help help - pub CID - de l'aide svp - rapport Hijackthis
Forum Sécurité - Virus : help help - pub CID - de l'aide svp - rapport Hijackthis
Bonjour, je recoi des publicité CID sans meme utiliser internet, pouvez vous m'aider a resoudre mon problème svp?
merci d'avance
Message édité par hank2 le 27-12-2007 à 15:45:10
bonsoir
1
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
2
Télécharge Lop S&D.exe sur ton bureau
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
- Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
- Patiente jusqu'à la fin du scan
- Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Voici le rapport HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 11:09:18, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
et voici le rapport Lop S&D :
-----------------------------[ Lop S&D 2.0.1 ]---------------------------
Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
"C:\Program Files\Lop SD"
[ 27/12/2007 | 11:12:35,21 ] [ DOM-GFAPFA66CK8 ]
-------------[ Listing des dossiers dans Application Data ]------------
C:\Documents and Settings\All Users\APPLIC~1\Google Updater
C:\Documents and Settings\All Users\APPLIC~1\Spybot - Search & Destroy
C:\Documents and Settings\All Users\APPLIC~1\WindowsLiveInstaller
C:\Documents and Settings\All Users\APPLIC~1\Wait Find Browse New
C:\Documents and Settings\All Users\APPLIC~1\Microsoft
C:\Documents and Settings\All Users\APPLIC~1\WLInstaller
C:\Documents and Settings\All Users\APPLIC~1\AVS4YOU
C:\Documents and Settings\All Users\APPLIC~1\Adobe
C:\Documents and Settings\All Users\APPLIC~1\Grisoft
C:\Documents and Settings\All Users\APPLIC~1\Mozilla
C:\Documents and Settings\All Users\APPLIC~1\QTSBandwidthCache
C:\Documents and Settings\All Users\APPLIC~1\AOL
C:\Documents and Settings\All Users\APPLIC~1\AOL Downloads
C:\Documents and Settings\All Users\APPLIC~1\AOL OCP
C:\Documents and Settings\All Users\APPLIC~1\BOONTY
C:\Documents and Settings\All Users\APPLIC~1\Sony Ericsson
C:\Documents and Settings\All Users\APPLIC~1\CyberLink
C:\Documents and Settings\All Users\APPLIC~1\MakeMusic
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\Google
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\dvdcss
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\uTorrent
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\AVS4YOU
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Media Player Classic
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\BSplayer
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\BSplayer Pro
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Microsoft
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Adobe
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Talkback
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Mozilla
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\WinRAR
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\ZoomBrowser EX
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Google
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\AdobeUM
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\$_hpcst$.hpc
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Ahead
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Lavasoft
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Help
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\CyberLink
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Apple Computer
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\XnView
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\vlc
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Macromedia
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Real
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Identities
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Sun
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\desktop.ini
C:\Documents and Settings\LocalService\APPLIC~1\Spyware Terminator
C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[22/12/2007 20:36][--a------]C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[27/12/2007 11:04][--ah-----]C:\WINDOWS\tasks\SA.DAT
[24/04/2003 13:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\Adobe
C:\Program Files\AdVantage
C:\Program Files\Ahead
C:\Program Files\Alwil Software
C:\Program Files\Apple Software Update
C:\Program Files\Audacity
C:\Program Files\AVS4YOU
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Canon
C:\Program Files\CCleaner
C:\Program Files\CDex_150
C:\Program Files\Common Files
C:\Program Files\ComPlus Applications
C:\Program Files\CyberLink
C:\Program Files\CyberLink DVD Solution
C:\Program Files\deo
C:\Program Files\directx
C:\Program Files\DivX
C:\Program Files\EarMaster School
C:\Program Files\Eidos Interactive
C:\Program Files\eMule
C:\Program Files\Fichiers communs
C:\Program Files\Finale 2005b
C:\Program Files\Google
C:\Program Files\Grisoft
C:\Program Files\Hijackthis
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\Java
C:\Program Files\jv16 PowerTools 2007
C:\Program Files\K-Lite Codec Pack
C:\Program Files\Lame MP3 Codec
C:\Program Files\Lavasoft
C:\Program Files\LimeWire
C:\Program Files\Lop SD
C:\Program Files\Macrogaming
C:\Program Files\Messenger
C:\Program Files\Microsoft ActiveSync
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft Works Suite 2004
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\Navilog1
C:\Program Files\Nero
C:\Program Files\NetMeeting
C:\Program Files\Outlook Express
C:\Program Files\PhotoFiltre
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\Samsung
C:\Program Files\Services en ligne
C:\Program Files\Sony Ericsson
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Steinberg
C:\Program Files\THOMSON mp3PRO Audio Player
C:\Program Files\Uninstall_CDS.exe
C:\Program Files\USB Driver for Windows
C:\Program Files\VideoLAN
C:\Program Files\VirusGarde
C:\Program Files\Webteh
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\xerox
C:\Program Files\Yahoo!
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\AVSMedia
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\Canon
C:\Program Files\Fichiers communs\Designer
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\PC SOFT
C:\Program Files\Fichiers communs\Real
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System
C:\Program Files\Fichiers communs\Teleca Shared
C:\Program Files\Fichiers communs\xing shared
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé ! )
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts MODIFIE
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 11:14:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
--------------------[ Fin du rapport a 11:14:44,29 ]----------------------
merci pour le coup de pouce
bonsoir
à ce que je vois,tu sembles avoir résolu une partie de ts soucis tout seul
on nettoie quand même le fichier Hosts
Relance Lop S&D
- Choisis cette fois ci l'Option 2 ( Suppression )
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Oui, par gene lorsque je travaillai, j'ai décidé de nettoyer mon pc, en supprimant les logiciel dont je ne me servait plus, en le defragmentant, en le scannant....jsp que ca a fonctionné en partie
voici le rapport:
-----------------------------[ Lop S&D 2.0.1 ]---------------------------
Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
"C:\Program Files\Lop SD"
[ 27/12/2007 | 22:18:26,08 ] [ DOM-GFAPFA66CK8 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Restauré! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
C:\Documents and Settings\All Users\APPLIC~1\Google Updater
C:\Documents and Settings\All Users\APPLIC~1\Spybot - Search & Destroy
C:\Documents and Settings\All Users\APPLIC~1\WindowsLiveInstaller
C:\Documents and Settings\All Users\APPLIC~1\Wait Find Browse New
C:\Documents and Settings\All Users\APPLIC~1\Microsoft
C:\Documents and Settings\All Users\APPLIC~1\WLInstaller
C:\Documents and Settings\All Users\APPLIC~1\AVS4YOU
C:\Documents and Settings\All Users\APPLIC~1\Adobe
C:\Documents and Settings\All Users\APPLIC~1\Grisoft
C:\Documents and Settings\All Users\APPLIC~1\Mozilla
C:\Documents and Settings\All Users\APPLIC~1\QTSBandwidthCache
C:\Documents and Settings\All Users\APPLIC~1\AOL
C:\Documents and Settings\All Users\APPLIC~1\AOL Downloads
C:\Documents and Settings\All Users\APPLIC~1\AOL OCP
C:\Documents and Settings\All Users\APPLIC~1\BOONTY
C:\Documents and Settings\All Users\APPLIC~1\Sony Ericsson
C:\Documents and Settings\All Users\APPLIC~1\CyberLink
C:\Documents and Settings\All Users\APPLIC~1\MakeMusic
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\Google
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\dvdcss
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\uTorrent
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\AVS4YOU
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Media Player Classic
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\BSplayer
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\BSplayer Pro
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Microsoft
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Adobe
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Talkback
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Mozilla
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\WinRAR
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\ZoomBrowser EX
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Google
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\AdobeUM
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\$_hpcst$.hpc
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Ahead
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Lavasoft
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Help
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\CyberLink
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Apple Computer
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\XnView
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\vlc
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Macromedia
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Real
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Identities
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\Sun
C:\Documents and Settings\le meur b‚rangŠre\APPLIC~1\desktop.ini
C:\Documents and Settings\LocalService\APPLIC~1\Spyware Terminator
C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[22/12/2007 20:36][--a------]C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[27/12/2007 11:04][--ah-----]C:\WINDOWS\tasks\SA.DAT
[24/04/2003 13:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\Adobe
C:\Program Files\AdVantage
C:\Program Files\Ahead
C:\Program Files\Alwil Software
C:\Program Files\Apple Software Update
C:\Program Files\Audacity
C:\Program Files\AVS4YOU
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Canon
C:\Program Files\CCleaner
C:\Program Files\CDex_150
C:\Program Files\Common Files
C:\Program Files\ComPlus Applications
C:\Program Files\CyberLink
C:\Program Files\CyberLink DVD Solution
C:\Program Files\deo
C:\Program Files\directx
C:\Program Files\DivX
C:\Program Files\EarMaster School
C:\Program Files\Eidos Interactive
C:\Program Files\eMule
C:\Program Files\Fichiers communs
C:\Program Files\Finale 2005b
C:\Program Files\Google
C:\Program Files\Grisoft
C:\Program Files\Hijackthis
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\Java
C:\Program Files\jv16 PowerTools 2007
C:\Program Files\K-Lite Codec Pack
C:\Program Files\Lame MP3 Codec
C:\Program Files\Lavasoft
C:\Program Files\LimeWire
C:\Program Files\Lop SD
C:\Program Files\Macrogaming
C:\Program Files\Messenger
C:\Program Files\Microsoft ActiveSync
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft Works Suite 2004
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\Navilog1
C:\Program Files\Nero
C:\Program Files\NetMeeting
C:\Program Files\Outlook Express
C:\Program Files\PhotoFiltre
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\Samsung
C:\Program Files\Services en ligne
C:\Program Files\Sony Ericsson
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Steinberg
C:\Program Files\THOMSON mp3PRO Audio Player
C:\Program Files\Uninstall_CDS.exe
C:\Program Files\USB Driver for Windows
C:\Program Files\VideoLAN
C:\Program Files\VirusGarde
C:\Program Files\Webteh
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\xerox
C:\Program Files\Yahoo!
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\AVSMedia
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\Canon
C:\Program Files\Fichiers communs\Designer
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\PC SOFT
C:\Program Files\Fichiers communs\Real
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System
C:\Program Files\Fichiers communs\Teleca Shared
C:\Program Files\Fichiers communs\xing shared
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé ! )
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 22:20:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
--------------------[ Fin du rapport a 22:20:44,34 ]----------------------
bonjour
c'est toi qui installé: AdVantage?
http://www.greatis.com/appdata/d/a/advantage.exe.htm
lance hijackthis et fixchecked:
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
supprime:
C:\Program Files\AdVantage
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Bonjours, mon rapport Hijackthis est le suivant :
Merci d'avance.
Logfile of HijackThis v1.99.1
Scan saved at 22:23:44, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bruno\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/intl/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Long Internet Team Stupid] C:\Documents and Settings\All Users\Application Data\comp two long internet\load upload.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dupecoal] C:\DOCUME~1\bruno\APPLIC~1\ONCEDA~1\ford meow the.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
Il y a 297 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
