comment me débarrasser d'un virus ?

Question

Bonjour,
alors voilà j'ai attrapé un virus dont je ne connais pas le nom, cependant les symbtomes sont:
- changement répété du fond d'écran (il affiche un cadre gris avec marqué "ALERTE" et que mon PC est infecté par des "malware" et "spyware" et me conseillant vivement de prendre un anti-virus)
- icône supplémentaire dans ma barre de tâches affichant toutes les 5 minutes un "rapport de sécurité" (en cliquant dessus je tombe sur un site vendant un anti-virus "anti-virus XP pro")
- le changement de fond d'écran est accompagné d'une ouverture sur mon dossier "mes documents"

Voilà j'espère que vous pouvez m'aider (j'ai déjà essayé avast, spybot, C-cleaner, Ad-aware et rien y fait =/)
Cordialement

gen-hackman · Answer

bonjour :


Télécharger Smitfraudfix par S!RI :

http://siri.urz.free.fr/Fix/SmitfraudFix.php
  
Décompresser l'archive 
Exécuter le en double cliquant sur Smitfraudfix.cmd 
Appuyer sur une touche pour continuer 
Arriver à l'invite de commande, saisir la lettre L afin de basculer le fix en langue française 
Au menu, choisir l’option 4 puis 1 : Recherche 
Poster le rapport ainsi généré

Aikanaro · Answer

J'ai procédé à la manip' et voilà ce que ça me donne:

SmitFraudFix v2.395

Rapport fait à 19:53:42,45, 12/02/2009
Executé à partir de C:\Documents and Settings\Edward.GELCO\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est 
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svsccs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Edward.GELCO\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1	www.legal-at-spybot.info
127.0.0.1	legal-at-spybot.info
127.0.0.1	www.spywareinfo.com
127.0.0.1	spywareinfo.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\764.exe PRESENT !
C:\WINDOWS\7search.dll PRESENT !
C:\WINDOWS\aconti.exe PRESENT !
C:\WINDOWS\hotporn.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ESHOPEE.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Edward.GELCO


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\EDWARD~1.GEL\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Edward.GELCO\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\EDWARD~1.GEL\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Linksys Wireless-G PCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B8A7C322-DF1A-41FD-9399-294DD78992C7}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B8A7C322-DF1A-41FD-9399-294DD78992C7}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B8A7C322-DF1A-41FD-9399-294DD78992C7}: NameServer=212.27.53.252,212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

j'ai préféré tout copier/collé de peur de passer outre certaines infos importantes.

gen-hackman · Answer

c'est la chose a faire :)

Nettoyage : 
Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter. 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 

------------------------------------------------------------­---------------- 
Relance le programme Smitfraud, 
Cette fois choisit l’option 2, répond oui a tous ; 
Sauvegarde le rapport, 
Redémarre en mode normal, 
copie/colle le rapport sauvegardé sur le forum 

process.exe 
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Aikanaro · Answer

Bon je l'ai fait mais à première vu ca ne change srtictement rien ^^' enfin voilà le rapport:

SmitFraudFix v2.395

Rapport fait à 20:44:08,40, 12/02/2009
Executé à partir de C:\Documents and Settings\Edward.GELCO\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est 
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost
::1             localhost
luciolis2.servegame.com 80.239.180.113
luciolis2.servegame.com 91.121.124.125
luciolis2.servegame.com 91.121.106.15
luciolis2.servegame.com 91.121.69.136
127.0.0.1	.supercocklol.com
127.0.0.1	www..webloyalty.com
127.0.0.1	007guard.com
127.0.0.1	www.007guard.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\764.exe supprimé
C:\WINDOWS\7search.dll supprimé
C:\WINDOWS\aconti.exe supprimé
C:\WINDOWS\hotporn.exe supprimé
C:\WINDOWS\system32\ESHOPEE.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B8A7C322-DF1A-41FD-9399-294DD78992C7}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B8A7C322-DF1A-41FD-9399-294DD78992C7}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B8A7C322-DF1A-41FD-9399-294DD78992C7}: NameServer=212.27.53.252,212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Merci pour la vitesse des réponses =D

gen-hackman · Answer

Télécharges et installes le logiciel de diagnostic HijackThis : 

ici HijackThis 
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html 

ou renommé :

http://pagesperso-orange.fr/yo-sen/HJTNew.exe

1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation . 
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge . 
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : 
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " . 

tuto pour utilisation : 
Regardes ici, c'est parfaitement expliqué en images (merci balltrap34), 
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 
( Ne fixes encore AUCUNE ligne de ton plein gré, cela pourrait empêcher ton PC de fonctionner correctement ) 

2- !! Déconnectes toi et fermes toute tes applications en cours !! 

Cliques sur le raccourci du bureau pour lancer le prg : 
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile" 

--->copies-colles le rapport généré pour analyse

Aikanaro · Answer

Ok bon j'ai installé j'ai scan et voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:06, on 12/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svsccs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nl2plwrk] C:\WINDOWS\system32\svsccs.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [nl2plwrk] C:\WINDOWS\system32\svsccs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
ppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8A7C322-DF1A-41FD-9399-294DD78992C7}: NameServer = 212.27.53.252,212.27.54.252
O20 - Winlogon Notify: sha1hsh - sha1hsh.dl (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

gen-hackman · Answer

celles que tu dois fixer seront expliquées comment faire en temps voulu


tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

Aikanaro · Answer

Voilà c'est fait, voilà le scan:

   --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3700+ )
   BIOS : Award Modular BIOS v6.00PG
   USER : Edward ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1296 [VPS 081231-1] 4.8.1296 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total:78 Go (Free:16 Go)
   D:\ (Local Disk) - NTFS - Total:154 Go (Free:80 Go)
   E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 12/02/2009|22:01 )
 
   --------------------\  Listing des dossiers dans APPLIC~1
   [29/01/2008|15:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
   [29/01/2008|15:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [05/08/2006|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [08/07/2007|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [07/10/2007|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\live trans bird surf
   [25/08/2007|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [17/11/2006|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
   [16/09/2006|13:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [07/09/2006|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [16/09/2006|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Samsung
   [01/12/2006|16:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [22/12/2006|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [17/02/2007|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
   [28/04/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [22/10/2008|17:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
   [06/10/2007|20:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
   [22/10/2008|17:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
   [10/11/2007|18:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Azureus
   [10/02/2009|23:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\EmailNotifier
   [16/01/2009|17:00] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
   [15/02/2008|18:04] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Grisoft
   [05/12/2008|18:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Hewlett-Packard
   [06/12/2008|16:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\HP
   [05/12/2008|18:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\HP Product Assistant
   [12/02/2009|11:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
   [23/03/2008|18:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
   [24/08/2007|12:38] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\MSN6
   [25/08/2007|00:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime
   [26/03/2008|20:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Samsung
   [12/02/2009|19:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
   [27/12/2008|16:42] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Syncrosoft
   [05/12/2008|18:22] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WEBREG
   [24/09/2008|17:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage

   [05/08/2006|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [24/08/2007|11:03] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft


   [05/01/2008|13:01] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Adobe
   [22/10/2008|17:44] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Apple Computer
   [27/09/2008|23:35] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Azureus
   [05/04/2008|19:31] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\F4
   [18/10/2007|20:14] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Google
   [15/02/2008|18:04] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Grisoft
   [06/12/2008|16:05] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\HP
   [12/02/2009|20:39] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\HPAppData
   [24/08/2007|11:08] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Identities
   [13/12/2008|19:37] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\InstallShield
   [24/08/2007|17:37] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\InterTrust
   [25/08/2007|14:30] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Lavasoft
   [24/08/2007|14:50] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Macromedia
   [13/12/2008|19:39] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Megaupload
   [27/12/2008|16:43] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Microsoft
   [05/04/2008|19:42] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Mozilla
   [24/08/2007|12:38] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\MSN6
   [18/02/2008|12:19] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Real
   [26/12/2007|11:08] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Samsung
   [27/12/2008|16:47] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Steinberg
   [15/09/2007|22:20] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Sun
   [04/11/2008|22:36] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\U3


   [22/11/2006|14:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [24/08/2007|11:07] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft

   [05/08/2006|10:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [24/08/2007|11:07] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft

   [27/04/2007|18:25] C:\DOCUME~1\Pierre\APPLIC~1\CamTrack
   [13/09/2006|10:34] C:\DOCUME~1\Pierre\APPLIC~1\Graphisoft
   [08/08/2006|09:56] C:\DOCUME~1\Pierre\APPLIC~1\Identities
   [08/09/2006|09:55] C:\DOCUME~1\Pierre\APPLIC~1\Lavasoft
   [08/09/2006|08:57] C:\DOCUME~1\Pierre\APPLIC~1\Macromedia
   [10/05/2007|12:36] C:\DOCUME~1\Pierre\APPLIC~1\Microsoft
   [08/09/2006|08:55] C:\DOCUME~1\Pierre\APPLIC~1\Mozilla
   [08/09/2006|09:10] C:\DOCUME~1\Pierre\APPLIC~1\Real
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [10/02/2008 15:52][--a------] C:\WINDOWS	asks\Spybot - Search & Destroy -  Scheduled Task.job
   [31/01/2009 11:47][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [12/02/2009 20:49][--ah-----] C:\WINDOWS	asks\SA.DAT
   [28/08/2001 13:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [24/08/2007|17:32] C:\Program Files\7-Zip
   [02/08/2008|23:35] C:\Program Files\AC3Filter
   [24/08/2007|17:37] C:\Program Files\Adobe
   [05/08/2006|12:48] C:\Program Files\Alwil Software
   [05/08/2006|10:30] C:\Program Files\AMD
   [22/10/2008|17:41] C:\Program Files\Apple Software Update
   [07/09/2006|13:31] C:\Program Files\ArchiCAD 8
   [18/09/2006|17:04] C:\Program Files\ArchiCAD 8.1
   [24/08/2007|14:08] C:\Program Files\ASUS
   [26/08/2007|13:02] C:\Program Files\AvRack
   [30/07/2008|21:55] C:\Program Files\Azureus
   [12/02/2009|11:18] C:\Program Files\BeClean
   [19/11/2006|12:35] C:\Program Files\Bethesda Softworks
   [21/01/2008|21:08] C:\Program Files\BitDownload
   [26/08/2007|15:01] C:\Program Files\Blender Foundation
   [22/10/2008|17:43] C:\Program Files\Bonjour
   [23/04/2008|21:55] C:\Program Files\Boonty
   [23/04/2008|21:55] C:\Program Files\BoontyGames
   [07/09/2006|09:39] C:\Program Files\CCleaner
   [02/05/2007|09:40] C:\Program Files\CDBurnerXP Pro 3
   [13/08/2008|19:05] C:\Program Files\Common Files
   [05/08/2006|10:19] C:\Program Files\ComPlus Applications
   [26/08/2007|15:08] C:\Program Files\DigitalJesters
   [04/04/2007|20:11] C:\Program Files\DigitalPeers
   [01/12/2006|18:48] C:\Program Files\directx
   [13/12/2008|19:42] C:\Program Files\DivX
   [03/02/2009|17:51] C:\Program Files\Dofus
   [02/05/2007|14:12] C:\Program Files\EBP
   [07/02/2009|00:39] C:\Program Files\eMule
   [02/08/2008|14:23] C:\Program Files\Enigma Software Group
   [12/02/2009|11:25] C:\Program Files\Fichiers communs
   [02/05/2007|13:37] C:\Program Files\Free Easy Burner
   [24/08/2007|14:10] C:\Program Files\GameFace Messenger
   [16/01/2009|17:00] C:\Program Files\Google
   [15/02/2008|18:04] C:\Program Files\Grisoft
   [26/12/2007|11:53] C:\Program Files\GUILD WARS
   [11/07/2007|23:27] C:\Program Files\Guitar Pro 4
   [28/08/2007|00:28] C:\Program Files\Guitar Pro 5
   [05/12/2008|18:17] C:\Program Files\Hewlett-Packard
   [05/12/2008|18:21] C:\Program Files\HP
   [17/06/2007|17:40] C:\Program Files\ICQLite
   [17/07/2007|17:51] C:\Program Files\ICQToolbar
   [19/02/2007|10:38] C:\Program Files\Infogrames
   [13/12/2008|19:37] C:\Program Files\InstallShield Installation Information
   [11/12/2008|21:49] C:\Program Files\Internet Explorer
   [22/10/2008|17:43] C:\Program Files\iPod
   [22/10/2008|17:43] C:\Program Files\iTunes
   [24/08/2007|16:41] C:\Program Files\IZArc
   [15/09/2007|22:20] C:\Program Files\Java
   [26/12/2007|11:05] C:\Program Files\JoWooD
   [05/08/2006|15:08] C:\Program Files\Lavalys
   [12/02/2009|11:25] C:\Program Files\Lavasoft
   [24/08/2007|14:28] C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
   [01/12/2006|18:47] C:\Program Files\Logitech
   [24/03/2008|17:31] C:\Program Files\Mediaccurate
   [13/12/2008|19:37] C:\Program Files\Megaupload
   [10/02/2009|23:52] C:\Program Files\MegauploadToolbar
   [26/09/2008|23:40] C:\Program Files\Messenger
   [05/08/2006|10:21] C:\Program Files\microsoft frontpage
   [02/10/2007|13:15] C:\Program Files\Microsoft Office
   [05/08/2006|14:01] C:\Program Files\Microsoft Visual Studio
   [27/03/2007|22:13] C:\Program Files\Microsoft Works
   [05/08/2006|14:02] C:\Program Files\Microsoft.NET
   [25/08/2007|14:06] C:\Program Files\Movie Maker
   [12/02/2009|21:39] C:\Program Files\Mozilla Firefox
   [05/07/2007|21:06] C:\Program Files\Mozilla Thunderbird
   [30/04/2008|18:12] C:\Program Files\MSBuild
   [21/01/2008|19:04] C:\Program Files\MSConfig CleanUp
   [05/08/2006|10:19] C:\Program Files\MSN
   [05/08/2006|10:19] C:\Program Files\MSN Gaming Zone
   [25/08/2007|14:14] C:\Program Files\MSN Messenger
   [19/11/2006|21:21] C:\Program Files\MSXML 4.0
   [26/09/2008|23:40] C:\Program Files\MSXML 6.0
   [28/05/2007|16:09] C:\Program Files\Multi_Media_France
   [24/08/2007|14:06] C:\Program Files\My Company Name
   [25/08/2007|14:06] C:\Program Files\NetMeeting
   [05/04/2008|19:19] C:\Program Files\OpenAL
   [14/01/2009|17:29] C:\Program Files\Outlook Express
   [14/06/2007|21:47] C:\Program Files\POLL BONE SAFE
   [22/10/2008|17:42] C:\Program Files\QuickTime
   [08/09/2006|09:07] C:\Program Files\Real
   [26/08/2007|12:49] C:\Program Files\Realtek
   [26/08/2007|13:02] C:\Program Files\Realtek AC97
   [05/08/2006|10:32] C:\Program Files\Realtek Sound Manager
   [30/04/2008|18:08] C:\Program Files\Reference Assemblies
   [26/03/2008|20:09] C:\Program Files\Samsung
   [05/08/2006|10:19] C:\Program Files\Services en ligne
   [12/02/2009|19:32] C:\Program Files\Spybot - Search & Destroy
   [27/12/2008|16:43] C:\Program Files\Steinberg
   [11/02/2009|23:08] C:\Program Files\Sword of The New World
   [27/12/2008|16:42] C:\Program Files\Syncrosoft
   [12/02/2009|21:34] C:\Program Files\Trend Micro
   [22/02/2007|15:42] C:\Program Files\Tropico
   [16/09/2006|19:50] C:\Program Files\Uninstall Information
   [10/07/2007|10:26] C:\Program Files\Warcraft III
   [07/09/2006|13:24] C:\Program Files\WIBUKEY
   [07/09/2006|10:15] C:\Program Files\WIBU-SYSTEMS
   [20/05/2007|09:24] C:\Program Files\Winamp
   [17/02/2007|20:44] C:\Program Files\Windows Live Favorites
   [10/02/2009|17:08] C:\Program Files\Windows Live Safety Center
   [17/02/2007|20:44] C:\Program Files\Windows Live Toolbar
   [22/04/2007|19:58] C:\Program Files\Windows Media Connect 2
   [14/01/2009|17:30] C:\Program Files\Windows Media Player
   [25/08/2007|14:06] C:\Program Files\Windows NT
   [05/08/2006|10:19] C:\Program Files\WindowsUpdate
   [02/07/2007|11:12] C:\Program Files\WinRAR
   [20/09/2008|13:47] C:\Program Files\World Of Warcraft
   [13/06/2008|22:05] C:\Program Files\WowCartographe
   [05/08/2006|10:21] C:\Program Files\xerox
   [30/04/2007|14:20] C:\Program Files\Zylom Games

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [24/08/2007|17:37] C:\Program Files\Fichiers communs\Adobe
   [22/10/2008|17:42] C:\Program Files\Fichiers communs\Apple
   [07/05/2008|22:13] C:\Program Files\Fichiers communs\Blizzard Entertainment
   [05/08/2006|14:01] C:\Program Files\Fichiers communs\DESIGNER
   [01/12/2006|18:47] C:\Program Files\Fichiers communs\FotoWire
   [05/12/2008|18:17] C:\Program Files\Fichiers communs\Hewlett-Packard
   [05/12/2008|18:17] C:\Program Files\Fichiers communs\HP
   [16/09/2006|19:42] C:\Program Files\Fichiers communs\InstallShield
   [15/09/2007|22:19] C:\Program Files\Fichiers communs\Java
   [01/12/2006|18:47] C:\Program Files\Fichiers communs\Logitech
   [02/04/2008|15:10] C:\Program Files\Fichiers communs\Microsoft Shared
   [05/08/2006|10:19] C:\Program Files\Fichiers communs\MSSoap
   [05/08/2006|17:09] C:\Program Files\Fichiers communs\ODBC
   [18/02/2008|12:16] C:\Program Files\Fichiers communs\Real
   [05/08/2006|10:20] C:\Program Files\Fichiers communs\Services
   [05/08/2006|17:09] C:\Program Files\Fichiers communs\SpeechEngines
   [02/11/2008|18:06] C:\Program Files\Fichiers communs\Symantec Shared
   [14/01/2009|17:29] C:\Program Files\Fichiers communs\System
   [12/02/2009|11:25] C:\Program Files\Fichiers communs\Wise Installation Wizard
   [08/09/2006|09:07] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 50 Processes )

   iexplore.exe ~ [PID:2872]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\Program Files\BitDownload
   C:\Program Files\BitDownload\BitDownload.TRC
   C:\Program Files\BitDownload\BitDownload_1.TRC
   C:\Program Files\BitDownload\settings.ini
   C:\Program Files\BitDownload\settings.stp
   C:\Program Files\BitDownload\SkinCrafterDll.dll
   C:\Program Files\BitDownload\Skins
   C:\Program Files\BitDownload\Support
   C:\Program Files\BitDownload\unins000.dat
   C:\Program Files\BitDownload\unins000.exe
   C:\Program Files\BitDownload\ZM
   C:\Program Files\Multi_Media_France
   C:\Program Files\Multi_Media_France\INSTALL.LOG
   C:\Program Files\Multi_Media_France\LanguagePack.xml
   C:\Program Files\Multi_Media_France\LocalSettings.txt
   C:\Program Files\Multi_Media_France\RadioPlayer
   C:\Program Files\Multi_Media_France	bMul0.dll
   C:\Program Files\Multi_Media_France	bMul1.dll
   C:\Program Files\Multi_Media_France	bMult.dll
   C:\Program Files\Multi_Media_France\ThirdPartyComponents.xml
   C:\Program Files\Multi_Media_France	oolbar.cfg
   C:\Program Files\Multi_Media_France\UNWISE.EXE
   C:\Program Files\Multi_Media_France\UNWISE.INI
   C:\Program Files\Multi_Media_France\update.xml
   C:\Program Files\Multi_Media_France
   C:\Program Files\Multi_Media_France\INSTALL.LOG
   C:\Program Files\Multi_Media_France\LanguagePack.xml
   C:\Program Files\Multi_Media_France\LocalSettings.txt
   C:\Program Files\Multi_Media_France\RadioPlayer
   C:\Program Files\Multi_Media_France	bMul0.dll
   C:\Program Files\Multi_Media_France	bMul1.dll
   C:\Program Files\Multi_Media_France	bMult.dll
   C:\Program Files\Multi_Media_France\ThirdPartyComponents.xml
   C:\Program Files\Multi_Media_France	oolbar.cfg
   C:\Program Files\Multi_Media_France\UNWISE.EXE
   C:\Program Files\Multi_Media_France\UNWISE.INI
   C:\Program Files\Multi_Media_France\update.xml
   C:\DOCUME~1\EDWARD~1.GEL\Cookies\edward@advertising[2].txt
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-02-12 22:02:16
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   disk error: C:\WINDOWS\System32\
   please note that you need administrator rights to perform deep scan
 
   --------------------\  Recherche d'autres infections

   C:\WINDOWS\system32\wybeg.ini
   C:\WINDOWS\system32\wybeg.ini2
   [b]==> VUNDO <==/b
 
   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Guitar Pro Tabs - My Songbook\F\Faith No More - Crack Hitler.gp3
   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Guitar Pro Tabs - My Songbook\L\Limp Bizkit - Crack Addict.gp4
   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Guitar Pro Tabs - My Songbook\P\Pixies - Crackity Jones.gp3
   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Icons non utilis‚es\class‚ par alphabet\f\Faith No More\Faith No More - Crack Hitler.gp3
   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Icons non utilis‚es\class‚ par alphabet\l\Limp Bizkit\Limp Bizkit - Crack Addict.gp4
   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Icons non utilis‚es\class‚ par alphabet\p\Pixies\Pixies - Crackity Jones.gp3


   [F:9][D:3]-> C:\DOCUME~1\EDWARD~1.GEL\LOCALS~1\Temp
   [F:34][D:0]-> C:\DOCUME~1\EDWARD~1.GEL\Cookies
   [F:190][D:4]-> C:\DOCUME~1\EDWARD~1.GEL\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 12/02/2009|22:03 - Option : [1]

   --------------------\  Fin du rapport a 22:03:40

et maintenant ?

gen-hackman · Answer

Suppression + Hosts


double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option "Suppression + Hosts"
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

Aikanaro · Answer

C'est fait, voilà le scan:


   --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3700+ )
   BIOS : Award Modular BIOS v6.00PG
   USER : Edward ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1296 [VPS 081231-1] 4.8.1296 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total:78 Go (Free:16 Go)
   D:\ (Local Disk) - NTFS - Total:154 Go (Free:80 Go)
   E:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [2] ( 12/02/2009|22:15 )


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\Program Files\BitDownload\BitDownload.TRC
   Supprime! - C:\Program Files\BitDownload\BitDownload_1.TRC
   Supprime! - C:\Program Files\BitDownload\settings.ini
   Supprime! - C:\Program Files\BitDownload\settings.stp
   Supprime! - C:\Program Files\BitDownload\SkinCrafterDll.dll
   Supprime! - C:\Program Files\BitDownload\Skins
   Supprime! - C:\Program Files\BitDownload\Support
   Supprime! - C:\Program Files\BitDownload\unins000.dat
   Supprime! - C:\Program Files\BitDownload\unins000.exe
   Supprime! - C:\Program Files\BitDownload\ZM
   Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG
   Supprime! - C:\Program Files\Multi_Media_France\LanguagePack.xml
   Supprime! - C:\Program Files\Multi_Media_France\LocalSettings.txt
   Supprime! - C:\Program Files\Multi_Media_France\RadioPlayer
   Supprime! - C:\Program Files\Multi_Media_France	bMul0.dll
   Supprime! - C:\Program Files\Multi_Media_France	bMul1.dll
   Supprime! - C:\Program Files\Multi_Media_France	bMult.dll
   Supprime! - C:\Program Files\Multi_Media_France\ThirdPartyComponents.xml
   Supprime! - C:\Program Files\Multi_Media_France	oolbar.cfg
   Supprime! - C:\Program Files\Multi_Media_France\UNWISE.EXE
   Supprime! - C:\Program Files\Multi_Media_France\UNWISE.INI
   Supprime! - C:\Program Files\Multi_Media_France\update.xml
   Supprime! - C:\DOCUME~1\EDWARD~1.GEL\Cookies\edward@advertising[2].txt
   Supprime! - C:\Program Files\BitDownload
   Supprime! - C:\Program Files\Multi_Media_France
   -
   [ Fichier Hosts ] .. Restaure!
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1

   [29/01/2008|15:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
   [29/01/2008|15:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [05/08/2006|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [08/07/2007|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [07/10/2007|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\live trans bird surf
   [25/08/2007|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [17/11/2006|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
   [16/09/2006|13:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [07/09/2006|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [16/09/2006|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Samsung
   [01/12/2006|16:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [22/12/2006|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [17/02/2007|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
   [28/04/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [22/10/2008|17:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
   [06/10/2007|20:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
   [22/10/2008|17:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
   [10/11/2007|18:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Azureus
   [10/02/2009|23:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\EmailNotifier
   [16/01/2009|17:00] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
   [15/02/2008|18:04] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Grisoft
   [05/12/2008|18:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Hewlett-Packard
   [06/12/2008|16:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\HP
   [05/12/2008|18:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\HP Product Assistant
   [12/02/2009|11:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
   [23/03/2008|18:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
   [24/08/2007|12:38] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\MSN6
   [25/08/2007|00:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime
   [26/03/2008|20:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Samsung
   [12/02/2009|19:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
   [27/12/2008|16:42] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Syncrosoft
   [05/12/2008|18:22] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WEBREG
   [24/09/2008|17:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage

   [05/08/2006|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [24/08/2007|11:03] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft


   [05/01/2008|13:01] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Adobe
   [22/10/2008|17:44] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Apple Computer
   [27/09/2008|23:35] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Azureus
   [05/04/2008|19:31] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\F4
   [18/10/2007|20:14] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Google
   [15/02/2008|18:04] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Grisoft
   [06/12/2008|16:05] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\HP
   [12/02/2009|21:59] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\HPAppData
   [24/08/2007|11:08] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Identities
   [13/12/2008|19:37] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\InstallShield
   [24/08/2007|17:37] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\InterTrust
   [25/08/2007|14:30] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Lavasoft
   [24/08/2007|14:50] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Macromedia
   [13/12/2008|19:39] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Megaupload
   [27/12/2008|16:43] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Microsoft
   [05/04/2008|19:42] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Mozilla
   [24/08/2007|12:38] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\MSN6
   [18/02/2008|12:19] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Real
   [26/12/2007|11:08] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Samsung
   [27/12/2008|16:47] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Steinberg
   [15/09/2007|22:20] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\Sun
   [04/11/2008|22:36] C:\DOCUME~1\EDWARD~1.GEL\APPLIC~1\U3


   [22/11/2006|14:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [24/08/2007|11:07] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft

   [05/08/2006|10:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [24/08/2007|11:07] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft

   [27/04/2007|18:25] C:\DOCUME~1\Pierre\APPLIC~1\CamTrack
   [13/09/2006|10:34] C:\DOCUME~1\Pierre\APPLIC~1\Graphisoft
   [08/08/2006|09:56] C:\DOCUME~1\Pierre\APPLIC~1\Identities
   [08/09/2006|09:55] C:\DOCUME~1\Pierre\APPLIC~1\Lavasoft
   [08/09/2006|08:57] C:\DOCUME~1\Pierre\APPLIC~1\Macromedia
   [10/05/2007|12:36] C:\DOCUME~1\Pierre\APPLIC~1\Microsoft
   [08/09/2006|08:55] C:\DOCUME~1\Pierre\APPLIC~1\Mozilla
   [08/09/2006|09:10] C:\DOCUME~1\Pierre\APPLIC~1\Real
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [10/02/2008 15:52][--a------] C:\WINDOWS	asks\Spybot - Search & Destroy -  Scheduled Task.job
   [31/01/2009 11:47][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [12/02/2009 20:49][--ah-----] C:\WINDOWS	asks\SA.DAT
   [28/08/2001 13:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [24/08/2007|17:32] C:\Program Files\7-Zip
   [02/08/2008|23:35] C:\Program Files\AC3Filter
   [24/08/2007|17:37] C:\Program Files\Adobe
   [05/08/2006|12:48] C:\Program Files\Alwil Software
   [05/08/2006|10:30] C:\Program Files\AMD
   [22/10/2008|17:41] C:\Program Files\Apple Software Update
   [07/09/2006|13:31] C:\Program Files\ArchiCAD 8
   [18/09/2006|17:04] C:\Program Files\ArchiCAD 8.1
   [24/08/2007|14:08] C:\Program Files\ASUS
   [26/08/2007|13:02] C:\Program Files\AvRack
   [30/07/2008|21:55] C:\Program Files\Azureus
   [12/02/2009|11:18] C:\Program Files\BeClean
   [19/11/2006|12:35] C:\Program Files\Bethesda Softworks
   [26/08/2007|15:01] C:\Program Files\Blender Foundation
   [22/10/2008|17:43] C:\Program Files\Bonjour
   [23/04/2008|21:55] C:\Program Files\Boonty
   [23/04/2008|21:55] C:\Program Files\BoontyGames
   [07/09/2006|09:39] C:\Program Files\CCleaner
   [02/05/2007|09:40] C:\Program Files\CDBurnerXP Pro 3
   [13/08/2008|19:05] C:\Program Files\Common Files
   [05/08/2006|10:19] C:\Program Files\ComPlus Applications
   [26/08/2007|15:08] C:\Program Files\DigitalJesters
   [04/04/2007|20:11] C:\Program Files\DigitalPeers
   [01/12/2006|18:48] C:\Program Files\directx
   [13/12/2008|19:42] C:\Program Files\DivX
   [03/02/2009|17:51] C:\Program Files\Dofus
   [02/05/2007|14:12] C:\Program Files\EBP
   [07/02/2009|00:39] C:\Program Files\eMule
   [02/08/2008|14:23] C:\Program Files\Enigma Software Group
   [12/02/2009|11:25] C:\Program Files\Fichiers communs
   [02/05/2007|13:37] C:\Program Files\Free Easy Burner
   [24/08/2007|14:10] C:\Program Files\GameFace Messenger
   [16/01/2009|17:00] C:\Program Files\Google
   [15/02/2008|18:04] C:\Program Files\Grisoft
   [26/12/2007|11:53] C:\Program Files\GUILD WARS
   [11/07/2007|23:27] C:\Program Files\Guitar Pro 4
   [28/08/2007|00:28] C:\Program Files\Guitar Pro 5
   [05/12/2008|18:17] C:\Program Files\Hewlett-Packard
   [05/12/2008|18:21] C:\Program Files\HP
   [17/06/2007|17:40] C:\Program Files\ICQLite
   [17/07/2007|17:51] C:\Program Files\ICQToolbar
   [19/02/2007|10:38] C:\Program Files\Infogrames
   [13/12/2008|19:37] C:\Program Files\InstallShield Installation Information
   [11/12/2008|21:49] C:\Program Files\Internet Explorer
   [22/10/2008|17:43] C:\Program Files\iPod
   [22/10/2008|17:43] C:\Program Files\iTunes
   [24/08/2007|16:41] C:\Program Files\IZArc
   [15/09/2007|22:20] C:\Program Files\Java
   [26/12/2007|11:05] C:\Program Files\JoWooD
   [05/08/2006|15:08] C:\Program Files\Lavalys
   [12/02/2009|11:25] C:\Program Files\Lavasoft
   [24/08/2007|14:28] C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
   [01/12/2006|18:47] C:\Program Files\Logitech
   [24/03/2008|17:31] C:\Program Files\Mediaccurate
   [13/12/2008|19:37] C:\Program Files\Megaupload
   [10/02/2009|23:52] C:\Program Files\MegauploadToolbar
   [26/09/2008|23:40] C:\Program Files\Messenger
   [05/08/2006|10:21] C:\Program Files\microsoft frontpage
   [02/10/2007|13:15] C:\Program Files\Microsoft Office
   [05/08/2006|14:01] C:\Program Files\Microsoft Visual Studio
   [27/03/2007|22:13] C:\Program Files\Microsoft Works
   [05/08/2006|14:02] C:\Program Files\Microsoft.NET
   [25/08/2007|14:06] C:\Program Files\Movie Maker
   [12/02/2009|21:39] C:\Program Files\Mozilla Firefox
   [05/07/2007|21:06] C:\Program Files\Mozilla Thunderbird
   [30/04/2008|18:12] C:\Program Files\MSBuild
   [21/01/2008|19:04] C:\Program Files\MSConfig CleanUp
   [05/08/2006|10:19] C:\Program Files\MSN
   [05/08/2006|10:19] C:\Program Files\MSN Gaming Zone
   [25/08/2007|14:14] C:\Program Files\MSN Messenger
   [19/11/2006|21:21] C:\Program Files\MSXML 4.0
   [26/09/2008|23:40] C:\Program Files\MSXML 6.0
   [24/08/2007|14:06] C:\Program Files\My Company Name
   [25/08/2007|14:06] C:\Program Files\NetMeeting
   [05/04/2008|19:19] C:\Program Files\OpenAL
   [14/01/2009|17:29] C:\Program Files\Outlook Express
   [14/06/2007|21:47] C:\Program Files\POLL BONE SAFE
   [22/10/2008|17:42] C:\Program Files\QuickTime
   [08/09/2006|09:07] C:\Program Files\Real
   [26/08/2007|12:49] C:\Program Files\Realtek
   [26/08/2007|13:02] C:\Program Files\Realtek AC97
   [05/08/2006|10:32] C:\Program Files\Realtek Sound Manager
   [30/04/2008|18:08] C:\Program Files\Reference Assemblies
   [26/03/2008|20:09] C:\Program Files\Samsung
   [05/08/2006|10:19] C:\Program Files\Services en ligne
   [12/02/2009|19:32] C:\Program Files\Spybot - Search & Destroy
   [27/12/2008|16:43] C:\Program Files\Steinberg
   [11/02/2009|23:08] C:\Program Files\Sword of The New World
   [27/12/2008|16:42] C:\Program Files\Syncrosoft
   [12/02/2009|21:34] C:\Program Files\Trend Micro
   [22/02/2007|15:42] C:\Program Files\Tropico
   [16/09/2006|19:50] C:\Program Files\Uninstall Information
   [10/07/2007|10:26] C:\Program Files\Warcraft III
   [07/09/2006|13:24] C:\Program Files\WIBUKEY
   [07/09/2006|10:15] C:\Program Files\WIBU-SYSTEMS
   [20/05/2007|09:24] C:\Program Files\Winamp
   [17/02/2007|20:44] C:\Program Files\Windows Live Favorites
   [10/02/2009|17:08] C:\Program Files\Windows Live Safety Center
   [17/02/2007|20:44] C:\Program Files\Windows Live Toolbar
   [22/04/2007|19:58] C:\Program Files\Windows Media Connect 2
   [14/01/2009|17:30] C:\Program Files\Windows Media Player
   [25/08/2007|14:06] C:\Program Files\Windows NT
   [05/08/2006|10:19] C:\Program Files\WindowsUpdate
   [02/07/2007|11:12] C:\Program Files\WinRAR
   [20/09/2008|13:47] C:\Program Files\World Of Warcraft
   [13/06/2008|22:05] C:\Program Files\WowCartographe
   [05/08/2006|10:21] C:\Program Files\xerox
   [30/04/2007|14:20] C:\Program Files\Zylom Games

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [24/08/2007|17:37] C:\Program Files\Fichiers communs\Adobe
   [22/10/2008|17:42] C:\Program Files\Fichiers communs\Apple
   [07/05/2008|22:13] C:\Program Files\Fichiers communs\Blizzard Entertainment
   [05/08/2006|14:01] C:\Program Files\Fichiers communs\DESIGNER
   [01/12/2006|18:47] C:\Program Files\Fichiers communs\FotoWire
   [05/12/2008|18:17] C:\Program Files\Fichiers communs\Hewlett-Packard
   [05/12/2008|18:17] C:\Program Files\Fichiers communs\HP
   [16/09/2006|19:42] C:\Program Files\Fichiers communs\InstallShield
   [15/09/2007|22:19] C:\Program Files\Fichiers communs\Java
   [01/12/2006|18:47] C:\Program Files\Fichiers communs\Logitech
   [02/04/2008|15:10] C:\Program Files\Fichiers communs\Microsoft Shared
   [05/08/2006|10:19] C:\Program Files\Fichiers communs\MSSoap
   [05/08/2006|17:09] C:\Program Files\Fichiers communs\ODBC
   [18/02/2008|12:16] C:\Program Files\Fichiers communs\Real
   [05/08/2006|10:20] C:\Program Files\Fichiers communs\Services
   [05/08/2006|17:09] C:\Program Files\Fichiers communs\SpeechEngines
   [02/11/2008|18:06] C:\Program Files\Fichiers communs\Symantec Shared
   [14/01/2009|17:29] C:\Program Files\Fichiers communs\System
   [12/02/2009|11:25] C:\Program Files\Fichiers communs\Wise Installation Wizard
   [08/09/2006|09:07] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 49 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-02-12 22:17:20
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   disk error: C:\WINDOWS\System32\
   please note that you need administrator rights to perform deep scan
 
   --------------------\  Recherche d'autres infections

   C:\WINDOWS\system32\wybeg.ini
   C:\WINDOWS\system32\wybeg.ini2
   [b]==> VUNDO <==/b
 
   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Guitar Pro Tabs - My Songbook\F\Faith No More - Crack Hitler.gp3
   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Guitar Pro Tabs - My Songbook\L\Limp Bizkit - Crack Addict.gp4
   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Guitar Pro Tabs - My Songbook\P\Pixies - Crackity Jones.gp3
   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Icons non utilis‚es\class‚ par alphabet\f\Faith No More\Faith No More - Crack Hitler.gp3
   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Icons non utilis‚es\class‚ par alphabet\l\Limp Bizkit\Limp Bizkit - Crack Addict.gp4
   C:\DOCUME~1\EDWARD~1.GEL\Bureau\Icons non utilis‚es\class‚ par alphabet\p\Pixies\Pixies - Crackity Jones.gp3


   [F:10][D:4]-> C:\DOCUME~1\EDWARD~1.GEL\LOCALS~1\Temp
   [F:33][D:0]-> C:\DOCUME~1\EDWARD~1.GEL\Cookies
   [F:202][D:4]-> C:\DOCUME~1\EDWARD~1.GEL\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 12/02/2009|22:03 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 12/02/2009|22:18 - Option : [2]

   --------------------\  Fin du rapport a 22:18:08

gen-hackman · Answer

Télécharges http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours

? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
? Double clique sur l'icône Ad-removersituée sur ton bureau
? Au menu principal choisi l'option "Recherche"
? Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antiv

Aikanaro · Answer

Voilà le scan:


------- LOGFILE OF AD-REMOVER 1.1.1.1 | ONLY XP/VISTA -------

Updated by C_XX on 12/02/2009 at 19:00

Start at: 23:44:54 | Jeu 12/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™  Service Pack 2 (version 5.1.2600)
Computer Name: GELCO
User(s):
- Edward - Current User - Administrator
- Pierre - Not Current User
Drive(s): 
- C:\  (File System: NTFS)
- D:\  (File System: NTFS)
- E:\  (File System: UDF)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 53

+--------------------| Boonty/Boonty Games Elements Found:

.
HKCU\Software\Boonty
.
C:\Program Files\Boonty
C:\Program Files\Boonty\Components
C:\Program Files\BoontyGames

+--------------------| Eorezo Elements Found:

.

+--------------------| Infected Poker Softwares Elements Found:

.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+--------------------| It's TV Elements Found:

.

+--------------------| Sweetim Elements Found:

.

+--------------------| Added Scan:

---- Mozilla FireFox Version 2.0.0.20 ----

ProfilePath: 16hb0v1j.default
.
Prefs.js: Browser.Search.DefaultEngineName:  "Yahoo"
Prefs.js: Browser.Search.SelectedEngine:  "Google"
Prefs.js: Browser.Search.DefaultUrl:  "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-854245398-1425521274-682003330-1003\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.google.com/ie
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp:\Documents and Settings\Edward.GELCO\Application Data\MEGAUPLOADTOOLBAR	abwelcome.html

+---------------------------------------------------------------------------+

[~2768 Bytes] - "C:\Ad-Report-Scan-12.02.2009.log"
-

End at: 23:45:45 | 12/02/2009
.
+--------------------| E.O.F - 66 Lines
.

que dois-je faire maintenant ?

gen-hackman · Answer

/!\ Déconnecte-toi et ferme toutes applications en cours /!\ 


 Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B. 

Choisis A

Puis choisis S, le programme va travailler. 

Poste le rapport qui apparaît à la fin. 

(Le rapport est sauvegardé aussi sous C:\Ad-report.log) 

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)

Aikanaro · Answer

Voilà c'est fait, le rapport:


------- LOGFILE OF AD-REMOVER 1.1.1.1 | ONLY XP/VISTA -------

Updated by C_XX on 12/02/2009 at 19:00

*** LIMITED TO ***

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim

******************

Start at: 11:48:53 | Ven 13/02/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™  Service Pack 2 (version 5.1.2600)
Computer Name: GELCO
User(s):
- Edward - Current User - Administrator
- Pierre - Not Current User
Drive(s): 
- C:\  (File System: NTFS)
- D:\  (File System: NTFS)
- E:\  (File System: UDF)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 53

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

.
HKCU\Software\Boonty
.
C:\Program Files\Boonty
C:\Program Files\BoontyGames

+--------------------| Eorezo Elements Deleted :

.

+--------------------| Infected Poker Softwares Elements Deleted :

.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
.

+--------------------| It's TV Elements Deleted :

.

+--------------------| Sweetim Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| Added Scan :

---- Mozilla FireFox Version 2.0.0.20 ----

ProfilePath: 16hb0v1j.default
.
Prefs.js: Browser.Search.DefaultEngineName:  "Yahoo"
Prefs.js: Browser.Search.SelectedEngine:  "Google"
Prefs.js: Browser.Search.DefaultUrl:  "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-854245398-1425521274-682003330-1003\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~3136 Bytes] - "C:\Ad-Report-Clean-13.02.2009.log"
[~2903 Bytes] - "C:\Ad-Report-Scan-12.02.2009.log"
-
C:\Program Files\Ad-remover\TOOLS\BACKUP\13.02.2009 - Prefs.js

End at: 11:51:54 | 13/02/2009
.
+--------------------| E.O.F - 79 Lines
.

gen-hackman · Answer

salut :

Télécharge MalwareByte's :
http://www.malwarebytes.org/mbam.php  ou ici :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Complet" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

Aikanaro · Answer

Voilà le rapport:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1761
Windows 5.1.2600 Service Pack 2

14/02/2009 13:27:10
mbam-log-2009-02-14 (13-27-10).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 320591
Temps écoulé: 1 hour(s), 13 minute(s), 18 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 32
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
C:\WINDOWS\system32\svsccs.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{ffffffff-f538-4f86-abaf-e9d94d5c007c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffffffff-f538-4f86-abaf-e9d94d5c007c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{029e02f0-a0e5-4b19-b958-7bf2db29fb13} (Adware.AdGoblin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695bc-a811-4a9d-8cdf-ba8c795f261e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a4a435cf-3583-11d4-91bd-0048546a1450} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2680e10-1655-4a0e-87f8-4259325a84b7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9306072-417e-43e3-81d5-369490beef7c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (Adware.AdBreak) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} (Adware.AdBlaster) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51641ef3-8a7a-4d84-8659-b0911e947cc8} (Adware.AdBlaster) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9147a0a-a866-4214-b47c-da821891240f} (Adware.AdBlaster) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54645654-2225-4455-44a1-9f4543d34546} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0} (Adware.Aconti) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06dfedaa-6196-11d5-bfc8-00508b4a487d} (Adware.7Search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3} (Adware.7Search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c4ca6559-2cf1-48b6-96b2-8340a06fd129} (Adware.AdBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca1d1b05-9c66-11d5-a009-000103c1e50b} (Adware.4Arcade) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d8efadf1-9009-11d6-8c73-608c5dc19089} (Adware.AccessPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f10587e9-0e47-4cbe-abcd-7dd20b8622ff} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53c330d6-a4ab-419b-b45d-fd4411c1fef4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bb936323-19fa-4521-ba29-eca6a121bc78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000012-890e-4aac-afd9-eff6954a34dd} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffffffff-f538-4f86-abaf-e9d94d5c007c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
l2plwrk (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
l2plwrk (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.0.370.0 (Adware.Zango) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\svsccs.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
tdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaenkltibw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekalqgknskl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekamxkpqmup.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaqoiqnpvx.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekauocwxotm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekarsqtjxdl.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Apparemment ça à supprimer le virus puisque mon fond d'écran ne se change plus et il n'y a plus d'icône de "rapport de sécurité" =D qu'est-ce que vous en pensez ? en tous cas merci beaucoup pour les progrès que ça donne =)

gen-hackman · Answer

bonjour :

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau. 

-> http://images.malwareremoval.com/random/RSIT.exe 

! Déconnecte toi et ferme toutes tes applications en cours ! 

Double-clique sur " RSIT.exe " pour le lancer . 

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " . 

* Devant l'option "List files/folders created ..." , tu choisis : 2 months 

* clique ensuite sur " Continue " pour lancer l'analyse ... 


-> laisse faire le scan et ne touche pas au PC ... 


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note). 

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ... 

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum 


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

Comment me débarrasser d'un virus ?

17 réponses

Votre réponse

Discussions similaires

Newsletters