (02)
MessagePosté le: 28 Déc 2007 15:21    Sujet du message: Répondre en citant
Bonjour
je n'ai pas trouvé le programme Sweetim, MSN PLUS n'avait pas été installé avec le sponsor !!!
Voici le log de combofix:
ComboFix 07-12-21.4 - CARROY 2007-12-28 14:06:04.2 - NTFSx86
Running from: C:\Documents and Settings\CARROY\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\CARROY\Bureau\CFScript.txt
 * Created a new restore point

FILE
C:\WINDOWS\Prefetch\MEAL START.EXE-13613528.pf
C:\WINDOWS\tasks\BA38A4E3885F5BF7.job
D:\Autorun.inf
.

(((((((((((((((((((((((((((((   Fichiers créés 2007-11-28 to 2007-12-28  ))))))))))))))))))))))))))))))))))))
.

2007-12-25 19:31 . 2007-12-25 19:31   268   --ah-----   C:\sqmdata02.sqm
2007-12-25 19:31 . 2007-12-25 19:31   244   --ah-----   C:\sqmnoopt02.sqm
2007-12-20 17:58 . 2007-12-20 17:58   <REP>   d--------   C:\Program Files\Circle Developement
2007-12-02 11:35 . 2007-12-02 11:35   <REP>   d--------   C:\Program Files\Windows Live Favorites

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 12:39   ---------   d-----w   C:\Program Files\Wanadoo
2007-12-21 18:35   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 16:58   ---------   d-----w   C:\Program Files\Messenger Plus! Live
2007-12-04 14:56   93,264   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55   94,544   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04   837,496   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54   95,608   ----a-w   C:\WINDOWS\system32\AvastSS.scr
2007-12-02 10:36   ---------   d-----w   C:\Program Files\Windows Live Toolbar
2007-11-25 05:55   ---------   d-----w   C:\Program Files\WinCave24
2007-11-25 05:54   ---------   d-----w   C:\Program Files\Anuman Interactive
2007-11-22 05:24   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\BOONTY
2007-11-22 05:23   ---------   d-----w   C:\Program Files\Fichiers communs\BOONTY Shared
2007-11-14 07:28   450,560   ------w   C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 04:19   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-08 17:35   ---------   d-----w   C:\Program Files\mobile PhoneTools
2007-11-08 17:28   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-11-08 17:28   ---------   d-----w   C:\Program Files\LiveUpdate
2007-11-02 17:38   ---------   d-----w   C:\Program Files\Ludiclub
2007-11-02 10:49   ---------   d-----w   C:\Program Files\iTunes
2007-10-30 10:18   3,079,680   ------w   C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43   1,293,824   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43   1,293,824   ------w   C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 05:50   ---------   d-----w   C:\Documents and Settings\CARROY\Application Data\FileZilla
2007-10-25 16:56   8,510,976   ------w   C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28   222,720   ----a-w   C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28   222,720   ------w   C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:13   96,768   ------w   C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:13   663,552   ------w   C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:13   617,472   ------w   C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:13   55,808   ------w   C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:13   532,480   ------w   C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:13   474,624   ------w   C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13   449,024   ------w   C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:13   39,424   ------w   C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:13   357,888   ------w   C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:13   251,392   ------w   C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:13   205,312   ------w   C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:13   16,384   ------w   C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:13   152,064   ------w   C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13   146,432   ------w   C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:13   1,495,040   ------w   C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13   1,056,768   ------w   C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13   1,024,000   ------w   C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16   18,432   ------w   C:\WINDOWS\system32\dllcache\iedw.exe
2007-09-20 13:54   0   ---h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-09-20 12:37   20   ---h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2005-03-29 20:28   412   ----a-w   C:\Documents and Settings\CARROY\Application Data\wklnhst.dat
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34]
"puremail"="C:\DOCUME~1\CARROY\APPLIC~1\CLOCKA~1\intra grim chin.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 21:48]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 21:43]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 17:25]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 17:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 15:21]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 11:33]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-05 06:18]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-19 14:34]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-06-13 17:37]
"wave defy logo cdrom"="C:\Documents and Settings\All Users\Application Data\BASH OOZE WAVE DEFY\meal start.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 09:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^CARROY^Menu Démarrer^Programmes^Démarrage^WkCalRem.LNK]
path=C:\Documents and Settings\CARROY\Menu Démarrer\Programmes\Démarrage\WkCalRem.LNK
backup=C:\WINDOWS\pss\WkCalRem.LNKStartup
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
         C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-10-13 17:34   229438   --a------   C:\Program Files\HPQ\Default Settings\cpqset.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
         C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2003-10-14 12:20   1224754   ---------   C:\Program Files\Ahead\InCD\InCD.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
         C:\Program Files\IncrediMail\bin\IncMail.exe /c
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
         C:\Program Files\iTunes\iTunesHelper.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
         C:\PROGRA~1\Magentic\bin\Magentic.exe /c
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-09-07 12:55   1871872   ---------   C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
         C:\Program Files\QuickTime\qttask.exe -atboottime
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
         C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 14:07   49263   --a------   C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
         
[HKEY_LOCAL_MACHINE\software\mic