Pas capable de finir

serdeninc Messages postés 37 Statut Membre -
^^Marie^^ - 10 févr. 2009 à 12:39

Bonjour, j'ai le foutu viruse antiverus 2009 ,la je suis rendu a faire analiser les rapport . J'espere que quelqu'un va pouvoir m'aider. Mesci.

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-01-02|12:38 )

--------------------\\ Listing des dossiers dans APPLIC~1

[2005-04-15|14:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2005-04-15|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-10-17|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007-09-13|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[2008-12-26|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2007-09-13|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[2007-10-23|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2007-11-17|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-12-21|14:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2006-12-16|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[2007-01-13|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-08-07|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[2008-08-07|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[2008-08-06|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2005-04-15|14:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2007-03-23|21:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[2007-09-13|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[2008-12-26|15:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[2008-12-23|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[2008-12-20|13:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SITEguard
[2007-09-07|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[2008-12-27|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[2008-12-20|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
[2006-08-30|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2008-10-01|11:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-05-31|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[2007-06-19|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[2006-12-19|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[2005-04-15|14:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2005-04-15|14:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2005-04-15|14:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[2005-04-15|14:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[2007-09-13|14:37] C:\DOCUME~1\SERGEL~1\APPLIC~1\ACD Systems
[2007-01-03|11:22] C:\DOCUME~1\SERGEL~1\APPLIC~1\Adobe
[2007-01-03|11:22] C:\DOCUME~1\SERGEL~1\APPLIC~1\AdobeUM
[2007-09-13|08:35] C:\DOCUME~1\SERGEL~1\APPLIC~1\Ahead
[2007-11-17|12:09] C:\DOCUME~1\SERGEL~1\APPLIC~1\Apple Computer
[2008-12-21|15:57] C:\DOCUME~1\SERGEL~1\APPLIC~1\Avira
[2006-12-16|09:51] C:\DOCUME~1\SERGEL~1\APPLIC~1\CyberLink
[2006-12-24|10:27] C:\DOCUME~1\SERGEL~1\APPLIC~1\DWGeditor
[2007-05-07|18:59] C:\DOCUME~1\SERGEL~1\APPLIC~1\F-Secure
[2007-10-04|21:03] C:\DOCUME~1\SERGEL~1\APPLIC~1\FunWebProducts
[2007-01-13|21:29] C:\DOCUME~1\SERGEL~1\APPLIC~1\Google
[2007-06-19|17:33] C:\DOCUME~1\SERGEL~1\APPLIC~1\Help
[2005-04-15|14:55] C:\DOCUME~1\SERGEL~1\APPLIC~1\Identities
[2008-12-27|08:36] C:\DOCUME~1\SERGEL~1\APPLIC~1\InstallShield
[2008-06-14|18:45] C:\DOCUME~1\SERGEL~1\APPLIC~1\InterTrust
[2007-05-07|18:55] C:\DOCUME~1\SERGEL~1\APPLIC~1\ispnews
[2006-12-14|18:00] C:\DOCUME~1\SERGEL~1\APPLIC~1\Macromedia
[2005-04-15|14:36] C:\DOCUME~1\SERGEL~1\APPLIC~1\Microsoft
[2007-09-29|17:05] C:\DOCUME~1\SERGEL~1\APPLIC~1\mIRC
[2006-12-20|18:44] C:\DOCUME~1\SERGEL~1\APPLIC~1\MSNInstaller
[2008-10-04|20:16] C:\DOCUME~1\SERGEL~1\APPLIC~1\Nero
[2007-05-07|18:59] C:\DOCUME~1\SERGEL~1\APPLIC~1\PEX
[2008-02-24|15:27] C:\DOCUME~1\SERGEL~1\APPLIC~1\skypePM
[2006-12-24|11:01] C:\DOCUME~1\SERGEL~1\APPLIC~1\SolidWorks
[2008-12-27|08:47] C:\DOCUME~1\SERGEL~1\APPLIC~1\Sony Corporation
[2007-08-30|17:43] C:\DOCUME~1\SERGEL~1\APPLIC~1\Sun
[2007-02-18|12:39] C:\DOCUME~1\SERGEL~1\APPLIC~1\teamspeak2
[2006-12-14|21:34] C:\DOCUME~1\SERGEL~1\APPLIC~1\U3
[2007-06-19|17:41] C:\DOCUME~1\SERGEL~1\APPLIC~1\Ulead Systems
[2007-01-05|20:40] C:\DOCUME~1\SERGEL~1\APPLIC~1\uTorrent
[2008-05-03|17:33] C:\DOCUME~1\SERGEL~1\APPLIC~1\Ventrilo
[2007-12-31|00:37] C:\DOCUME~1\SERGEL~1\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2009-01-01 18:09][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-01-02 12:10][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-10 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-12-22|18:40] C:\Program Files\1ClickUnZip
[2007-09-13|14:36] C:\Program Files\ACD Systems
[2006-08-30|20:40] C:\Program Files\Acer Inc
[2006-08-30|20:41] C:\Program Files\Adobe
[2008-06-07|11:04] C:\Program Files\Apple Software Update
[2008-12-21|14:02] C:\Program Files\Avira
[2008-10-17|22:23] C:\Program Files\Bonjour
[2008-08-05|21:59] C:\Program Files\Circle Developement
[2005-04-15|14:42] C:\Program Files\ComPlus Applications
[2006-08-30|20:35] C:\Program Files\CONEXANT
[2006-12-14|18:00] C:\Program Files\CyberLink
[2006-08-30|20:30] C:\Program Files\DIFX
[2007-12-23|14:58] C:\Program Files\Dofus
[2007-04-07|09:10] C:\Program Files\Dofus-Arena
[2007-06-19|17:32] C:\Program Files\DSC_Program
[2008-06-14|18:46] C:\Program Files\DSS
[2006-12-24|10:26] C:\Program Files\DWGeditor
[2008-10-01|11:10] C:\Program Files\Eltima Software
[2008-12-13|10:15] C:\Program Files\FBrowserAdvisor
[2008-12-13|10:15] C:\Program Files\FBrowsingAdvisor
[2005-04-15|14:37] C:\Program Files\Fichiers communs
[2007-01-12|22:38] C:\Program Files\Google
[2006-08-30|20:33] C:\Program Files\InstallShield Installation Information
[2005-04-15|14:44] C:\Program Files\Internet Explorer
[2008-10-17|22:24] C:\Program Files\iPod
[2008-10-17|22:24] C:\Program Files\iTunes
[2006-12-24|12:42] C:\Program Files\Java
[2006-12-14|18:03] C:\Program Files\Launch Manager
[2006-12-24|12:41] C:\Program Files\LimeWire
[2006-12-14|22:55] C:\Program Files\Logitech
[2005-04-15|14:41] C:\Program Files\Messenger
[2008-08-05|21:59] C:\Program Files\Messenger Plus! Live
[2005-04-15|14:47] C:\Program Files\microsoft frontpage
[2006-12-24|10:26] C:\Program Files\Microsoft Office
[2007-03-23|22:01] C:\Program Files\Microsoft Visual Studio
[2007-03-23|22:01] C:\Program Files\Microsoft Works
[2007-03-23|22:00] C:\Program Files\Microsoft.NET
[2007-09-29|17:04] C:\Program Files\mIRC
[2005-04-15|14:41] C:\Program Files\Movie Maker
[2005-04-15|14:41] C:\Program Files\MSN
[2005-04-15|14:41] C:\Program Files\MSN Gaming Zone
[2006-12-26|17:59] C:\Program Files\MSN Messenger
[2008-11-13|17:58] C:\Program Files\MSXML 4.0
[2009-01-02|12:30] C:\Program Files\Navilog1
[2007-09-13|08:32] C:\Program Files\Nero
[2005-04-15|14:44] C:\Program Files\NetMeeting
[2006-08-30|20:39] C:\Program Files\NewTech Infosystems
[2008-12-26|15:06] C:\Program Files\NOS
[2005-04-15|14:42] C:\Program Files\Online Services
[2005-04-15|14:44] C:\Program Files\Outlook Express
[2007-10-16|18:07] C:\Program Files\PhotoFrame_V1.5
[2008-10-17|22:22] C:\Program Files\QuickTime
[2006-08-30|20:34] C:\Program Files\Realtek
[2007-12-02|20:00] C:\Program Files\Runtime Software
[2008-10-17|22:16] C:\Program Files\Safari
[2007-02-08|22:03] C:\Program Files\Slayers Online
[2007-03-07|23:09] C:\Program Files\Softnyx
[2007-09-13|13:20] C:\Program Files\SolidWorks
[2007-09-13|13:31] C:\Program Files\SolidWorks Installation Manager
[2008-12-27|08:41] C:\Program Files\Sonic
[2008-12-26|15:05] C:\Program Files\Sony
[2008-12-22|17:49] C:\Program Files\Steam
[2006-08-30|20:50] C:\Program Files\Symantec
[2006-08-30|20:35] C:\Program Files\Synaptics
[2008-12-22|18:28] C:\Program Files\SystemRequirementsLab
[2007-02-18|12:39] C:\Program Files\Teamspeak2_RC2
[2008-12-20|11:28] C:\Program Files\Trend Micro
[2008-09-06|16:35] C:\Program Files\TSO
[2007-06-19|17:27] C:\Program Files\Ulead Systems
[2005-04-15|14:55] C:\Program Files\Uninstall Information
[2007-02-17|16:39] C:\Program Files\Valve
[2008-05-03|17:33] C:\Program Files\Ventrilo
[2008-10-18|16:29] C:\Program Files\VirtualDJ
[2008-12-13|10:15] C:\Program Files\VisualTool
[2007-03-25|13:59] C:\Program Files\WarRock
[2007-09-13|13:20] C:\Program Files\Windows Desktop Search
[2008-08-05|21:59] C:\Program Files\Windows Live
[2006-12-14|22:57] C:\Program Files\Windows Media Components
[2007-10-26|20:29] C:\Program Files\Windows Media Connect 2
[2005-04-15|14:42] C:\Program Files\Windows Media Player
[2005-04-15|14:41] C:\Program Files\Windows NT
[2005-04-15|14:42] C:\Program Files\Windows Plus
[2005-04-15|14:45] C:\Program Files\WindowsUpdate
[2007-12-31|00:37] C:\Program Files\WinRAR
[2005-04-15|14:47] C:\Program Files\xerox
[2007-06-19|17:36] C:\Program Files\XviD
[2006-12-14|18:10] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2007-09-13|14:36] C:\Program Files\Fichiers communs\ACD Systems
[2008-05-09|21:04] C:\Program Files\Fichiers communs\Adobe
[2007-09-13|08:32] C:\Program Files\Fichiers communs\Ahead
[2007-11-17|12:07] C:\Program Files\Fichiers communs\Apple
[2006-12-24|10:44] C:\Program Files\Fichiers communs\Bluebeam Software
[2006-12-24|10:26] C:\Program Files\Fichiers communs\Designer
[2006-08-30|20:31] C:\Program Files\Fichiers communs\InstallShield
[2008-12-20|12:22] C:\Program Files\Fichiers communs\iS3
[2006-12-24|12:41] C:\Program Files\Fichiers communs\Java
[2006-08-30|20:40] C:\Program Files\Fichiers communs\LightScribe
[2008-08-07|10:34] C:\Program Files\Fichiers communs\logishrd
[2006-12-14|22:57] C:\Program Files\Fichiers communs\Logitech
[2005-04-15|14:37] C:\Program Files\Fichiers communs\Microsoft Shared
[2005-04-15|14:44] C:\Program Files\Fichiers communs\MSSoap
[2006-08-30|20:39] C:\Program Files\Fichiers communs\muvee Technologies
[2006-08-30|20:39] C:\Program Files\Fichiers communs\NewTech Infosystems
[2005-04-15|14:37] C:\Program Files\Fichiers communs\ODBC
[2005-04-15|14:44] C:\Program Files\Fichiers communs\Services
[2007-09-13|13:20] C:\Program Files\Fichiers communs\Solidworks Data
[2007-09-13|13:21] C:\Program Files\Fichiers communs\SolidWorks Shared
[2005-04-15|14:37] C:\Program Files\Fichiers communs\SpeechEngines
[2007-01-01|22:59] C:\Program Files\Fichiers communs\SWF Studio
[2006-08-30|20:49] C:\Program Files\Fichiers communs\Symantec Shared
[2005-04-15|14:44] C:\Program Files\Fichiers communs\System
[2007-06-19|17:27] C:\Program Files\Fichiers communs\Ulead Systems
[2008-05-03|17:33] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 64 Processes )

iexplore.exe ~ [PID:564]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsz14.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsl6.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsn6.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsy1E.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsx63.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsk3E.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsi1C.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsz37.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsx48.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsy91.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsf19.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsv1B9.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsy32.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsfE.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsxD3.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nst181.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsc209.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsi20E.tmp
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\nsn219.tmp
C:\Program Files\Circle Developement
C:\DOCUME~1\SERGEL~1\Cookies\serge_laplante@advertstream[2].txt
C:\DOCUME~1\SERGEL~1\Cookies\serge_laplante@adultfriendfinder[2].txt
C:\DOCUME~1\SERGEL~1\Cookies\serge_laplante@advertising[1].txt
C:\DOCUME~1\SERGEL~1\Cookies\serge_laplante@ero-advertising[2].txt
C:\DOCUME~1\SERGEL~1\Cookies\serge_laplante@adopt.euroclick[2].txt
C:\DOCUME~1\SERGEL~1\Cookies\serge_laplante@partypoker[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 12:42:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:4683][D:97]-> C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp
[F:396][D:0]-> C:\DOCUME~1\SERGEL~1\Cookies
[F:30711][D:84]-> C:\DOCUME~1\SERGEL~1\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 2009-01-02|12:44 - Option : [1]

--------------------\\ Fin du rapport a 12:44:31

Afficher la suite

A voir également:

Pas capable de finir
Reconsidérer le traitement de vos informations à des fins publicitaires - Accueil - Réseaux sociaux
Comment finir un mail en anglais - Guide
Fin de la 4g en france - Accueil - Guide opérateurs et forfaits
Fin de fruitz - Accueil - Applications & Logiciels
Fin de numericable - Accueil - Box & Connexion Internet

62 réponses

Réponse 21 / 62

serdeninc Messages postés 37 Statut Membre

Salut ca va pas bien ,quand je veut créer la console de récupération je glisse le fichier window sur combofix .exe sur le bureau comme demadé ,et la fenetre souvre ,le curceur clignote 20 min. puis c'est écrit (fichier de commande introuvable ) Jessait de resoude ca avant dallé plus loin.

Réponse 22 / 62

darkpoet Messages postés 1696 Statut Contributeur sécurité 62

lance combofix sans la console suis la procedure et ne touche ni ton clavier ni la souris pendant le scan

Réponse 23 / 62

serdeninc Messages postés 37 Statut Membre

Ca veut pas partir , la fenetre bleu souvre le cureur clignote puis rien pendant 1/2 heure ,pas de dialogue comme dans le site d,exemple

Réponse 24 / 62

serdeninc Messages postés 37 Statut Membre

je l,ai suprimer puis reloader puis meme chose.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 62

serdeninc Messages postés 37 Statut Membre

Ta raison .ca marche

ComboFix 09-01-10.03 - Serge Laplante 2009-01-11 14:23:48.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1407.926 [GMT -5:00]
Lancé depuis: c:\documents and settings\Serge Laplante\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\windows\system32\gelilawe.dll
c:\windows\system32\zilozama.dll

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Serge Laplante\Favoris\Videos.url
c:\windows\Downloaded Program Files\Quarantine
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\~.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\abagutig.ini
c:\windows\system32\aberemat.ini
c:\windows\system32\abusebip.ini
c:\windows\system32\afikihid.ini
c:\windows\system32\akojeluy.ini
c:\windows\system32\alifediv.ini
c:\windows\system32\alotihal.ini
c:\windows\system32\amuradug.ini
c:\windows\system32\apikobot.ini
c:\windows\system32\avatuyod.ini
c:\windows\system32\avazupad.ini
c:\windows\system32\ayavifew.ini
c:\windows\system32\ayikasam.ini
c:\windows\system32\bimayivu.dll
c:\windows\system32\bobebeji.dll
c:\windows\system32\bodenago.dll
c:\windows\system32\bupayeta.dll.tmp
c:\windows\system32\busuhepi.dll
c:\windows\system32\dahehuto.dll
c:\windows\system32\dapenado.dll
c:\windows\system32\dapuzava.dll
c:\windows\system32\datijote.dll
c:\windows\system32\dihikifa.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\ebuhivuk.ini
c:\windows\system32\ebupifeh.ini
c:\windows\system32\efenurol.ini
c:\windows\system32\erojudul.ini
c:\windows\system32\eyibujig.ini
c:\windows\system32\eyopefop.ini
c:\windows\system32\fataleti.dll
c:\windows\system32\fisalunu.dll
c:\windows\system32\fisojabe.dll
c:\windows\system32\fokubino.dll
c:\windows\system32\fuzoyalu.dll.tmp
c:\windows\system32\gelilawe.dll.vir
c:\windows\system32\gihujasu.dll
c:\windows\system32\gilinabo.dll
c:\windows\system32\gitugaba.dll
c:\windows\system32\gizodojo.dll
c:\windows\system32\gotumuda.dll
c:\windows\system32\gudaruma.dll
c:\windows\system32\hadubuja.dll
c:\windows\system32\hapirafa.dll
c:\windows\system32\hasikevo.dll
c:\windows\system32\hefipube.dll
c:\windows\system32\heteseze.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\ihesenap.ini
c:\windows\system32\inukunez.ini
c:\windows\system32\itodinap.ini
c:\windows\system32\izijugor.ini
c:\windows\system32\jedemeja.dll
c:\windows\system32\jedubaji.dll
c:\windows\system32\jehovagu.dll
c:\windows\system32\jujeyalo.dll
c:\windows\system32\jurowuva.dll
c:\windows\system32\kazakila.dll
c:\windows\system32\kidopulo.dll
c:\windows\system32\kuvihube.dll
c:\windows\system32\kuyonevi.dll
c:\windows\system32\lahitola.dll
c:\windows\system32\likizedo.dll
c:\windows\system32\loboseta.dll.tmp
c:\windows\system32\lolazonu.dll
c:\windows\system32\lopivasa.dll
c:\windows\system32\lorunefe.dll
c:\windows\system32\loyayono.dll
c:\windows\system32\lozugava.dll
c:\windows\system32\mapadeno.dll.tmp
c:\windows\system32\mewokefu.dll
c:\windows\system32\miloledo.dll
c:\windows\system32\moligefa.dll.tmp
c:\windows\system32\motovugu.dll
c:\windows\system32\nimakeju.dll
c:\windows\system32\nobafuno.dll
c:\windows\system32\nonutuga.dll
c:\windows\system32\nosidale.dll.tmp
c:\windows\system32\nosunilo.dll
c:\windows\system32\nuyukape.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\obusolez.ini
c:\windows\system32\odanepad.ini
c:\windows\system32\odezikil.ini
c:\windows\system32\oganedob.ini
c:\windows\system32\ogomamaf.ini
c:\windows\system32\olubagiw.ini
c:\windows\system32\onufabon.ini
c:\windows\system32\osovunep.ini
c:\windows\system32\otuhehad.ini
c:\windows\system32\ovekisah.ini
c:\windows\system32\ozejuwip.ini
c:\windows\system32\panesehi.dll
c:\windows\system32\panidoti.dll
c:\windows\system32\penuvoso.dll
c:\windows\system32\pibesuba.dll
c:\windows\system32\pivoniwa.dll.tmp
c:\windows\system32\piwujezo.dll
c:\windows\system32\pofepoye.dll
c:\windows\system32\Process.exe
c:\windows\system32\ragutapu.dll
c:\windows\system32\rehesaba.dll
c:\windows\system32\relipasi.dll.tmp
c:\windows\system32\rogujizi.dll
c:\windows\system32\rumilamu.dll
c:\windows\system32\ruyunuze.dll
c:\windows\system32\sekunara.dll
c:\windows\system32\siveraja.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tadeyike.dll
c:\windows\system32\tamereba.dll
c:\windows\system32\tmp.reg
c:\windows\system32\tobokipa.dll
c:\windows\system32\ubibotev.ini
c:\windows\system32\ujekamin.ini
c:\windows\system32\ujewijoz.ini
c:\windows\system32\ukatoliz.ini
c:\windows\system32\unozalol.ini
c:\windows\system32\unulasif.ini
c:\windows\system32\uparafuy.ini
c:\windows\system32\upatugar.ini
c:\windows\system32\urukakod.ini
c:\windows\system32\usajuhig.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\vakukina.dll
c:\windows\system32\VCCLSID.exe
c:\windows\system32\venaluwe.dll
c:\windows\system32\vetobibu.dll
c:\windows\system32\vokoveya.dll
c:\windows\system32\widukemi.dll
c:\windows\system32\wifenolu.dll
c:\windows\system32\wigabulo.dll
c:\windows\system32\wojufowu.dll
c:\windows\system32\WS2Fix.exe
c:\windows\system32\wuziyana.dll
c:\windows\system32\yavinaho.dll
c:\windows\system32\yesavodi.dll
c:\windows\system32\yovimavo.dll.tmp
c:\windows\system32\yufarapu.dll
c:\windows\system32\yulejoka.dll
c:\windows\system32\zakebipo.dll
c:\windows\system32\zayahari.dll
c:\windows\system32\zelosubo.dll
c:\windows\system32\zenuyohi.dll
c:\windows\system32\zewehijo.dll
c:\windows\system32\zilozama.dll.vir
c:\windows\system32\zirepefi.dll
c:\windows\system32\zojiweju.dll
c:\windows\system32\zurekasa.dll
G:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.

2009-01-11 11:12 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-11 01:16 . 2009-01-11 01:16 <REP> d-------- c:\program files\Bonjour
2009-01-11 01:15 . 2009-01-11 01:15 <REP> d-------- c:\program files\iTunes
2009-01-11 01:15 . 2009-01-11 01:15 <REP> d-------- c:\program files\iPod
2009-01-11 01:15 . 2009-01-11 01:15 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-11 01:13 . 2009-01-11 01:13 <REP> d-------- c:\program files\QuickTime
2009-01-11 01:09 . 2009-01-11 01:09 <REP> d-------- c:\program files\Safari
2009-01-10 18:35 . 2009-01-10 18:35 2,788,800 --a------ c:\program files\FLV PlayerFCSetup.exe
2009-01-10 18:34 . 2009-01-10 18:34 <REP> d-------- c:\windows\Applian FLV Player
2009-01-10 18:34 . 2009-01-10 18:34 <REP> d-------- c:\program files\FLV Player
2009-01-09 12:17 . 2009-01-09 12:17 2,278 ---hs---- c:\windows\system32\wadowibo.dll
2009-01-09 12:17 . 2009-01-09 12:17 2,278 ---hs---- c:\windows\system32\huwuzewu.dll
2009-01-09 00:19 . 2009-01-09 00:19 2,276 ---hs---- c:\windows\system32\fuyisajo.dll
2009-01-09 00:19 . 2009-01-09 00:19 2,275 ---hs---- c:\windows\system32\nupikufo.dll
2009-01-07 19:17 . 2009-01-07 19:17 103,645 --a------ c:\windows\system32\diwosama.VIR
2009-01-06 04:44 . 2009-01-06 04:44 2,276 ---hs---- c:\windows\system32\mojohivo.dll
2009-01-06 04:44 . 2009-01-06 04:44 2,273 ---hs---- c:\windows\system32\guzuyati.dll
2009-01-05 16:44 . 2009-01-05 16:44 2,277 ---hs---- c:\windows\system32\lurujako.dll
2009-01-05 16:44 . 2009-01-05 16:44 2,276 ---hs---- c:\windows\system32\pabirubo.dll
2009-01-03 11:42 . 2009-01-03 11:42 <REP> d-------- C:\ToolBar SD
2009-01-02 14:14 . 2009-01-02 14:14 125 --a------ c:\windows\fd3.INI
2009-01-02 14:08 . 2009-01-02 14:08 <REP> d-------- c:\program files\VDOWNLOADER
2009-01-02 14:08 . 2009-01-02 14:08 <REP> d-------- c:\documents and settings\Serge Laplante\Application Data\Desktopicon
2009-01-02 12:37 . 2009-01-02 12:37 <REP> d-------- C:\Lop SD
2009-01-02 12:30 . 2009-01-02 12:30 <REP> d-------- c:\program files\Navilog1
2009-01-02 00:28 . 2009-01-02 00:28 2,276 ---hs---- c:\windows\system32\miwiteno.dll
2009-01-02 00:28 . 2009-01-02 00:28 2,274 ---hs---- c:\windows\system32\pudojuli.dll
2009-01-01 15:07 . 2009-01-01 15:07 2,274 ---hs---- c:\windows\system32\sewivevu.dll
2008-12-29 08:32 . 2008-12-29 08:32 2,277 ---hs---- c:\windows\system32\kimejiru.dll
2008-12-29 08:32 . 2008-12-29 08:32 2,275 ---hs---- c:\windows\system32\lehotago.dll
2008-12-28 20:34 . 2008-12-28 20:34 2,277 ---hs---- c:\windows\system32\subesojo.dll
2008-12-28 20:34 . 2008-12-28 20:34 2,275 ---hs---- c:\windows\system32\wavubidi.dll
2008-12-28 08:34 . 2008-12-28 08:34 2,277 ---hs---- c:\windows\system32\dohinuso.dll
2008-12-28 08:34 . 2008-12-28 08:34 2,276 ---hs---- c:\windows\system32\maboreke.dll
2008-12-27 20:34 . 2008-12-27 20:34 2,275 ---hs---- c:\windows\system32\kobohire.dll
2008-12-27 08:47 . 2008-12-27 08:47 <REP> d-------- c:\documents and settings\Serge Laplante\Application Data\Sony Corporation
2008-12-27 08:41 . 2008-12-27 08:41 <REP> d-------- c:\windows\system32\DLA
2008-12-27 08:41 . 2008-12-27 08:41 <REP> d-------- c:\program files\Sonic
2008-12-27 08:41 . 2006-06-13 05:20 94,263 --a------ c:\windows\DLA.EXE
2008-12-27 08:41 . 2006-06-12 03:30 89,264 --a------ c:\windows\system32\drivers\DRVMCDB.SYS
2008-12-27 08:41 . 2006-06-13 05:20 61,500 --a------ c:\windows\system32\DLAAPI_W.DLL
2008-12-27 08:41 . 2006-03-17 05:20 40,544 --a------ c:\windows\system32\drivers\DRVNDDM.SYS
2008-12-27 08:41 . 2006-03-17 08:34 22,684 --a------ c:\windows\system32\drivers\DLARTL_N.SYS
2008-12-27 08:41 . 2006-03-17 08:35 5,660 --a------ c:\windows\system32\drivers\DLACDBHM.SYS
2008-12-27 08:41 . 2008-12-27 08:41 175 --a------ c:\windows\wininit.ini
2008-12-27 08:39 . 2006-11-02 16:57 118,520 --a------ c:\windows\system32\PxInsI64.exe
2008-12-27 08:39 . 2006-10-18 19:43 115,960 --a------ c:\windows\system32\PxCpyI64.exe
2008-12-27 08:39 . 2006-08-28 21:48 2,560 --a------ c:\windows\system32\drivers\cdralw2k.sys
2008-12-27 08:39 . 2006-08-28 21:48 2,432 --a------ c:\windows\system32\drivers\cdr4_xp.sys
2008-12-27 08:37 . 2008-12-27 08:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Sony Corporation
2008-12-27 08:36 . 2008-12-27 08:36 <REP> d-------- c:\documents and settings\Serge Laplante\Application Data\InstallShield
2008-12-27 07:30 . 2008-12-27 07:30 4,648 ---hs---- c:\windows\system32\tajasone.dll
2008-12-26 19:30 . 2008-12-26 19:30 4,648 ---hs---- c:\windows\system32\zerubeta.dll
2008-12-26 15:06 . 2008-12-26 15:06 <REP> d-------- c:\program files\NOS
2008-12-26 15:06 . 2008-12-26 15:06 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-26 15:05 . 2008-12-26 15:05 <REP> d-------- c:\program files\Sony
2008-12-25 19:30 . 2008-12-25 19:30 4,648 ---hs---- c:\windows\system32\degalego.dll
2008-12-23 19:29 . 2008-12-23 19:29 <REP> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-22 18:50 . 2009-01-11 14:27 51,048 --a------ c:\windows\system32\nvapps.xml
2008-12-22 18:49 . 2008-12-22 18:49 <REP> d-------- c:\windows\nview
2008-12-22 18:49 . 2006-07-20 20:58 16,960 --a------ c:\windows\system32\nvdisp.nvu
2008-12-22 18:41 . 2008-12-22 18:41 <REP> d-------- C:\1ClickUnZIP_unzipfolder
2008-12-22 18:41 . 2008-12-22 18:41 57 --a------ c:\windows\top-windows-downloads.url
2008-12-22 18:41 . 2008-12-22 18:41 55 --a------ c:\windows\xm.url
2008-12-22 18:40 . 2008-12-22 18:40 <REP> d-------- c:\program files\1ClickUnZip
2008-12-22 18:40 . 2008-12-22 18:40 307,200 --------- c:\windows\Setup1.exe
2008-12-22 18:40 . 2008-12-22 18:40 73,216 --a------ c:\windows\ST6UNST.EXE
2008-12-22 18:29 . 2008-12-22 18:29 2,272 ---hs---- c:\windows\system32\mekiroba.dll
2008-12-22 18:28 . 2008-12-22 18:28 <REP> d-------- c:\program files\SystemRequirementsLab
2008-12-22 17:49 . 2008-12-22 17:49 <REP> d-------- c:\program files\Steam
2008-12-22 17:41 . 2008-12-22 17:41 3,448,515 --a------ C:\upload_moi_TYREX.tar.gz
2008-12-22 06:28 . 2008-12-22 06:28 0 --a------ c:\windows\system32\amuradug.tmp
2008-12-21 14:02 . 2008-12-21 14:02 <REP> d-------- c:\program files\Avira
2008-12-21 14:02 . 2008-12-21 14:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 13:37 . 2008-12-20 13:37 <REP> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-12-20 12:22 . 2008-12-20 12:22 <REP> d-------- c:\program files\Fichiers communs\iS3
2008-12-20 12:22 . 2008-12-20 12:22 <REP> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2008-12-20 11:28 . 2008-12-20 11:28 <REP> d-------- c:\program files\Trend Micro
2008-12-13 10:15 . 2008-12-13 10:15 <REP> d-------- c:\program files\VisualTool
2008-12-13 10:15 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:12 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-02-24 20:27 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-09-21 05:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092120080922\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-12-14 16384]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-01-01 40960]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"msnmsgr"="c:\program files\MSN Messenger\MSNMSGR.EXE" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
"Steam"="c:\program files\steam\steam.exe" [2008-12-22 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 438272]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-09 342016]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 45056]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-08-08 634880]
"eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-14 45056]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-14 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\gelilawe.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Serge Laplante^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
path=c:\documents and settings\Serge Laplante\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\bandidos911\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\MSN Messenger\\MSNMSGR.EXE"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\SteamApps\\bandidos911\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"c:\\WINDOWS\\System32\\fxssvc.exe"=
"c:\\WINDOWS\\System32\\wscntfy.exe"=
"c:\\WINDOWS\\System32\\Restore\\rstrui.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R4 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2006-12-14 17664]
R4 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2006-12-14 90112]
R4 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?]
S3 PhotoFrame;PhotoFrame_2.0 Device;c:\windows\system32\drivers\PhotoFrame.sys [2007-10-16 30208]
S3 XDva110;XDva110;\??\c:\windows\system32\XDva110.sys --> c:\windows\system32\XDva110.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc7e26b0-8be4-11db-b54b-0016cf9d250d}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{01c543da-fed5-4b54-ac92-ba63c42f2c52} - c:\windows\system32\gotumuda.dll
Toolbar-SITEguard - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D38F90F2-CCF7-440B-BEE8-94C20B001279} - c:\windows\system32\winpf77.dll
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-WebCamRT.exe - (no file)
HKLM-Run-CPM084a3598 - c:\windows\system32\zilozama.dll

.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 14:28:45
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\FICHIERS COMMUNS\LOGISHRD\LVMVFM\LVPRCSRV.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
c:\acer\Empowering Technology\eLock\Monitor\LockMon.exe
c:\acer\EMPOWERING TECHNOLOGY\ELOCK\LOCKSERV.EXE
c:\program files\Logitech\ImageStudio\LowLight.exe
c:\program files\FICHIERS COMMUNS\LOGISHRD\LVCOMSER\LVCOMSER.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\program files\FICHIERS COMMUNS\LOGISHRD\LVCOMSER\LVCOMSER.EXE
c:\windows\EHOME\MCRDSVC.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\docume~1\SERGEL~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-11 14:31:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-11 19:31:32

Avant-CF: 5 307 695 104 octets libres
Après-CF: 5,252,382,720 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

441 --- E O F --- 2008-12-18 23:12:59

Réponse 26 / 62

serdeninc Messages postés 37 Statut Membre

Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:29, on 2009-01-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe

Réponse 27 / 62

serdeninc Messages postés 37 Statut Membre

ca semble marcher je n'ai pas encore eu de fenetre intempetive!!!!

Réponse 28 / 62

serdeninc Messages postés 37 Statut Membre

Dans ajout /supression de progam MIRAR est encore la ca a commencer avec ca.si c'est pas grave on le laisse la???

Réponse 29 / 62

darkpoet Messages postés 1696 Statut Contributeur sécurité 62

Bonjour,

télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau

dézippe le dossier, double-clique sur GenProc.bat [img]http://forum.telecharger.01net.com/forum/lies/jeanchretien1-3.gif/img et poste le contenu du rapport qui s'ouvre

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

Réponse 30 / 62

serdeninc Messages postés 37 Statut Membre

Rapport GenProc 2.323 [1] - 2009-01-11 - Windows XP

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo)
Ce logiciel va permettre de supprimer tous les fichiers temporaires.
Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.

- MSNFix http://sosvirus.changelog.fr/MSNFix.zip (!aur3n7) et décompresse-le sur le Bureau.

Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** Serge Laplante ***

# Etape 2/

Lance Toolbar-S&D situé sur le Bureau.
Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau.

# Etape 4/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 5/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport MSNfix situé sur le Bureau ;
- Le contenu du rapport C:\TB.txt ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

____________________________________________________________________________________________________________

Sites officiels GenProc : www.alt-shift-return.org et www.genpr

Réponse 31 / 62

darkpoet Messages postés 1696 Statut Contributeur sécurité 62

suis les procedure genproc post les rapport je reprend demain on est presque au bout

Réponse 32 / 62

serdeninc Messages postés 37 Statut Membre

Merci a demain!!

Réponse 33 / 62

serdeninc Messages postés 37 Statut Membre

ead file error: C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.
read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.
read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 Mobile Technology MK-36 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Serge Laplante ( Administrator )
BOOT : Fail-safe boot
Antivirus : Avira AntiVir PersonalEdition Classic 0.0.0.0 (Activated)
C:\ (Local Disk) - FAT32 - Total:53 Go (Free:6 Go)
D:\ (Local Disk) - FAT32 - Total:53 Go (Free:34 Go)
E:\ (CD or DVD)
G:\ (Local Disk) - FAT32 - Total:298 Go (Free:250 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 2009-01-11|16:18 )

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 2009-01-03|11:44 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2009-01-04| 3:20 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 2009-01-10|10:58 - Option : [1]
4 - "C:\ToolBar SD\TB_4.txt" - 2009-01-11|16:18 - Option : [2]

-----------\\ Fin du rapport a 16:18:50,34

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:49, on 2009-01-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MSN Messenger\MSNMSGR.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe

Réponse 34 / 62

darkpoet Messages postés 1696 Statut Contributeur sécurité 62

Télécharge Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Une fois la mise à jour terminée,fermes Malwarebytes
. redemarres en mode sans échec pour savoir comment au cas ou tu ne saurrais pas regarde plus bas
. une fois en mode sans echec tu double-cliques sur l'icône de malwarebytes
. une fois ouvert rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés)

. cliques sur Supprimer la sélection

. Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc
. une fois redémarré en mode normal double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller

Si tu as besoin d'aide regarde ces tutoriels :
https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)

Réponse 35 / 62

serdeninc Messages postés 37 Statut Membre

voila le raport cool l'ordi va vite.

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1647
Windows 5.1.2600 Service Pack 3

2009-01-12 19:42:36
mbam-log-2009-01-12 (19-42-36).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 160335
Temps écoulé: 31 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 136

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\saliyono.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gayusomi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mulirowo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20081220-115706-759.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20081220-120130-307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20081220-120522-594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP652\A0250748.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP661\A0251737.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP662\A0252902.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP662\A0252903.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP662\A0252904.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP671\A0253145.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP671\A0253147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP672\A0253263.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP680\A0259495.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP680\A0259496.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP680\A0259497.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP684\A0259630.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP684\A0259634.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264032.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264048.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264049.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264050.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264051.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264052.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264054.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264062.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264063.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264066.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264070.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264072.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264073.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264074.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264075.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264081.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264082.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264084.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264087.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264089.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264091.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264092.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264093.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264094.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264099.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264100.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264101.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264115.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264116.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264117.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264123.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264142.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264144.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264145.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264146.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP688\A0264161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\DOCUME~1\SERGEL~1\LOCALS~1\Temp\tem205.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\DOCUME~1\SERGEL~1\LOCALS~1\Temp\tem215.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bodenago.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\busuhepi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dahehuto.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dapenado.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dapuzava.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dihikifa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fisalunu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fisojabe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gilinabo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gitugaba.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gudaruma.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hadubuja.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hapirafa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hasikevo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hefipube.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\heteseze.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jedubaji.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jehovagu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jurowuva.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kuvihube.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lahitola.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lolazonu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lopivasa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lorunefe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\loyayono.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nimakeju.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nobafuno.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nonutuga.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\panesehi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\panidoti.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\penuvoso.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pibesuba.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\piwujezo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pofepoye.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ragutapu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rogujizi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rumilamu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ruyunuze.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sekunara.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tadeyike.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tamereba.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tobokipa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\venaluwe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vokoveya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\widukemi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wifenolu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wigabulo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wuziyana.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yesavodi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yufarapu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yulejoka.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zayahari.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zelosubo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zenuyohi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zojiweju.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zurekasa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

Réponse 36 / 62

darkpoet Messages postés 1696 Statut Contributeur sécurité 62

ok vide la quarantaine de malwarebytes
un vundo est dans la restoration systeme fait cette manip svp
il faut desactiver la restauration systeme le temps du redemarrage dans DEMARRER puis TOUS LES PROG
puis ACCESOIRE puis OUTILS SYSTEME puis DANS RESTAURATION SYSTEME aller dans parametre et desactiver la restauration
tu redemare l ordi et tu remet la restoration meme manip activer la restoration

telecharge superantispyware

http://www.commentcamarche.net/telecharger/telecharger 34055294 superantispyware

fait un scan complet

Réponse 37 / 62

serdeninc Messages postés 37 Statut Membre

Merci beaucoup, tout est revnu comme avant . C.est incroyable la patience et le savoir que tu partage, merci encore .

Réponse 38 / 62

darkpoet Messages postés 1696 Statut Contributeur sécurité 62

pour desinstalller tout les fix utilisés fait ceci ci tu veux bien envoie un dernier hijackthis avant cette manip a ton service
Télécharge ToolsCleaner sur ton bureau.
-->
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur "Recherche" et laisse le scan agir ...
# Clique sur "Suppression" pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Réponse 39 / 62

serdeninc Messages postés 37 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:34, on 2009-01-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\DOCUME~1\SERGEL~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\Google Earth\googleearth.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%3flang%3dfr-ca%26OCID%3dFW54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe

Réponse 40 / 62

serdeninc Messages postés 37 Statut Membre

Le rapport est ici.

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\rapport_clean.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\*.msnfix: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !
C:\WINDOWS\system32\*.msnfix: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Serge Laplante\Mes documents\BUREAU\Clean.zip: trouvé !
C:\Documents and Settings\Serge Laplante\Mes documents\BUREAU\Navilog1.exe: trouvé !
C:\Documents and Settings\Serge Laplante\Mes documents\BUREAU\Navilog1.lnk: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\Msnfix.zip: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\GenProc.zip: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\MsnFix: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\GenProc: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\GenProc\Page\GenProc[*].html: trouvé !
C:\Documents and Settings\Serge Laplante\Bureau\GenProc\outil\GenProc[*].html: trouvé !
C:\Documents and Settings\Serge Laplante\Recent\MSNFix.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\1ClickUnZIP_unzipfolder\GenProc: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Serge Laplante\Mes documents\BUREAU\Clean.zip: supprimé !
C:\Documents and Settings\Serge Laplante\Mes documents\BUREAU\Navilog1.exe: supprimé !
C:\Documents and Settings\Serge Laplante\Mes documents\BUREAU\Navilog1.lnk: supprimé !
C:\Documents and Settings\Serge Laplante\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Serge Laplante\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Serge Laplante\Bureau\Msnfix.zip: supprimé !
C:\Documents and Settings\Serge Laplante\Bureau\GenProc.zip: supprimé !
C:\Documents and Settings\Serge Laplante\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Serge Laplante\Bureau\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\Serge Laplante\Bureau\ToolBarSD.exe: supprimé !
C:\Documents and Settings\Serge Laplante\Recent\MSNFix.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\rapport_clean.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\*.msnfix: ERREUR DE SUPPRESSION !!
C:\WINDOWS\msnfix.txt: supprimé !
C:\WINDOWS\system32\*.msnfix: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Serge Laplante\Bureau\GenProc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Serge Laplante\Bureau\GenProc\outil\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\Serge Laplante\Bureau\MsnFix: supprimé !
C:\Documents and Settings\Serge Laplante\Bureau\SmitFraudfix: supprimé !
C:\Documents and Settings\Serge Laplante\Bureau\GenProc: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: ERREUR DE SUPPRESSION !!
C:\1ClickUnZIP_unzipfolder\GenProc: supprimé !

Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !

Discussions similaires

Temps d’absence pour gagner des PA Amour Sucré

Mémoire insuffisante Office Pro Excel (peut importe l'année)

Dossier .zip : Fin de l'archive incorrecte

Impossible de désinstaller quoique ce soit

Mémoire insuffisante

Pas capable de finir

62 réponses

Votre réponse

Discussions similaires

Newsletters