Probleme a vec avast

petilouis Messages postés 24 Statut Membre -  
 gen-hackman -
Bonjour, j'ai un souci avec avast je n'ai plus l'icone en bas vers l'horloge et lorsque je l'ouvre j'ai ce message
(n'est pas une aplication win32 valide) de plus j'ai installé elibagla et je n'arrive plus a le suprimer
Configuration: Windows Vista
Internet Explorer 7.0

35 réponses

  • 1
  • 2
Résumé de la discussion

Le problème décrit concerne l'absence d'icône Avast près de l'horloge et un message indiquant que l'exécutable n'est pas une application Win32 valide, dans un contexte Windows Vista et IE7 et après installation d'Elibagla.
Plusieurs réponses recommandent des analyses de sécurité et nettoyages: FindyKill et Malwarebytes' Anti-Malware, avec des rapports d'infections et des éléments trouvés dans System32, AppData et des dossiers temporaires.
Des listes d'infections mentionnent des trojans et adware (Trojan.Lop, Rogue.WinSpywareProtect, Adware.Navipromo) et des fichiers dans C:\Program Files, C:\Users et C:\Windows, suscitant des quarantaines et suppressions successives.
En cas de persistance, certains auteurs signalent un indicateur Avast (logo rouge et blanc) et conseillent d'analyser les processus actifs ou de nettoyer les traces dans le fichier HOSTS et les répertoires sensibles.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. gen-hackman
     
    voila :-) c'est mieux

    pour elibagla tu peux le supprimer manuellement ce n'est pas un programme mais une application

    pour ton souci :

    Telecharge maintenant FindyKill sur ton bureau :

    http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

    --> Lance l installation avec les parametres par default

    --> Fais un clic droit sur le raccourci FindyKill sur ton bureau

    --> Choisi executer en tant qu administrateur

    --> Au menu principal,choisi l option 1 (Recherche)

    --> Post le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    0
  2. zedd62 Messages postés 100 Statut Membre 2
     
    Bonjour,

    Mais qu'est ce que elibagla ?

    A+
    Zedd
    0
  3. petilouis Messages postés 24 Statut Membre
     
    merci j'ai le rapport des que je peut le coller je vous l'envoie et voous me dirait ce que je doit faire
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. petilouis Messages postés 24 Statut Membre
     
    je n'arive pas a le copier coller
    0
  6. gen-hackman
     
    ctrl + A pour selectionner ,

    ctrl + C pour copier ,

    ctrl + V pour coller sur le forum apres avoir cliqué gauche une fois dans la cas de ta reponse ici
    0
  7. petilouis Messages postés 24 Statut Membre
     
    le voici

    ----------------- FindyKill V4.711 ------------------

    * User : user - PC-DE-USER
    * Emplacement : C:\Program Files\FindyKill
    * Outils Mis a jours le 05/01/09 par Chiquitine29
    * Recherche effectuée à 11:51:09 le 14/01/2009
    * Windows Vista - Internet Explorer 7.0.6001.18000

    ((((((((((((((((( *** Recherche *** ))))))))))))))))))

    --------------- [ Processus actifs ] ----------------

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Installer\MSI19FA.tmp
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
    C:\Users\user\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Program Files\Canal\Canal Widget\Canal Widget.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\user\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conime.exe

    --------------- [ Fichiers/Dossiers infectieux ] ----------------

    »»»» Presence des fichiers dans C:

    »»»» Presence des fichiers dans C:\Windows

    »»»» Presence des fichiers dans C:\Windows\Prefetch

    »»»» Presence des fichiers dans C:\Windows\system32

    Found ! [13/01/2009 18:20] - C:\Windows\system32\mdelk.exe
    Found ! [13/01/2009 18:20] - C:\Windows\system32\wintems.exe
    Found ! [14/01/2009 11:17] - C:\Windows\system32\ban_list.txt

    »»»» Presence des fichiers dans C:\Windows\system32\drivers

    »»»» Presence des fichiers dans C:\Users\user\AppData\Roaming

    Found ! [13/01/2009 18:24] - "C:\Users\user\AppData\Roaming\m\flec006.exe"
    Found ! [14/01/2009 07:13] - "C:\Users\user\AppData\Roaming\m\list.oct"
    Found ! [14/01/2009 07:13] - "C:\Users\user\AppData\Roaming\m\data.oct"
    Found ! [14/01/2009 07:13] - "C:\Users\user\AppData\Roaming\m\srvlist.oct"
    Found ! [14/01/2009 07:14] - "C:\Users\user\AppData\Roaming\m\shared"
    Found ! [14/01/2009 07:13] - "C:\Users\user\AppData\Roaming\m"
    Found ! [13/01/2009 19:12] - "C:\Users\user\AppData\Roaming\drivers"
    Found ! [13/01/2009 18:19] - "C:\Users\user\AppData\Roaming\drivers\srosa.sys"
    Found ! [13/01/2009 18:53] - "C:\Users\user\AppData\Roaming\drivers\downld"

    »»»» Presence des fichiers dans C:\Users\user\AppData\Local\Temp

    »»»» Presence des fichiers dans C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5

    Found ! [25/12/2007 12:12] - C:\Program Files\EA SPORTS\LFP Manager 07\filelist.txt
    Found ! [14/01/2009 11:17] - C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H3P26CF\file[1].txt

    --------------- [ Registre / Startup ] ----------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    ehTray.exe=C:\Windows\ehome\ehTray.exe
    TomTomHOME.exe="C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\OsdMaestro=
    ModelName=5189URF
    Version=1.00.007
    Language=1 (0x1)
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\OsdMaestro\Config=
    DisplayLabel=0 (0x0)
    TaskbarIcon=1 (0x1)
    ShowLockOSD=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    OsdMaestro="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    Windows Mobile-based device management=%windir%\WindowsMobile\wmdSync.exe
    Canal Widget="C:\Program Files\Canal\Canal Widget\Launcher.exe"
    HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    KBD=C:\HP\KBD\KbdStub.EXE
    RtHDVCpl=RtHDVCpl.exe
    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_CURRENT_USER\software\local appwizard-generated applications\HOMERunner]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\PhLeAutoRun]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\TestProg]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\UltimateZip 2007 3.2 With Crack]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

    --------------- [ Registre / Clés infectieuses ] ----------------

    Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\Local AppWizard-Generated Applications\UltimateZip 2007 3.2 With Crack
    Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\bisoft
    Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\DateTime4
    Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\FirtR
    Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\MuleAppData
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\UltimateZip 2007 3.2 With Crack
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
    Found ! - HKEY_CURRENT_USER\Software\bisoft
    Found ! - HKEY_CURRENT_USER\Software\DateTime4
    Found ! - HKEY_CURRENT_USER\Software\FirtR
    Found ! - HKEY_CURRENT_USER\Software\MuleAppData

    /!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
    /!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

    --------------- [ Etat / Services ] ----------------

    +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    /!\ Ndisuio - Type de démarrage = 4

    EapHost - Type de démarrage = 3

    Wlansvc - Type de démarrage = 3

    SharedAccess - Type de démarrage = 2

    wuauserv - Type de démarrage = 2

    /!\ wscsvc - Type de démarrage = 4

    /!\ WinDefend - Type de démarrage = 4

    /!\ UAC is Disable

    --------------- [ Recherche dans supports amovibles] ----------------

    +- Informations :

    C: - Lecteur fixe
    D: - Lecteur fixe

    +- presence des fichiers :

    --------------- [ Registre / Mountpoint2 ] ----------------

    -> Not found !

    ------------------- ! Fin du rapport ! --------------------
    0
  8. gen-hackman
     
    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    --> Fais clic droit sur le raccourci FindyKill sur ton bureau

    --> Au menu principal,choisi l option 2 (Suppression)

    /!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

    /!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

    -------> ensuite post le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    0
  9. petilouis
     
    voici l'autre rapport enfin je crois et je voudrais aussi suprimer bagle
    ----------------- FindyKill V4.711 ------------------

    * User : user - PC-DE-USER
    * executed from : C:\Program Files\FindyKill
    * Update on 05/01/09 par Chiquitine29
    * Start at 14:00:34 the 14/01/2009
    * Windows Vista - Internet Explorer 7.0.6001.18000

    ((((((((((((((( *** deleting *** ))))))))))))))))))

    --------------- [ Active Processes ] ----------------

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\userinit.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\runonce.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Installer\MSI19FA.tmp
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\conime.exe

    --------------- [ Infected files / folders ] ----------------

    »»»» Supression files in C:

    »»»» Supression files in C:\Windows

    »»»» Supression files in C:\Windows\Prefetch

    »»»» Supression files in C:\Windows\system32

    Deleted ! - C:\Windows\system32\mdelk.exe
    Deleted ! - C:\Windows\system32\wintems.exe
    Deleted ! - C:\Windows\system32\ban_list.txt

    »»»» Supression files in C:\Windows\system32\drivers

    »»»» Supression files in C:\Users\user\AppData\Roaming

    Deleted ! - "C:\Users\user\AppData\Roaming\m\flec006.exe"
    Deleted ! - "C:\Users\user\AppData\Roaming\m\list.oct"
    Deleted ! - "C:\Users\user\AppData\Roaming\m\data.oct"
    Deleted ! - "C:\Users\user\AppData\Roaming\m\srvlist.oct"
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\.Kaspersky.Antivirus.2006.+.key.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\60 v600 v620 v635 v66 v975 v980(1).zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\A-one Video to AVI Converter 6.2.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Alternate Archiver 2.403.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ANETGames Anti-Virus 2006 4.0.2.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ANNI Standard 3.24.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Antivir.workstation_win7u_en.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Argo 1 Build 134.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\BackToZIP 8.70.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\BlackandWhite 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Cats Happy Halloween Screensaver 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ChibiTracker 0.9a.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Clipboard Buddy 2.34.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ClpSendChar 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\CodeSpy 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Colasoft MAC Scanner 1.1 Build 209.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\CryptoWorks 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Currency Server 4.5.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DesignWorks Lite 4.2.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Digit Twister 1.8.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Dimension 4 5.0.35.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DirectMath 1.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Domain name search 2.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DOSBox (0.65) Config Editor 0.1.3b.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DotNet2FM 1.1.3.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Download Time Calculator 1.5.0.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Dr. DivX 2.01 Beta 7.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DropChute Pro 3.02.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DumpHD 0.51.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Duplicatch 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\e-PDF 2.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Easy Flyer Creator 1.0.1.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ECadConvert 1.6.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\eClean 2000 3.0.4.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\EMS Data Export 2007 for SQL Server 3.0.0.5.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Energy Converter 1.1.0.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\F-Prot.Antivirus.for.Windows.v3.14e-AGAiN.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Fantasy Calendar 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Fast FTP 0.2.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\FileRecovery for xD-Picture Card 2.5.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Fire In The Sky Screen Saver 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\FontInfo 1.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Free Forex Trade Screensaver 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Gift Badger Wishlist 1.0.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\GOCR Windows Frontend 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Gold Dictionaries French PPC 3.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\HART 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\HF Text 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\HKProgressBar 1.5.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\IconLayOut 1.3.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\iEmboss 1.18.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ImageToMp3 1.3.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\IMMonitor MySpaceIM Spy 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\InfoRapid Cardfile System 2.2h.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\K9 1.28.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\KAV KIS Kaspersky AntiVirus and Internet Security 2006 6.0.283 RC0 - French Francais + keys.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Konvertor pdf2xxx DLL 1.52.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Lil' Pretties 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\LingvoSoft Learning PhraseBook 2008 Polish - Arabic 2.3.91.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Mail Clients Inbox Senders Emails Extractor 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\MCE Tuner Extender 0.2.0.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Mini-XML 2.2.2.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\MMshall FLV MP4 Video Converter 1.6.0 build 302.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\MODPlug Player 1.46.01.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\MTop Web Button Menu Maker 3.2.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Multi Ping 1.02.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\My Info 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\NHL TOOLBAR 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Nod32.2.70.26.español+Fix+aRC-NodLogin.3.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Nod32.v2.12.2.Crk.Evilinc-Crackear.El.Nod-Funcionaç.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\North American Bears ScreenSaver 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Note Gadget 1.2.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\O&O Defrag Professional 11.1 Build 3362.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Omega Edit 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\PaintChips 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Partition Manager 9.0 Build 5753.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Passwords Max for Groups 5.47.5476.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\PC Diagnose 2.00.162.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\People.com.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Phex 3.2.6 Build 106.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\PostgreSQL PHP Generator 7.10.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Power DVD Player 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\PowerPoint Viewer OCX 3.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Pure Icon Pack.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\PureJPEG 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Red Banner 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Remote Helpdesk 6.5.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Retinal Diseases Simulator 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\RGB-2-HEX 1.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\RightBar 0.4.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\RouteWriter 2.4.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Secura Archiver 3.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\SendMsg 2.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Short Message Spider 1.31.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Soccer Frame 3.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\SoftCollection LED Line 1.16.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Softwin.BitDefender.Internet.Security.10.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\spamBat 1.0.179.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Sparkle SWF Optimizer 1.10.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Speed Tracks Eraser 1.60.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Spy Stalker 1.0.1.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Ssuite Personal Office 3.2.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Ston3d StandAlone Engine 1.6.0.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Symantec.AntiVirus.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\System Properties 1.60.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\TArtImg 1.00.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Task Minder 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\TaskRun 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Texas Pete Poker 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Tiny Menu 1.4.9.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Tourism Malaysia - Beach Screensaver.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Tubetrack 0.8.2.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Tulip Swirl Theme 1.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\UltraShareware Html To PDF 2.0.2008.401.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\UnlimitedFTP Professional 2.8.5.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ViVi PSP Converter 2.1.3.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\VivoStatic 3.0.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\WidgetDockMod 2.9b.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Xilisoft AVI MPEG Converter 5.1.17.1027.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\XL-DBQuery Professional 1.0.4.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\YeahReader 2.4 Build 293.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ZippyLock 2.1.0 Build 10000.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\[1] [0] Star Wars Imperial Ace J2me Nokia N92 N93 N73 E61 N71 E50 240x320 symbian s60 v3 os9.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\[APPZ]Panda.Platinum.Internet.Security.2007.11.00.ITA.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\[Full].kaspersky.antivirus.2006.beta.keys.zip
    Deleted ! - C:\Users\user\AppData\Roaming\m\shared\].zip
    Deleted ! - "C:\Users\user\AppData\Roaming\m\shared"
    Deleted ! - "C:\Users\user\AppData\Roaming\m"
    Deleted ! - "C:\Users\user\AppData\Roaming\drivers\srosa.sys"
    Deleted ! - "C:\Users\user\AppData\Roaming\drivers\downld"
    Deleted ! - "C:\Users\user\AppData\Roaming\drivers"

    »»»» Supression files in C:\Users\user\AppData\Local\Temp

    »»»» Supression files in C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5

    Deleted ! - C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\1H3P26CF\file[1].txt

    --------------- [ Registry / Infected keys ] ----------------

    Deleted ! - HKEY_CURRENT_USER\Software\bisoft
    Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
    Deleted ! - HKEY_CURRENT_USER\Software\FirtR
    Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
    Deleted ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\Local AppWizard-Generated Applications\UltimateZip 2007 3.2 With Crack
    Deleted ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\Local AppWizard-Generated Applications\winupgro
    Deleted ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\MuleAppData

    --------------- [ States / Restarting of services ] ----------------

    +- Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - Type of startup = 3

    EapHost - Type of startup = 2

    Wlansvc - Type of startup = 2

    SharedAccess - Type of startup = 2

    wuauserv - Type of startup = 2

    wscsvc - Type of startup = 2

    WinDefend - Type of startup = 2

    -> UAC is Enable

    --------------- [ Cleaning removable drives ] ----------------

    +- Informations :

    C: - Lecteur fixe
    D: - Lecteur fixe

    +- deleting files :

    --------------- [ Registry / Mountpoint2 ] ----------------

    -> Not found !

    --------------- [ Searching Other Infections ] ----------------

    Références de comparaison Bagle MD5 :

    113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\mdelk.exe
    113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\wintems.exe

    Suspect ! - 51584f8933afd492af006c6ca546be7b C:\Program Files\TomTom HOME 2\HOMERunner.exe
    Suspect ! - 51584f8933afd492af006c6ca546be7b C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe

    --------------- [ Searching Cracks / Keygen ] ----------------

    C:\Users\user\AppData\Roaming\Microsoft\Office\Fichiers récents\! Microsoft Office 2007 Crack-Serial-Keygen.lnk
    C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen
    C:\Users\user\Documents\Auto Keygenerators ( Mitchell BOSCH DAS WIS EPC ESI Autodata 2005 2006 Keygen + Software).htm
    C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\! Microsoft Office 2007 Crack-Serial-Keygen.zip
    C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\gestion[1]
    C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK
    C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\ace.1.1.1.1.exe
    C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\Adutil.1.1.1.1.exe
    C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe

    ---------------- ! End of report ! ------------------
    0
  10. gen-hackman
     
    ---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\Users\user\AppData\Roaming\Microsoft\Office\Fichiers récents\! Microsoft Office 2007 Crack-Serial-Keygen.lnk
    C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen
    C:\Users\user\Documents\Auto Keygenerators ( Mitchell BOSCH DAS WIS EPC ESI Autodata 2005 2006 Keygen + Software).htm
    C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\! Microsoft Office 2007 Crack-Serial-Keygen.zip
    C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\gestion[1]
    C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK
    C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\ace.1.1.1.1.exe
    C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\Adutil.1.1.1.1.exe
    C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
  11. petilouis
     
    a========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    C:\Users\user\AppData\Roaming\Microsoft\Office\Fichiers récents\! Microsoft Office 2007 Crack-Serial-Keygen.lnk moved successfully.
    C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen moved successfully.
    C:\Users\user\Documents\Auto Keygenerators ( Mitchell BOSCH DAS WIS EPC ESI Autodata 2005 2006 Keygen + Software).htm moved successfully.
    File/Folder C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\! Microsoft Office 2007 Crack-Serial-Keygen.zip not found.
    File/Folder C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\gestion[1] not found.
    C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK moved successfully.
    File/Folder C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\ace.1.1.1.1.exe not found.
    File/Folder C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\Adutil.1.1.1.1.exe not found.
    C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe moved successfully.
    C:\Program Files\TomTom HOME 2\HOMERunner.exe moved successfully.
    File/Folder C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe not found.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01142009_151057

    maintenant en bas j'a i(internet mode protégé:activé) mais je n'ai toujours pas le logo avast vers l'horloge est ce normal?
    0
  12. gen-hackman
     
    oui :

    Télécharge MalwareByte's :
    http://www.malwarebytes.org/mbam.php ou ici :
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    * Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    (NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

    * Potasse le tuto pour te familiariser avec le prg :
    https://forum.pcastuces.com/sujet.asp?f=31&s=3
    ( cela dis, il est très simple d'utilisation ).

    ! Déconnecte toi et ferme toutes applications en cours !

    * Lance Malwarebyte's .

    Fais un examen dit "Rapide" .

    --> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    --> à la fin tu cliques sur "résultat" .
    --> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    0
    1. petilouis Messages postés 24 Statut Membre
       
      avez vous recu le rapport
      0
  13. petilouis Messages postés 24 Statut Membre
     
    Malwarebytes' Anti-Malware 1.32
    Version de la base de données: 1650
    Windows 6.0.6001 Service Pack 1

    14/01/2009 15:53:24
    mbam-log-2009-01-14 (15-53-24).txt

    Type de recherche: Examen rapide
    Eléments examinés: 62302
    Temps écoulé: 3 minute(s), 24 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 13
    Fichier(s) infecté(s): 16

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
    C:\Program Files\BitDownload\Skins (Trojan.Lop) -> Quarantined and deleted successfully.
    C:\ProgramData\Software Licensors\Antispyware PRO XP (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
    C:\ProgramData\Software Licensors\Antispyware PRO XP\BASE (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
    C:\ProgramData\Software Licensors\Antispyware PRO XP\DELETED (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
    C:\ProgramData\Software Licensors\Antispyware PRO XP\LOG (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
    C:\ProgramData\Software Licensors\Antispyware PRO XP\SAVED (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
    C:\ProgramData\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\ProgramData\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Users\user\Local Settings\Application Data\hpnlyee_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\user\Local Settings\Application Data\hpnlyee_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\user\Local Settings\Application Data\hpnlyee.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\user\Local Settings\Application Data\pkskokw_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\user\Local Settings\Application Data\pkskokw_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\user\Local Settings\Application Data\pkskokw.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Program Files\BitDownload\session.store (Trojan.Lop) -> Quarantined and deleted successfully.
    C:\Program Files\BitDownload\state.dht (Trojan.Lop) -> Quarantined and deleted successfully.
    C:\Program Files\BitDownload\unins000.dat (Trojan.Lop) -> Quarantined and deleted successfully.
    C:\Program Files\BitDownload\Skins\Stylish.skf (Trojan.Lop) -> Quarantined and deleted successfully.
    C:\ProgramData\Software Licensors\Antispyware PRO XP\LOG\20080908225718084.log (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
    C:\ProgramData\Software Licensors\Antispyware PRO XP\LOG\20080909091047413.log (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
    C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723223841310.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080724123038100.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080724125302901.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
    C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    0
  14. gen-hackman
     
    petites verifs :

    tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    * Double-clique dessus pour lancer l'installation
    * Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    * Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
    * Patiente jusqu'à la fin du scan
    * Poste le rapport généré (C:\lopR.txt)

    ensuite :

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Vas dans "Démarrer" puis Panneau de configuration.
    - Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
    - Clique sur Continuer.
    - Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
    - Valide par OK et redémarre.

    Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517

    Télécharge maintenant Navilog1 depuis-ce lien :

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis :

    "Exécuter en tant qu'administrateur".

    Au menu principal, Fais le choix 1
    Laisse toi guider et patiente.
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche le blocnote va s'ouvrir.
    Copie-colle l'intégralité du rapport dans une réponse.
    Referme le blocnote
    Le rapport fixnavi.txt est en outre sauvegardé a la racine du disque

    Tuto : http://www.malekal.com/Adware.Magic_Control.php

    0
  15. petilouis Messages postés 24 Statut Membre
     
    il scan toujour et a chaque roaming j'ai ce message (utilitaire (QGREP) de recherche a cesser de fonctionner)
    0
  16. gen-hackman
     
    redemarres, refais findykill option 2 et retente le post16

    envoie tous les rapports commme demandé
    0
  17. petilouis
     
    en voici un

    ----------------- FindyKill V4.711 ------------------

    * User : user - PC-DE-USER
    * executed from : C:\Program Files\FindyKill
    * Update on 05/01/09 par Chiquitine29
    * Start at 20:03:20 the 14/01/2009
    * Windows Vista - Internet Explorer 7.0.6001.18000

    ((((((((((((((( *** deleting *** ))))))))))))))))))

    --------------- [ Active Processes ] ----------------

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\userinit.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Installer\MSI19FA.tmp
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\runonce.exe
    C:\Windows\system32\conime.exe

    --------------- [ Infected files / folders ] ----------------

    »»»» Supression files in C:

    »»»» Supression files in C:\Windows

    »»»» Supression files in C:\Windows\Prefetch

    »»»» Supression files in C:\Windows\system32

    »»»» Supression files in C:\Windows\system32\drivers

    »»»» Supression files in C:\Users\user\AppData\Roaming

    »»»» Supression files in C:\Users\user\AppData\Local\Temp

    »»»» Supression files in C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5

    Deleted ! - C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\1H3P26CF\file[1].txt

    --------------- [ Registry / Infected keys ] ----------------

    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe

    --------------- [ States / Restarting of services ] ----------------

    +- Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - Type of startup = 3

    EapHost - Type of startup = 2

    Wlansvc - Type of startup = 2

    SharedAccess - Type of startup = 2

    wuauserv - Type of startup = 2

    wscsvc - Type of startup = 2

    WinDefend - Type of startup = 2

    -> UAC is Enable

    --------------- [ Cleaning removable drives ] ----------------

    +- Informations :

    C: - Lecteur fixe
    D: - Lecteur fixe

    +- deleting files :

    --------------- [ Registry / Mountpoint2 ] ----------------

    -> Not found !

    --------------- [ Searching Other Infections ] ----------------

    Suspect ! - 51584f8933afd492af006c6ca546be7b C:\_OTMoveIt\MovedFiles\01142009_151057\Program Files\TomTom HOME 2\HOMERunner.exe
    Suspect ! - 51584f8933afd492af006c6ca546be7b C:\_OTMoveIt\MovedFiles\01142009_151057\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe

    --------------- [ Searching Cracks / Keygen ] ----------------

    ---------------- ! End of report ! ------------------
    0
  18. petilouis
     
    je ne peut toujour pas scanner j 'ai le méme message
    0
  19. petilouis
     
    j'ai ceci si ca peut d'aider

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : user ( Not Administrator ! )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:225 Go (Free:121 Go)
    D:\ (Local Disk) - NTFS - Total:7 Go (Free:0 Go)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 14/01/2009|20:38 )

    [ UAC => 1 ]

    --------------------\\ Listing des dossiers dans Local

    [26/01/2008|18:29] C:\Users\user\AppData\Local\Adobe
    [01/11/2008|20:31] C:\Users\user\AppData\Local\Apple
    [01/11/2008|21:13] C:\Users\user\AppData\Local\Apple Computer
    [20/11/2007|18:24] C:\Users\user\AppData\Local\Application Data
    [25/12/2007|15:53] C:\Users\user\AppData\Local\Apps
    [22/11/2007|16:43] C:\Users\user\AppData\Local\ATI
    [01/11/2008|19:38] C:\Users\user\AppData\Local\d3d9caps.dat
    [05/01/2009|13:59] C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [13/09/2008|19:57] C:\Users\user\AppData\Local\Downloaded Installations
    [02/01/2008|15:07] C:\Users\user\AppData\Local\eMule(267)
    [17/12/2008|15:01] C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
    [17/12/2008|08:25] C:\Users\user\AppData\Local\Google
    [22/11/2007|16:43] C:\Users\user\AppData\Local\Hewlett-Packard
    [20/11/2007|18:24] C:\Users\user\AppData\Local\Historique
    [24/03/2008|18:01] C:\Users\user\AppData\Local\HP
    [23/12/2007|15:21] C:\Users\user\AppData\Local\HP Guide
    [14/01/2009|19:55] C:\Users\user\AppData\Local\IconCache.db
    [01/08/2008|20:19] C:\Users\user\AppData\Local\Microsoft
    [08/07/2008|11:16] C:\Users\user\AppData\Local\Microsoft Games
    [15/04/2008|19:21] C:\Users\user\AppData\Local\Microsoft Help
    [26/07/2008|14:04] C:\Users\user\AppData\Local\MigWiz
    [19/12/2008|13:02] C:\Users\user\AppData\Local\Mozilla
    [04/05/2008|16:30] C:\Users\user\AppData\Local\PHOTOCITE Collection
    [14/01/2009|20:37] C:\Users\user\AppData\Local\Temp
    [20/11/2007|18:24] C:\Users\user\AppData\Local\Temporary Internet Files
    [07/08/2008|21:10] C:\Users\user\AppData\Local\TomTom
    [31/03/2008|21:09] C:\Users\user\AppData\Local\torrent_search
    [23/12/2007|15:42] C:\Users\user\AppData\Local\VirtualStore
    [29/12/2007|23:29] C:\Users\user\AppData\Local\WindowsUpdate

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [08/01/2009 08:22][--a------] C:\Windows\tasks\HPCeeScheduleForguillaume.job
    [14/01/2009 20:35][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{C4524A21-C82B-4114-9A1F-5915D5513B44}.job
    [14/01/2009 17:36][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{C82B5FD6-1CD9-40EB-86E0-016494637A45}.job
    [12/01/2009 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Analyse système complète - user.job
    [14/01/2009 20:03][--ah-----] C:\Windows\tasks\SA.DAT
    [14/01/2009 20:02][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [13/07/2008|20:25] C:\ProgramData\Adobe
    [23/12/2007|14:50] C:\ProgramData\Ahead
    [02/11/2006|14:02] C:\ProgramData\Application Data
    [03/09/2007|05:57] C:\ProgramData\ATI
    [20/11/2007|18:20] C:\ProgramData\Bureau
    [22/04/2008|13:05] C:\ProgramData\ConeXware
    [02/11/2006|14:02] C:\ProgramData\Desktop
    [02/11/2006|14:02] C:\ProgramData\Documents
    [18/01/2008|07:31] C:\ProgramData\DVD X Studios
    [12/01/2009|19:10] C:\ProgramData\eMule
    [20/11/2007|18:20] C:\ProgramData\Favoris
    [02/11/2006|14:02] C:\ProgramData\Favorites
    [22/12/2007|20:09] C:\ProgramData\Google
    [22/11/2007|16:43] C:\ProgramData\Hewlett-Packard
    [24/03/2008|18:06] C:\ProgramData\HP
    [24/03/2008|18:06] C:\ProgramData\hpzinstall.log
    [14/01/2009|15:41] C:\ProgramData\Malwarebytes
    [20/11/2007|18:20] C:\ProgramData\Menu Démarrer
    [17/12/2008|17:56] C:\ProgramData\Microsoft
    [13/01/2009|20:26] C:\ProgramData\Microsoft Help
    [20/11/2007|18:20] C:\ProgramData\Modèles
    [03/09/2007|06:07] C:\ProgramData\muvee Technologies
    [03/09/2007|06:13] C:\ProgramData\PC-Doctor
    [01/08/2008|18:54] C:\ProgramData\Roxio
    [08/09/2008|21:57] C:\ProgramData\services
    [14/01/2009|15:53] C:\ProgramData\Software Licensors
    [11/01/2009|20:44] C:\ProgramData\SolidDocuments
    [03/09/2007|05:59] C:\ProgramData\Sonic
    [02/11/2006|14:02] C:\ProgramData\Start Menu
    [12/01/2008|17:28] C:\ProgramData\Symantec
    [13/01/2009|20:56] C:\ProgramData\TEMP
    [02/11/2006|14:02] C:\ProgramData\Templates
    [31/08/2008|13:31] C:\ProgramData\TomTom
    [16/02/2008|17:55] C:\ProgramData\Trymedia
    [04/08/2008|20:37] C:\ProgramData\WildTangent
    [22/04/2008|12:50] C:\ProgramData\WinZip
    [25/03/2008|16:10] C:\ProgramData\WLInstaller
    [07/02/2008|12:57] C:\ProgramData\Xerox
    [30/12/2007|11:04] C:\ProgramData\Yahoo!
    [22/04/2008|21:02] C:\ProgramData\Yahoo! Companion

    --------------------\\ Listing des dossiers dans C:\Program Files

    [24/08/2008|20:49] C:\Program Files\Activision Value
    [19/08/2008|10:03] C:\Program Files\Adobe
    [13/01/2009|18:13] C:\Program Files\Alwil Software
    [08/03/2008|20:17] C:\Program Files\ArcSoft
    [03/09/2007|05:52] C:\Program Files\ATI
    [03/09/2007|05:53] C:\Program Files\ATI Technologies
    [31/03/2008|21:11] C:\Program Files\BitTorrent Fastest Tool
    [13/09/2008|19:58] C:\Program Files\Canal
    [13/01/2009|22:11] C:\Program Files\Common Files
    [23/12/2007|09:59] C:\Program Files\directx
    [25/12/2007|12:07] C:\Program Files\EA SPORTS
    [12/01/2009|19:10] C:\Program Files\eMule
    [05/05/2008|20:27] C:\Program Files\EPSON
    [20/11/2007|18:20] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [14/01/2009|20:26] C:\Program Files\FindyKill
    [23/12/2007|09:11] C:\Program Files\Google
    [11/11/2008|20:19] C:\Program Files\GrandBilliards
    [27/01/2008|15:21] C:\Program Files\Hewlett-Packard
    [03/09/2007|06:09] C:\Program Files\HP
    [04/08/2008|20:43] C:\Program Files\HP Games
    [24/08/2008|13:41] C:\Program Files\Infogrames
    [17/12/2008|13:52] C:\Program Files\InstallShield Installation Information
    [17/12/2008|13:52] C:\Program Files\Internet Explorer
    [08/01/2008|20:39] C:\Program Files\Java
    [01/08/2008|19:34] C:\Program Files\K-Lite Codec Pack
    [14/01/2009|15:41] C:\Program Files\Malwarebytes' Anti-Malware
    [16/12/2008|22:30] C:\Program Files\Metin2_France
    [17/12/2008|18:08] C:\Program Files\Microsoft
    [02/11/2006|13:37] C:\Program Files\Microsoft Games
    [17/12/2008|08:29] C:\Program Files\Microsoft Office
    [01/11/2008|20:13] C:\Program Files\Microsoft Silverlight
    [13/01/2008|15:41] C:\Program Files\Microsoft SQL Server Compact Edition
    [13/01/2009|20:17] C:\Program Files\Microsoft Visual Studio 8
    [27/01/2008|08:54] C:\Program Files\Microsoft.NET
    [23/03/2008|12:00] C:\Program Files\Movie Maker
    [27/01/2008|08:56] C:\Program Files\MSBuild
    [25/01/2008|21:09] C:\Program Files\MSECache
    [16/12/2008|18:02] C:\Program Files\MSXML 4.0
    [18/06/2008|20:22] C:\Program Files\Norton Internet Security
    [29/12/2007|21:33] C:\Program Files\Orange
    [04/05/2008|16:39] C:\Program Files\Panasonic
    [30/07/2008|17:35] C:\Program Files\PC-Doctor 5 for Windows
    [04/05/2008|16:50] C:\Program Files\PHOTOCITE Collection
    [24/03/2008|16:55] C:\Program Files\Plug-Ins
    [04/01/2008|21:17] C:\Program Files\Real
    [17/12/2008|13:52] C:\Program Files\Realtek
    [02/11/2006|13:37] C:\Program Files\Reference Assemblies
    [17/12/2008|14:13] C:\Program Files\Roxio
    [01/01/2008|21:30] C:\Program Files\SAGEM
    [03/09/2007|06:16] C:\Program Files\Services en ligne
    [11/01/2009|20:45] C:\Program Files\SolidDocuments
    [14/01/2009|15:10] C:\Program Files\TomTom HOME 2
    [31/08/2008|14:53] C:\Program Files\Tomtomax Maxi-Box
    [31/03/2008|21:09] C:\Program Files\torrent_search
    [12/01/2009|21:33] C:\Program Files\UltimateZip 2007
    [02/11/2006|14:01] C:\Program Files\Uninstall Information
    [19/11/2008|20:46] C:\Program Files\Unity
    [29/01/2008|11:04] C:\Program Files\Wanadoo
    [23/03/2008|12:00] C:\Program Files\Windows Calendar
    [23/03/2008|12:00] C:\Program Files\Windows Collaboration
    [23/03/2008|12:00] C:\Program Files\Windows Defender
    [23/03/2008|12:00] C:\Program Files\Windows Journal
    [17/12/2008|18:08] C:\Program Files\Windows Live
    [17/12/2008|18:03] C:\Program Files\Windows Live SkyDrive
    [13/01/2009|20:49] C:\Program Files\Windows Mail
    [23/03/2008|12:00] C:\Program Files\Windows Media Player
    [20/11/2007|18:20] C:\Program Files\Windows NT
    [23/03/2008|12:00] C:\Program Files\Windows Photo Gallery
    [23/03/2008|12:00] C:\Program Files\Windows Sidebar
    [27/04/2008|19:19] C:\Program Files\WinRAR
    [23/04/2008|12:51] C:\Program Files\WinZip
    [23/02/2008|20:29] C:\Program Files\XnView
    [22/04/2008|20:57] C:\Program Files\Yahoo!
    [11/01/2008|22:31] C:\Program Files\ZGF_Fr

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [04/05/2008|13:56] C:\Program Files\Common Files\Adobe
    [26/11/2008|20:46] C:\Program Files\Common Files\Adobe AIR
    [23/12/2007|14:50] C:\Program Files\Common Files\Ahead
    [08/03/2008|20:19] C:\Program Files\Common Files\ArcSoft
    [25/06/2008|18:50] C:\Program Files\Common Files\Autodata Limited Shared
    [27/01/2008|08:55] C:\Program Files\Common Files\DESIGNER
    [29/12/2007|21:17] C:\Program Files\Common Files\France Telecom
    [17/02/2008|18:12] C:\Program Files\Common Files\InstallShield
    [03/09/2007|06:08] C:\Program Files\Common Files\Java
    [03/09/2007|06:07] C:\Program Files\Common Files\LightScribe
    [03/09/2007|06:07] C:\Program Files\Common Files\LS Getting Started
    [17/12/2008|18:04] C:\Program Files\Common Files\microsoft shared
    [01/01/2008|19:25] C:\Program Files\Common Files\muvee Technologies
    [17/12/2008|13:52] C:\Program Files\Common Files\Nero
    [27/04/2008|18:11] C:\Program Files\Common Files\PC SOFT
    [17/12/2008|14:10] C:\Program Files\Common Files\PX Storage Engine
    [17/12/2008|14:12] C:\Program Files\Common Files\Roxio Shared
    [02/11/2006|12:18] C:\Program Files\Common Files\Services
    [17/12/2008|14:10] C:\Program Files\Common Files\Sonic Shared
    [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
    [17/12/2008|14:13] C:\Program Files\Common Files\SureThing Shared
    [23/04/2008|11:40] C:\Program Files\Common Files\Symantec Shared
    [23/03/2008|12:00] C:\Program Files\Common Files\System
    [17/12/2008|17:56] C:\Program Files\Common Files\Windows Live
    [30/12/2007|11:16] C:\Program Files\Common Files\WindowsLiveInstaller

    --------------------\\ Process

    ( 48 Processes )

    iexplore.exe ~ [PID:2040]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\Program Files\BitTorrent Fastest Tool
    C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
    C:\Users\user\AppData\Roaming\MICROS~1\Windows\Cookies\user@advertising[1].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme
    0
  • 1
  • 2