Tom's Guide > Forum > Sécurité - Virus > Infection iexplore.exe

Infection iexplore.exe

Forum Sécurité - Virus : Infection iexplore.exe

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
spetit13   09-12-2008 à 16:39:15

Voila comme je l'ai vu sur d'autres post, j'ai un pc sous XP qui a plusieurs processus iexplore qui boufent la ressource.

Voici le rapport HiJackThis comme le veut la coutume.

En attendant vos instructions. Merci d'avance.

Info: je ne parvien pas à virer Mcafee, la desinstallation a échoué.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:31, on 09/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\martine\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [the bone download 1] C:\Documents and Settings\All Users\Application Data\axis wait the bone\One Face.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [iso first] C:\DOCUME~1\martine\APPLIC~1\TYPEFI~1\ExtraHtmMp3.exe
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://www.cyber-infos.net/files/OnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/r [...] se2474.cab
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/J [...] 586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1739C0B9-B88D-44F5-9F06-D711390C875A}: NameServer = 10.0.0.100,10.0.0.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{1739C0B9-B88D-44F5-9F06-D711390C875A}: NameServer = 10.0.0.100,10.0.0.101
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - (no file)
O20 - AppInit_DLLs: owospc.dll qwmbmy.dll
O20 - Winlogon Notify: reset5e - reset5e.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor (mbackmonitor) - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service (mcafee siteadvisor service) - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 12304 bytes

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Destrio5   09-12-2008 à 16:53:19
- 0 +

Salut,

Ton PC est bien infecté.

  • Télécharge Lop S&D sur ton Bureau.
  • Double-clique dessus pour lancer l'installation.
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
  • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) .
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré (C:\lopR.txt).

Répondre à Destrio5
spetit13   12-12-2008 à 01:14:11
- 0 +

ok,

Merci de ton aide,

Je fais ça demain et je poste le rapport.

Répondre à spetit13
spetit13   16-12-2008 à 10:19:21
- 0 +


voici le rapport:


--------------------\\ Lop S&D 4.2.4-9c XP/Vista


"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 16/12/2008|10:11 )

--------------------\\ Listing des dossiers dans APPLIC~1

[15/11/2004|13:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[15/11/2004|13:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
[09/12/2008|12:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[15/11/2004|13:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[15/11/2004|13:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[15/11/2004|13:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[05/12/2008|15:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
[15/11/2004|13:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

[01/10/2006|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[27/09/2007|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[18/08/2008|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[11/01/2007|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[22/10/2008|03:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone
[24/03/2006|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[15/11/2004|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[09/12/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[29/08/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[29/08/2008|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[09/12/2008|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[09/12/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[31/03/2007|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[18/07/2005|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/01/2006|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[19/11/2004|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[27/07/2007|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NurbBibRdrCurb
[27/12/2006|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[21/08/2007|18:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PROGRAM MAPI 1 AXIS
[15/11/2004|13:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[15/11/2004|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[10/12/2004|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[11/11/2008|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[28/09/2007|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28/09/2007|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[02/07/2006|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[15/11/2004|13:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[02/07/2006|22:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/12/2006|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[18/02/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[15/11/2004|13:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[15/11/2004|13:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[15/11/2004|13:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[15/11/2004|13:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[15/11/2004|13:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[15/11/2004|13:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[17/02/2007|10:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[27/09/2005|05:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[21/07/2005|08:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[17/02/2007|10:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[11/11/2008|20:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore


[13/12/2007|19:18] C:\DOCUME~1\martine\APPLIC~1\Adobe
[06/11/2007|17:14] C:\DOCUME~1\martine\APPLIC~1\AdobeUM
[03/03/2007|15:41] C:\DOCUME~1\martine\APPLIC~1\Apple Computer
[15/05/2005|13:48] C:\DOCUME~1\martine\APPLIC~1\Canon
[30/01/2007|18:08] C:\DOCUME~1\martine\APPLIC~1\Creative
[24/09/2005|22:21] C:\DOCUME~1\martine\APPLIC~1\CyberLink
[12/11/2006|11:03] C:\DOCUME~1\martine\APPLIC~1\Google
[22/08/2006|09:19] C:\DOCUME~1\martine\APPLIC~1\Help
[15/11/2004|13:08] C:\DOCUME~1\martine\APPLIC~1\Identities
[11/06/2008|18:18] C:\DOCUME~1\martine\APPLIC~1\InstallShield
[15/11/2004|13:37] C:\DOCUME~1\martine\APPLIC~1\Jasc Software Inc
[08/08/2005|09:29] C:\DOCUME~1\martine\APPLIC~1\Leadertech
[27/02/2005|18:53] C:\DOCUME~1\martine\APPLIC~1\Macromedia
[09/12/2008|12:19] C:\DOCUME~1\martine\APPLIC~1\Malwarebytes
[13/01/2007|13:06] C:\DOCUME~1\martine\APPLIC~1\Microsoft
[10/04/2007|16:02] C:\DOCUME~1\martine\APPLIC~1\Mozilla
[21/06/2008|10:55] C:\DOCUME~1\martine\APPLIC~1\MSN6
[11/04/2008|13:22] C:\DOCUME~1\martine\APPLIC~1\OD2
[08/08/2005|09:29] C:\DOCUME~1\martine\APPLIC~1\Sonic
[28/09/2007|17:20] C:\DOCUME~1\martine\APPLIC~1\Sphinx
[15/11/2004|13:32] C:\DOCUME~1\martine\APPLIC~1\Sun
[12/10/2008|12:59] C:\DOCUME~1\martine\APPLIC~1\Template
[08/11/2008|11:49] C:\DOCUME~1\martine\APPLIC~1\type film window
[05/12/2008|15:56] C:\DOCUME~1\martine\APPLIC~1\U3
[15/11/2004|13:40] C:\DOCUME~1\martine\APPLIC~1\You've Got Pictures Screensaver

[15/11/2004|13:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[12/01/2007|20:48] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver



--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[09/12/2008 16:00][--ah-----] C:\WINDOWS\tasks\A53D880C93FE38EC.job
[21/08/2008 20:51][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[20/11/2004 19:30][--a------] C:\WINDOWS\tasks\Rappel d'abonnement 1 auprŠs de l'ISP.job
[16/12/2008 10:01][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 08:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

( A53D880C93FE38EC.job )=( c:\docume~1\martine\applic~1\typefi~1\Bintoolvc.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[27/09/2007|17:46] C:\Program Files\Adobe
[28/09/2007|19:54] C:\Program Files\Advanced Messenger Plus
[12/10/2007|18:44] C:\Program Files\Adverts
[21/12/2005|14:02] C:\Program Files\Ahead
[18/08/2008|15:22] C:\Program Files\Apple Software Update
[16/11/2005|16:12] C:\Program Files\ArcSoft
[08/08/2008|12:29] C:\Program Files\Avanquest update
[18/08/2008|15:24] C:\Program Files\Bonjour
[20/11/2004|16:11] C:\Program Files\Canon
[09/12/2008|15:34] C:\Program Files\CCleaner
[10/10/2008|16:35] C:\Program Files\Circle Developement
[08/08/2008|12:26] C:\Program Files\Common Files
[30/06/2006|18:16] C:\Program Files\Control Kids
[11/06/2008|16:55] C:\Program Files\Controle Parental
[27/12/2006|19:10] C:\Program Files\Creative
[15/11/2004|13:37] C:\Program Files\CyberLink
[15/11/2004|13:37] C:\Program Files\Dell
[21/12/2004|17:22] C:\Program Files\Dell 720
[15/11/2004|13:37] C:\Program Files\Dell Computer
[03/11/2008|21:46] C:\Program Files\Fichiers communs
[09/12/2008|14:50] C:\Program Files\Google
[13/05/2005|17:39] C:\Program Files\Guitar Pro 4 Demo
[16/11/2005|16:11] C:\Program Files\HP
[29/08/2008|18:19] C:\Program Files\IncrediMail
[08/08/2008|12:26] C:\Program Files\InstallShield Installation Information
[15/11/2004|13:37] C:\Program Files\Intel
[22/08/2008|20:27] C:\Program Files\Internet Explorer
[22/08/2008|16:51] C:\Program Files\iPod
[22/08/2008|16:51] C:\Program Files\iTunes
[15/11/2004|13:38] C:\Program Files\Jasc Software Inc
[11/11/2008|21:51] C:\Program Files\Java
[01/06/2007|18:43] C:\Program Files\Lexmark
[28/09/2007|20:03] C:\Program Files\Lexmark X74-X75
[18/05/2005|19:15] C:\Program Files\Logitech
[29/08/2008|18:31] C:\Program Files\Magentic
[09/12/2008|12:23] C:\Program Files\Malwarebytes' Anti-Malware
[09/12/2008|12:46] C:\Program Files\McAfee
[22/08/2008|20:29] C:\Program Files\Messenger
[04/09/2008|14:27] C:\Program Files\Messenger Plus! Live
[13/09/2006|12:56] C:\Program Files\MessengerPlus! 3
[20/06/2008|18:45] C:\Program Files\Microsoft ActiveSync
[24/04/2008|20:04] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10/12/2004|22:27] C:\Program Files\microsoft frontpage
[10/12/2004|22:28] C:\Program Files\Microsoft Office
[15/11/2004|13:37] C:\Program Files\Microsoft Works
[27/09/2007|17:46] C:\Program Files\Modem Helper
[15/11/2004|13:37] C:\Program Files\Modem On Hold
[08/08/2008|12:29] C:\Program Files\Motorola Phone Tools
[22/08/2008|18:26] C:\Program Files\Movie Maker
[09/12/2008|16:28] C:\Program Files\Mozilla Firefox
[15/11/2004|13:08] C:\Program Files\MSN
[15/11/2004|13:08] C:\Program Files\MSN Gaming Zone
[27/12/2006|19:09] C:\Program Files\Music Manager
[05/02/2007|13:19] C:\Program Files\Navman
[22/08/2008|18:23] C:\Program Files\NetMeeting
[22/08/2008|18:23] C:\Program Files\Outlook Express
[17/08/2006|11:42] C:\Program Files\PhotoFiltre
[18/08/2008|15:24] C:\Program Files\QuickTime
[15/11/2004|13:39] C:\Program Files\Real
[20/04/2005|16:17] C:\Program Files\RF Logiciels
[11/06/2008|16:25] C:\Program Files\SAGEM
[28/09/2007|20:08] C:\Program Files\SAGEM Wi-Fi USB 802.11g
[04/11/2006|08:46] C:\Program Files\Samsung
[11/06/2008|16:24] C:\Program Files\Securitoo
[15/11/2004|13:08] C:\Program Files\Services en ligne
[10/12/2004|22:27] C:\Program Files\Snapshot Viewer
[15/11/2004|13:40] C:\Program Files\Sonic
[11/11/2008|20:13] C:\Program Files\Sun
[22/10/2008|03:34] C:\Program Files\type film window
[21/02/2005|16:07] C:\Program Files\Ubisoft
[30/11/2005|14:59] C:\Program Files\Ulead Systems
[15/11/2004|13:32] C:\Program Files\Uninstall Information
[15/11/2004|13:40] C:\Program Files\Viewpoint
[16/12/2008|10:01] C:\Program Files\Wanadoo
[19/09/2005|18:09] C:\Program Files\Wanadoo Messager
[18/02/2008|17:41] C:\Program Files\Windows Live
[28/09/2007|17:09] C:\Program Files\Windows Live Safety Center
[27/09/2007|13:05] C:\Program Files\Windows Live Toolbar
[14/01/2007|13:37] C:\Program Files\Windows Media Connect 2
[22/08/2008|18:37] C:\Program Files\Windows Media Player
[22/08/2008|18:23] C:\Program Files\Windows NT
[15/11/2004|13:08] C:\Program Files\XEROX
[27/09/2007|13:02] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[01/10/2006|12:52] C:\Program Files\Fichiers communs\Adobe
[27/09/2007|17:50] C:\Program Files\Fichiers communs\AOL
[18/08/2008|15:21] C:\Program Files\Fichiers communs\Apple
[10/12/2004|22:24] C:\Program Files\Fichiers communs\Designer
[16/04/2005|17:05] C:\Program Files\Fichiers communs\FotoWire
[16/11/2005|16:08] C:\Program Files\Fichiers communs\HP
[20/04/2005|16:17] C:\Program Files\Fichiers communs\InstallShield
[15/11/2004|13:32] C:\Program Files\Fichiers communs\Java
[16/04/2005|17:03] C:\Program Files\Fichiers communs\Logitech
[09/12/2008|12:47] C:\Program Files\Fichiers communs\McAfee
[18/02/2008|17:47] C:\Program Files\Fichiers communs\Microsoft Shared
[08/08/2008|12:26] C:\Program Files\Fichiers communs\Motorola Shared
[15/11/2004|13:08] C:\Program Files\Fichiers communs\MSSoap
[15/11/2004|13:40] C:\Program Files\Fichiers communs\Nullsoft
[15/11/2004|13:39] C:\Program Files\Fichiers communs\Real
[15/11/2004|13:08] C:\Program Files\Fichiers communs\Services
[15/11/2004|13:41] C:\Program Files\Fichiers communs\Sonic
[15/11/2004|13:08] C:\Program Files\Fichiers communs\SpeechEngines
[13/10/2006|18:51] C:\Program Files\Fichiers communs\SWF Studio
[22/08/2008|18:23] C:\Program Files\Fichiers communs\System
[30/11/2005|15:01] C:\Program Files\Fichiers communs\Ulead Systems
[27/09/2007|17:46] C:\Program Files\Fichiers communs\Vbox
[18/02/2008|17:44] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 59 Processes )

IEXPLORE.EXE ~ [PID:3472]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone
C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone\HTM OBJ.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone\name scr.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone\One Cake.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone\One Face.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone\sign browse.exe
C:\DOCUME~1\martine\APPLIC~1\typefi~1
C:\DOCUME~1\martine\APPLIC~1\typefi~1\Bin tool vc.exe
C:\DOCUME~1\martine\APPLIC~1\typefi~1\dwgtbtxp.exe
C:\DOCUME~1\martine\APPLIC~1\typefi~1\ExtraHtmMp3.exe
C:\DOCUME~1\martine\APPLIC~1\typefi~1\flrifgif.exe
C:\DOCUME~1\martine\APPLIC~1\typefi~1\iannzohl.exe
C:\DOCUME~1\martine\APPLIC~1\typefi~1\qxaymmcf.exe
C:\DOCUME~1\martine\APPLIC~1\typefi~1\scr slow mode third.exe
C:\Program Files\typefi~1
C:\Program Files\Adverts
C:\Program Files\Circle Developement
C:\WINDOWS\Tasks\A53D880C93FE38EC.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iso first"="C:\\DOCUME~1\\martine\\APPLIC~1\\TYPEFI~1\\ExtraHtmMp3.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"the bone download 1"="C:\\Documents and Settings\\All Users\\Application Data\\axis wait the bone\\One Face.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 6598 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 10:12:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 171

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\BacMlnpo.ini
C:\WINDOWS\system32\BacMlnpo.ini2
C:\WINDOWS\system32\HiSYaccf.ini
C:\WINDOWS\system32\HiSYaccf.ini2
==> VUNDO <==

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_tdssserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\legacy_tdssserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_tdssserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv.sys]

--------------------\\ Suspect ..

C:\WINDOWS\system32\TDSSmqlt.dat



[F:15][D:6]-> C:\DOCUME~1\martine\LOCALS~1\Temp
[F:20][D:0]-> C:\DOCUME~1\martine\Cookies
[F:405][D:5]-> C:\DOCUME~1\martine\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 16/12/2008|10:13 - Option : [1]

--------------------\\ Fin du rapport a 10:13:40

Répondre à spetit13
Destrio5   16-12-2008 à 16:20:37
- 0 +

  • Relance Lop S&D.
  • Choisis cette fois-ci l'option 2 (Suppression).
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt).


(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Répondre à Destrio5
spetit13   19-12-2008 à 00:11:05
- 0 +

Merci, ça fonctionne.
iexplore ne mange plus mes ressources.

Merci beaucoup pour le coup de main.

Répondre à spetit13
Destrio5   19-12-2008 à 02:14:32
- 0 +

La désinfection n'est pas terminée, tu es infecté par le rootkit TDSSServ et par Vundo.

Répondre à Destrio5
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Infection iexplore.exe
Aller à :

Il y a 2714 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,278 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens