Sujet Précédent Sujet Suivant

Probleme a vec avast

Fermé
petilouis Messages postés 24 Date d'inscription mercredi 14 janvier 2009 Statut Membre Dernière intervention 4 février 2009 - 14 janv. 2009 à 09:00
 Utilisateur anonyme - 24 janv. 2009 à 21:46
Bonjour, j'ai un souci avec avast je n'ai plus l'icone en bas vers l'horloge et lorsque je l'ouvre j'ai ce message
(n'est pas une aplication win32 valide) de plus j'ai installé elibagla et je n'arrive plus a le suprimer
A voir également:

35 réponses

  • 1
  • 2
Réponse 1 / 35
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
14 janv. 2009 à 09:05
Bonjour,

telecharge hijackthis

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

choisit "do a scan and save the log" et poste le rapport stp
0
Réponse 2 / 35
Utilisateur anonyme
14 janv. 2009 à 09:06
voila :-) c'est mieux

pour elibagla tu peux le supprimer manuellement ce n'est pas un programme mais une application

pour ton souci :


Telecharge maintenant FindyKill sur ton bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Fais un clic droit sur le raccourci FindyKill sur ton bureau

--> Choisi executer en tant qu administrateur

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 3 / 35
zedd62 Messages postés 88 Date d'inscription lundi 12 janvier 2009 Statut Membre Dernière intervention 5 mars 2009 2
14 janv. 2009 à 09:06
Bonjour,

Mais qu'est ce que elibagla ?

A+
Zedd
0
Réponse 4 / 35
petilouis Messages postés 24 Date d'inscription mercredi 14 janvier 2009 Statut Membre Dernière intervention 4 février 2009
14 janv. 2009 à 11:53
merci j'ai le rapport des que je peut le coller je vous l'envoie et voous me dirait ce que je doit faire
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 35
Utilisateur anonyme
14 janv. 2009 à 11:56
bien je l atttends
0
Réponse 6 / 35
petilouis Messages postés 24 Date d'inscription mercredi 14 janvier 2009 Statut Membre Dernière intervention 4 février 2009
14 janv. 2009 à 13:41
je n'arive pas a le copier coller
0
Réponse 7 / 35
Utilisateur anonyme
14 janv. 2009 à 13:47
ctrl + A pour selectionner ,

ctrl + C pour copier ,

ctrl + V pour coller sur le forum apres avoir cliqué gauche une fois dans la cas de ta reponse ici
0
Réponse 8 / 35
petilouis Messages postés 24 Date d'inscription mercredi 14 janvier 2009 Statut Membre Dernière intervention 4 février 2009
14 janv. 2009 à 13:48
le voici

----------------- FindyKill V4.711 ------------------

* User : user - PC-DE-USER
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 11:51:09 le 14/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\Installer\MSI19FA.tmp
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Users\user\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Canal\Canal Widget\Canal Widget.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\user\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\Windows


»»»» Presence des fichiers dans C:\Windows\Prefetch


»»»» Presence des fichiers dans C:\Windows\system32

Found ! [13/01/2009 18:20] - C:\Windows\system32\mdelk.exe
Found ! [13/01/2009 18:20] - C:\Windows\system32\wintems.exe
Found ! [14/01/2009 11:17] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\drivers


»»»» Presence des fichiers dans C:\Users\user\AppData\Roaming

Found ! [13/01/2009 18:24] - "C:\Users\user\AppData\Roaming\m\flec006.exe"
Found ! [14/01/2009 07:13] - "C:\Users\user\AppData\Roaming\m\list.oct"
Found ! [14/01/2009 07:13] - "C:\Users\user\AppData\Roaming\m\data.oct"
Found ! [14/01/2009 07:13] - "C:\Users\user\AppData\Roaming\m\srvlist.oct"
Found ! [14/01/2009 07:14] - "C:\Users\user\AppData\Roaming\m\shared"
Found ! [14/01/2009 07:13] - "C:\Users\user\AppData\Roaming\m"
Found ! [13/01/2009 19:12] - "C:\Users\user\AppData\Roaming\drivers"
Found ! [13/01/2009 18:19] - "C:\Users\user\AppData\Roaming\drivers\srosa.sys"
Found ! [13/01/2009 18:53] - "C:\Users\user\AppData\Roaming\drivers\downld"

»»»» Presence des fichiers dans C:\Users\user\AppData\Local\Temp


»»»» Presence des fichiers dans C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5

Found ! [25/12/2007 12:12] - C:\Program Files\EA SPORTS\LFP Manager 07\filelist.txt
Found ! [14/01/2009 11:17] - C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H3P26CF\file[1].txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ehTray.exe=C:\Windows\ehome\ehTray.exe
TomTomHOME.exe="C:\Program Files\TomTom HOME 2\HOMERunner.exe"
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\OsdMaestro=
ModelName=5189URF
Version=1.00.007
Language=1 (0x1)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\OsdMaestro\Config=
DisplayLabel=0 (0x0)
TaskbarIcon=1 (0x1)
ShowLockOSD=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
OsdMaestro="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
Windows Mobile-based device management=%windir%\WindowsMobile\wmdSync.exe
Canal Widget="C:\Program Files\Canal\Canal Widget\Launcher.exe"
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
KBD=C:\HP\KBD\KbdStub.EXE
RtHDVCpl=RtHDVCpl.exe
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_CURRENT_USER\software\local appwizard-generated applications\HOMERunner]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\PhLeAutoRun]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\TestProg]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\UltimateZip 2007 3.2 With Crack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\Local AppWizard-Generated Applications\UltimateZip 2007 3.2 With Crack
Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\UltimateZip 2007 3.2 With Crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4

/!\ UAC is Disable

--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 9 / 35
Utilisateur anonyme
14 janv. 2009 à 13:53
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


--> Fais clic droit sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 10 / 35
petilouis
14 janv. 2009 à 14:33
voici l'autre rapport enfin je crois et je voudrais aussi suprimer bagle
----------------- FindyKill V4.711 ------------------

* User : user - PC-DE-USER
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 14:00:34 the 14/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\runonce.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\Installer\MSI19FA.tmp
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch


»»»» Supression files in C:\Windows\system32

Deleted ! - C:\Windows\system32\mdelk.exe
Deleted ! - C:\Windows\system32\wintems.exe
Deleted ! - C:\Windows\system32\ban_list.txt

»»»» Supression files in C:\Windows\system32\drivers


»»»» Supression files in C:\Users\user\AppData\Roaming

Deleted ! - "C:\Users\user\AppData\Roaming\m\flec006.exe"
Deleted ! - "C:\Users\user\AppData\Roaming\m\list.oct"
Deleted ! - "C:\Users\user\AppData\Roaming\m\data.oct"
Deleted ! - "C:\Users\user\AppData\Roaming\m\srvlist.oct"
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\.Kaspersky.Antivirus.2006.+.key.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\60 v600 v620 v635 v66 v975 v980(1).zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\A-one Video to AVI Converter 6.2.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Alternate Archiver 2.403.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ANETGames Anti-Virus 2006 4.0.2.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ANNI Standard 3.24.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Antivir.workstation_win7u_en.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Argo 1 Build 134.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\BackToZIP 8.70.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\BlackandWhite 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Cats Happy Halloween Screensaver 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ChibiTracker 0.9a.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Clipboard Buddy 2.34.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ClpSendChar 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\CodeSpy 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Colasoft MAC Scanner 1.1 Build 209.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\CryptoWorks 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Currency Server 4.5.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DesignWorks Lite 4.2.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Digit Twister 1.8.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Dimension 4 5.0.35.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DirectMath 1.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Domain name search 2.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DOSBox (0.65) Config Editor 0.1.3b.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DotNet2FM 1.1.3.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Download Time Calculator 1.5.0.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Dr. DivX 2.01 Beta 7.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DropChute Pro 3.02.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\DumpHD 0.51.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Duplicatch 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\e-PDF 2.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Easy Flyer Creator 1.0.1.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ECadConvert 1.6.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\eClean 2000 3.0.4.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\EMS Data Export 2007 for SQL Server 3.0.0.5.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Energy Converter 1.1.0.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\F-Prot.Antivirus.for.Windows.v3.14e-AGAiN.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Fantasy Calendar 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Fast FTP 0.2.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\FileRecovery for xD-Picture Card 2.5.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Fire In The Sky Screen Saver 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\FontInfo 1.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Free Forex Trade Screensaver 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Gift Badger Wishlist 1.0.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\GOCR Windows Frontend 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Gold Dictionaries French PPC 3.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\HART 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\HF Text 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\HKProgressBar 1.5.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\IconLayOut 1.3.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\iEmboss 1.18.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ImageToMp3 1.3.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\IMMonitor MySpaceIM Spy 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\InfoRapid Cardfile System 2.2h.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\K9 1.28.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\KAV KIS Kaspersky AntiVirus and Internet Security 2006 6.0.283 RC0 - French Francais + keys.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Konvertor pdf2xxx DLL 1.52.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Lil' Pretties 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\LingvoSoft Learning PhraseBook 2008 Polish - Arabic 2.3.91.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Mail Clients Inbox Senders Emails Extractor 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\MCE Tuner Extender 0.2.0.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Mini-XML 2.2.2.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\MMshall FLV MP4 Video Converter 1.6.0 build 302.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\MODPlug Player 1.46.01.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\MTop Web Button Menu Maker 3.2.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Multi Ping 1.02.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\My Info 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\NHL TOOLBAR 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Nod32.2.70.26.español+Fix+aRC-NodLogin.3.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Nod32.v2.12.2.Crk.Evilinc-Crackear.El.Nod-Funcionaç.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\North American Bears ScreenSaver 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Note Gadget 1.2.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\O&O Defrag Professional 11.1 Build 3362.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Omega Edit 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\PaintChips 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Partition Manager 9.0 Build 5753.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Passwords Max for Groups 5.47.5476.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\PC Diagnose 2.00.162.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\People.com.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Phex 3.2.6 Build 106.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\PostgreSQL PHP Generator 7.10.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Power DVD Player 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\PowerPoint Viewer OCX 3.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Pure Icon Pack.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\PureJPEG 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Red Banner 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Remote Helpdesk 6.5.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Retinal Diseases Simulator 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\RGB-2-HEX 1.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\RightBar 0.4.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\RouteWriter 2.4.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Secura Archiver 3.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\SendMsg 2.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Short Message Spider 1.31.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Soccer Frame 3.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\SoftCollection LED Line 1.16.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Softwin.BitDefender.Internet.Security.10.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\spamBat 1.0.179.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Sparkle SWF Optimizer 1.10.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Speed Tracks Eraser 1.60.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Spy Stalker 1.0.1.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Ssuite Personal Office 3.2.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Ston3d StandAlone Engine 1.6.0.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Symantec.AntiVirus.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\System Properties 1.60.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\TArtImg 1.00.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Task Minder 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\TaskRun 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Texas Pete Poker 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Tiny Menu 1.4.9.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Tourism Malaysia - Beach Screensaver.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Tubetrack 0.8.2.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Tulip Swirl Theme 1.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\UltraShareware Html To PDF 2.0.2008.401.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\UnlimitedFTP Professional 2.8.5.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ViVi PSP Converter 2.1.3.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\VivoStatic 3.0.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\WidgetDockMod 2.9b.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\Xilisoft AVI MPEG Converter 5.1.17.1027.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\XL-DBQuery Professional 1.0.4.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\YeahReader 2.4 Build 293.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\ZippyLock 2.1.0 Build 10000.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\[1] [0] Star Wars Imperial Ace J2me Nokia N92 N93 N73 E61 N71 E50 240x320 symbian s60 v3 os9.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\[APPZ]Panda.Platinum.Internet.Security.2007.11.00.ITA.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\[Full].kaspersky.antivirus.2006.beta.keys.zip
Deleted ! - C:\Users\user\AppData\Roaming\m\shared\].zip
Deleted ! - "C:\Users\user\AppData\Roaming\m\shared"
Deleted ! - "C:\Users\user\AppData\Roaming\m"
Deleted ! - "C:\Users\user\AppData\Roaming\drivers\srosa.sys"
Deleted ! - "C:\Users\user\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\user\AppData\Roaming\drivers"

»»»» Supression files in C:\Users\user\AppData\Local\Temp


»»»» Supression files in C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\1H3P26CF\file[1].txt

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\Local AppWizard-Generated Applications\UltimateZip 2007 3.2 With Crack
Deleted ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-4276822068-3127608572-3422181302-1000\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2

-> UAC is Enable

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\wintems.exe

Suspect ! - 51584f8933afd492af006c6ca546be7b C:\Program Files\TomTom HOME 2\HOMERunner.exe
Suspect ! - 51584f8933afd492af006c6ca546be7b C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\user\AppData\Roaming\Microsoft\Office\Fichiers récents\! Microsoft Office 2007 Crack-Serial-Keygen.lnk
C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen
C:\Users\user\Documents\Auto Keygenerators ( Mitchell BOSCH DAS WIS EPC ESI Autodata 2005 2006 Keygen + Software).htm
C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\! Microsoft Office 2007 Crack-Serial-Keygen.zip
C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\gestion[1]
C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK
C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\ace.1.1.1.1.exe
C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\Adutil.1.1.1.1.exe
C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe


---------------- ! End of report ! ------------------
0
Réponse 11 / 35
Utilisateur anonyme
14 janv. 2009 à 14:38
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:files
C:\Users\user\AppData\Roaming\Microsoft\Office\Fichiers récents\! Microsoft Office 2007 Crack-Serial-Keygen.lnk
C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen
C:\Users\user\Documents\Auto Keygenerators ( Mitchell BOSCH DAS WIS EPC ESI Autodata 2005 2006 Keygen + Software).htm
C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\! Microsoft Office 2007 Crack-Serial-Keygen.zip
C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\gestion[1]
C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK
C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\ace.1.1.1.1.exe
C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\Adutil.1.1.1.1.exe
C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]




---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 12 / 35
petilouis
14 janv. 2009 à 15:20
a========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Users\user\AppData\Roaming\Microsoft\Office\Fichiers récents\! Microsoft Office 2007 Crack-Serial-Keygen.lnk moved successfully.
C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen moved successfully.
C:\Users\user\Documents\Auto Keygenerators ( Mitchell BOSCH DAS WIS EPC ESI Autodata 2005 2006 Keygen + Software).htm moved successfully.
File/Folder C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\! Microsoft Office 2007 Crack-Serial-Keygen.zip not found.
File/Folder C:\Users\user\Documents\! Microsoft Office 2007 Crack-Serial-Keygen\gestion[1] not found.
C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK moved successfully.
File/Folder C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\ace.1.1.1.1.exe not found.
File/Folder C:\Users\user\Documents\AllData Auto Diagnostic 3.4\CRACK\Adutil.1.1.1.1.exe not found.
C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe moved successfully.
C:\Program Files\TomTom HOME 2\HOMERunner.exe moved successfully.
File/Folder C:\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01142009_151057

maintenant en bas j'a i(internet mode protégé:activé) mais je n'ai toujours pas le logo avast vers l'horloge est ce normal?
0
Réponse 13 / 35
Utilisateur anonyme
14 janv. 2009 à 15:37
oui :

Télécharge MalwareByte's :
http://www.malwarebytes.org/mbam.php ou ici :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe



* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
petilouis Messages postés 24 Date d'inscription mercredi 14 janvier 2009 Statut Membre Dernière intervention 4 février 2009
14 janv. 2009 à 15:59
avez vous recu le rapport
0
Réponse 14 / 35
petilouis Messages postés 24 Date d'inscription mercredi 14 janvier 2009 Statut Membre Dernière intervention 4 février 2009
14 janv. 2009 à 15:56
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1650
Windows 6.0.6001 Service Pack 1

14/01/2009 15:53:24
mbam-log-2009-01-14 (15-53-24).txt

Type de recherche: Examen rapide
Eléments examinés: 62302
Temps écoulé: 3 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Skins (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Software Licensors\Antispyware PRO XP (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
C:\ProgramData\Software Licensors\Antispyware PRO XP\BASE (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
C:\ProgramData\Software Licensors\Antispyware PRO XP\DELETED (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
C:\ProgramData\Software Licensors\Antispyware PRO XP\LOG (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
C:\ProgramData\Software Licensors\Antispyware PRO XP\SAVED (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\user\Local Settings\Application Data\hpnlyee_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\hpnlyee_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\hpnlyee.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\pkskokw_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\pkskokw_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\pkskokw.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\session.store (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\state.dht (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\unins000.dat (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Skins\Stylish.skf (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Software Licensors\Antispyware PRO XP\LOG\20080908225718084.log (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
C:\ProgramData\Software Licensors\Antispyware PRO XP\LOG\20080909091047413.log (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723223841310.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080724123038100.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080724125302901.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
0
Réponse 15 / 35
Utilisateur anonyme
14 janv. 2009 à 16:04
petites verifs :


tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

ensuite :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517

Télécharge maintenant Navilog1 depuis-ce lien :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis :

"Exécuter en tant qu'administrateur".

Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé a la racine du disque

Tuto : http://www.malekal.com/Adware.Magic_Control.php

0
Réponse 16 / 35
petilouis Messages postés 24 Date d'inscription mercredi 14 janvier 2009 Statut Membre Dernière intervention 4 février 2009
14 janv. 2009 à 19:27
il scan toujour et a chaque roaming j'ai ce message (utilitaire (QGREP) de recherche a cesser de fonctionner)
0
Réponse 17 / 35
Utilisateur anonyme
14 janv. 2009 à 19:49
redemarres, refais findykill option 2 et retente le post16

envoie tous les rapports commme demandé
0
Réponse 18 / 35
petilouis
14 janv. 2009 à 20:36
en voici un



----------------- FindyKill V4.711 ------------------

* User : user - PC-DE-USER
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 20:03:20 the 14/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\Installer\MSI19FA.tmp
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch


»»»» Supression files in C:\Windows\system32


»»»» Supression files in C:\Windows\system32\drivers


»»»» Supression files in C:\Users\user\AppData\Roaming


»»»» Supression files in C:\Users\user\AppData\Local\Temp


»»»» Supression files in C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\1H3P26CF\file[1].txt

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2

-> UAC is Enable

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------

Suspect ! - 51584f8933afd492af006c6ca546be7b C:\_OTMoveIt\MovedFiles\01142009_151057\Program Files\TomTom HOME 2\HOMERunner.exe
Suspect ! - 51584f8933afd492af006c6ca546be7b C:\_OTMoveIt\MovedFiles\01142009_151057\Users\user\Downloads\eMule\Incoming\UltimateZip 2007 3.2 With Crack.exe

--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------
0
Réponse 19 / 35
petilouis
14 janv. 2009 à 20:47
je ne peut toujour pas scanner j 'ai le méme message
0
Réponse 20 / 35
petilouis
14 janv. 2009 à 20:52
j'ai ceci si ca peut d'aider

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : user ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:225 Go (Free:121 Go)
D:\ (Local Disk) - NTFS - Total:7 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 14/01/2009|20:38 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[26/01/2008|18:29] C:\Users\user\AppData\Local\Adobe
[01/11/2008|20:31] C:\Users\user\AppData\Local\Apple
[01/11/2008|21:13] C:\Users\user\AppData\Local\Apple Computer
[20/11/2007|18:24] C:\Users\user\AppData\Local\Application Data
[25/12/2007|15:53] C:\Users\user\AppData\Local\Apps
[22/11/2007|16:43] C:\Users\user\AppData\Local\ATI
[01/11/2008|19:38] C:\Users\user\AppData\Local\d3d9caps.dat
[05/01/2009|13:59] C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[13/09/2008|19:57] C:\Users\user\AppData\Local\Downloaded Installations
[02/01/2008|15:07] C:\Users\user\AppData\Local\eMule(267)
[17/12/2008|15:01] C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
[17/12/2008|08:25] C:\Users\user\AppData\Local\Google
[22/11/2007|16:43] C:\Users\user\AppData\Local\Hewlett-Packard
[20/11/2007|18:24] C:\Users\user\AppData\Local\Historique
[24/03/2008|18:01] C:\Users\user\AppData\Local\HP
[23/12/2007|15:21] C:\Users\user\AppData\Local\HP Guide
[14/01/2009|19:55] C:\Users\user\AppData\Local\IconCache.db
[01/08/2008|20:19] C:\Users\user\AppData\Local\Microsoft
[08/07/2008|11:16] C:\Users\user\AppData\Local\Microsoft Games
[15/04/2008|19:21] C:\Users\user\AppData\Local\Microsoft Help
[26/07/2008|14:04] C:\Users\user\AppData\Local\MigWiz
[19/12/2008|13:02] C:\Users\user\AppData\Local\Mozilla
[04/05/2008|16:30] C:\Users\user\AppData\Local\PHOTOCITE Collection
[14/01/2009|20:37] C:\Users\user\AppData\Local\Temp
[20/11/2007|18:24] C:\Users\user\AppData\Local\Temporary Internet Files
[07/08/2008|21:10] C:\Users\user\AppData\Local\TomTom
[31/03/2008|21:09] C:\Users\user\AppData\Local\torrent_search
[23/12/2007|15:42] C:\Users\user\AppData\Local\VirtualStore
[29/12/2007|23:29] C:\Users\user\AppData\Local\WindowsUpdate

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[08/01/2009 08:22][--a------] C:\Windows\tasks\HPCeeScheduleForguillaume.job
[14/01/2009 20:35][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{C4524A21-C82B-4114-9A1F-5915D5513B44}.job
[14/01/2009 17:36][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{C82B5FD6-1CD9-40EB-86E0-016494637A45}.job
[12/01/2009 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Analyse système complète - user.job
[14/01/2009 20:03][--ah-----] C:\Windows\tasks\SA.DAT
[14/01/2009 20:02][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[13/07/2008|20:25] C:\ProgramData\Adobe
[23/12/2007|14:50] C:\ProgramData\Ahead
[02/11/2006|14:02] C:\ProgramData\Application Data
[03/09/2007|05:57] C:\ProgramData\ATI
[20/11/2007|18:20] C:\ProgramData\Bureau
[22/04/2008|13:05] C:\ProgramData\ConeXware
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[18/01/2008|07:31] C:\ProgramData\DVD X Studios
[12/01/2009|19:10] C:\ProgramData\eMule
[20/11/2007|18:20] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[22/12/2007|20:09] C:\ProgramData\Google
[22/11/2007|16:43] C:\ProgramData\Hewlett-Packard
[24/03/2008|18:06] C:\ProgramData\HP
[24/03/2008|18:06] C:\ProgramData\hpzinstall.log
[14/01/2009|15:41] C:\ProgramData\Malwarebytes
[20/11/2007|18:20] C:\ProgramData\Menu Démarrer
[17/12/2008|17:56] C:\ProgramData\Microsoft
[13/01/2009|20:26] C:\ProgramData\Microsoft Help
[20/11/2007|18:20] C:\ProgramData\Modèles
[03/09/2007|06:07] C:\ProgramData\muvee Technologies
[03/09/2007|06:13] C:\ProgramData\PC-Doctor
[01/08/2008|18:54] C:\ProgramData\Roxio
[08/09/2008|21:57] C:\ProgramData\services
[14/01/2009|15:53] C:\ProgramData\Software Licensors
[11/01/2009|20:44] C:\ProgramData\SolidDocuments
[03/09/2007|05:59] C:\ProgramData\Sonic
[02/11/2006|14:02] C:\ProgramData\Start Menu
[12/01/2008|17:28] C:\ProgramData\Symantec
[13/01/2009|20:56] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[31/08/2008|13:31] C:\ProgramData\TomTom
[16/02/2008|17:55] C:\ProgramData\Trymedia
[04/08/2008|20:37] C:\ProgramData\WildTangent
[22/04/2008|12:50] C:\ProgramData\WinZip
[25/03/2008|16:10] C:\ProgramData\WLInstaller
[07/02/2008|12:57] C:\ProgramData\Xerox
[30/12/2007|11:04] C:\ProgramData\Yahoo!
[22/04/2008|21:02] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[24/08/2008|20:49] C:\Program Files\Activision Value
[19/08/2008|10:03] C:\Program Files\Adobe
[13/01/2009|18:13] C:\Program Files\Alwil Software
[08/03/2008|20:17] C:\Program Files\ArcSoft
[03/09/2007|05:52] C:\Program Files\ATI
[03/09/2007|05:53] C:\Program Files\ATI Technologies
[31/03/2008|21:11] C:\Program Files\BitTorrent Fastest Tool
[13/09/2008|19:58] C:\Program Files\Canal
[13/01/2009|22:11] C:\Program Files\Common Files
[23/12/2007|09:59] C:\Program Files\directx
[25/12/2007|12:07] C:\Program Files\EA SPORTS
[12/01/2009|19:10] C:\Program Files\eMule
[05/05/2008|20:27] C:\Program Files\EPSON
[20/11/2007|18:20] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[14/01/2009|20:26] C:\Program Files\FindyKill
[23/12/2007|09:11] C:\Program Files\Google
[11/11/2008|20:19] C:\Program Files\GrandBilliards
[27/01/2008|15:21] C:\Program Files\Hewlett-Packard
[03/09/2007|06:09] C:\Program Files\HP
[04/08/2008|20:43] C:\Program Files\HP Games
[24/08/2008|13:41] C:\Program Files\Infogrames
[17/12/2008|13:52] C:\Program Files\InstallShield Installation Information
[17/12/2008|13:52] C:\Program Files\Internet Explorer
[08/01/2008|20:39] C:\Program Files\Java
[01/08/2008|19:34] C:\Program Files\K-Lite Codec Pack
[14/01/2009|15:41] C:\Program Files\Malwarebytes' Anti-Malware
[16/12/2008|22:30] C:\Program Files\Metin2_France
[17/12/2008|18:08] C:\Program Files\Microsoft
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[17/12/2008|08:29] C:\Program Files\Microsoft Office
[01/11/2008|20:13] C:\Program Files\Microsoft Silverlight
[13/01/2008|15:41] C:\Program Files\Microsoft SQL Server Compact Edition
[13/01/2009|20:17] C:\Program Files\Microsoft Visual Studio 8
[27/01/2008|08:54] C:\Program Files\Microsoft.NET
[23/03/2008|12:00] C:\Program Files\Movie Maker
[27/01/2008|08:56] C:\Program Files\MSBuild
[25/01/2008|21:09] C:\Program Files\MSECache
[16/12/2008|18:02] C:\Program Files\MSXML 4.0
[18/06/2008|20:22] C:\Program Files\Norton Internet Security
[29/12/2007|21:33] C:\Program Files\Orange
[04/05/2008|16:39] C:\Program Files\Panasonic
[30/07/2008|17:35] C:\Program Files\PC-Doctor 5 for Windows
[04/05/2008|16:50] C:\Program Files\PHOTOCITE Collection
[24/03/2008|16:55] C:\Program Files\Plug-Ins
[04/01/2008|21:17] C:\Program Files\Real
[17/12/2008|13:52] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[17/12/2008|14:13] C:\Program Files\Roxio
[01/01/2008|21:30] C:\Program Files\SAGEM
[03/09/2007|06:16] C:\Program Files\Services en ligne
[11/01/2009|20:45] C:\Program Files\SolidDocuments
[14/01/2009|15:10] C:\Program Files\TomTom HOME 2
[31/08/2008|14:53] C:\Program Files\Tomtomax Maxi-Box
[31/03/2008|21:09] C:\Program Files\torrent_search
[12/01/2009|21:33] C:\Program Files\UltimateZip 2007
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[19/11/2008|20:46] C:\Program Files\Unity
[29/01/2008|11:04] C:\Program Files\Wanadoo
[23/03/2008|12:00] C:\Program Files\Windows Calendar
[23/03/2008|12:00] C:\Program Files\Windows Collaboration
[23/03/2008|12:00] C:\Program Files\Windows Defender
[23/03/2008|12:00] C:\Program Files\Windows Journal
[17/12/2008|18:08] C:\Program Files\Windows Live
[17/12/2008|18:03] C:\Program Files\Windows Live SkyDrive
[13/01/2009|20:49] C:\Program Files\Windows Mail
[23/03/2008|12:00] C:\Program Files\Windows Media Player
[20/11/2007|18:20] C:\Program Files\Windows NT
[23/03/2008|12:00] C:\Program Files\Windows Photo Gallery
[23/03/2008|12:00] C:\Program Files\Windows Sidebar
[27/04/2008|19:19] C:\Program Files\WinRAR
[23/04/2008|12:51] C:\Program Files\WinZip
[23/02/2008|20:29] C:\Program Files\XnView
[22/04/2008|20:57] C:\Program Files\Yahoo!
[11/01/2008|22:31] C:\Program Files\ZGF_Fr

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[04/05/2008|13:56] C:\Program Files\Common Files\Adobe
[26/11/2008|20:46] C:\Program Files\Common Files\Adobe AIR
[23/12/2007|14:50] C:\Program Files\Common Files\Ahead
[08/03/2008|20:19] C:\Program Files\Common Files\ArcSoft
[25/06/2008|18:50] C:\Program Files\Common Files\Autodata Limited Shared
[27/01/2008|08:55] C:\Program Files\Common Files\DESIGNER
[29/12/2007|21:17] C:\Program Files\Common Files\France Telecom
[17/02/2008|18:12] C:\Program Files\Common Files\InstallShield
[03/09/2007|06:08] C:\Program Files\Common Files\Java
[03/09/2007|06:07] C:\Program Files\Common Files\LightScribe
[03/09/2007|06:07] C:\Program Files\Common Files\LS Getting Started
[17/12/2008|18:04] C:\Program Files\Common Files\microsoft shared
[01/01/2008|19:25] C:\Program Files\Common Files\muvee Technologies
[17/12/2008|13:52] C:\Program Files\Common Files\Nero
[27/04/2008|18:11] C:\Program Files\Common Files\PC SOFT
[17/12/2008|14:10] C:\Program Files\Common Files\PX Storage Engine
[17/12/2008|14:12] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[17/12/2008|14:10] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[17/12/2008|14:13] C:\Program Files\Common Files\SureThing Shared
[23/04/2008|11:40] C:\Program Files\Common Files\Symantec Shared
[23/03/2008|12:00] C:\Program Files\Common Files\System
[17/12/2008|17:56] C:\Program Files\Common Files\Windows Live
[30/12/2007|11:16] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 48 Processes )

iexplore.exe ~ [PID:2040]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
C:\Users\user\AppData\Roaming\MICROS~1\Windows\Cookies\user@advertising[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme
0

Discussions similaires

Prélèvement dri Avast software
Ml -
dadout -

2 réponses
message intempestifs d'avast : une menace a été détectée
ed62945077 -
Malekal_morte- -

3 réponses
arnaque par DRI AVAST
chlrd24 -
crooner76 -

8 réponses
DRI Avast software
Franoise -
Panth33ra -

20 réponses
arnaque de avast prelevement sans autorisation
petit -
Brijoue -

14 réponses