Problême avec avast
Résolu/Fermé
Reggie94
Messages postés
6
Date d'inscription
jeudi 26 mars 2009
Statut
Membre
Dernière intervention
26 mars 2009
-
26 mars 2009 à 09:35
Ced_King Messages postés 3511 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 - 26 mars 2009 à 13:17
Ced_King Messages postés 3511 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 - 26 mars 2009 à 13:17
A voir également:
- Problême avec avast
- Telecharger avast - Télécharger - Antivirus & Antimalwares
- Dri avast software - Forum Consommation et internet
- Url blacklist avast - Forum Virus / Sécurité
- Avast driver updater avis - Forum antivirus
- Mail avast 499 euros - Forum Virus / Sécurité
12 réponses
peugeot406
Messages postés
33
Date d'inscription
samedi 14 mars 2009
Statut
Membre
Dernière intervention
3 mai 2009
26 mars 2009 à 10:11
26 mars 2009 à 10:11
bjr,déinstalle,réinstalle.
Ced_King
Messages postés
3511
Date d'inscription
lundi 2 mars 2009
Statut
Contributeur
Dernière intervention
10 octobre 2016
664
26 mars 2009 à 10:11
26 mars 2009 à 10:11
Salut,
Telecharge et installe ccleaner : https://filehippo.com/download_ccleaner/
- Durant l'installation, n'installe pas la barre d'outils yahoo et decoche la case " ajouter l'option des mises à jour"
- Une fois installé, fermes toutes les applications en cours et lance ccleaner
- clic >> options >> avancé et decoches " effacer les fichiers etc... plus vieux que 48h
- Selectionne " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme...
------------------------------
------------------------
Télécharges FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistres le sur ton bureau et pas ailleurs !
!! Déconnectes toi et fermes toute applications en cours !!
-> double-Cliques sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
-->double cliques sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...
Une fois terminé, postes le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
---------------------
Telecharge et installe ccleaner : https://filehippo.com/download_ccleaner/
- Durant l'installation, n'installe pas la barre d'outils yahoo et decoche la case " ajouter l'option des mises à jour"
- Une fois installé, fermes toutes les applications en cours et lance ccleaner
- clic >> options >> avancé et decoches " effacer les fichiers etc... plus vieux que 48h
- Selectionne " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme...
------------------------------
------------------------
Télécharges FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistres le sur ton bureau et pas ailleurs !
!! Déconnectes toi et fermes toute applications en cours !!
-> double-Cliques sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
-->double cliques sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...
Une fois terminé, postes le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
---------------------
Reggie94
Messages postés
6
Date d'inscription
jeudi 26 mars 2009
Statut
Membre
Dernière intervention
26 mars 2009
26 mars 2009 à 11:17
26 mars 2009 à 11:17
Merci à vous d'avoir répondu si vite. Peugeuot 406, j'ai déjà essayé, mais rien n'y change.
Voici le rapport affiché :
############################## [ FindyKill V4.720 ]
# User : romain (Administrateurs) # SPEEDY
# Update on 22/03/09 by Chiquitine29
# Start at: 11:13:07 | 2009-03-26
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Athlon(tm) XP 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149.05 Go (90.49 Go free) # NTFS
# D:\ # Disque CD-ROM # 355.5 Mo (0 Mo free) [AMERICA_0] # CDFS
# E:\ # Disque CD-ROM # 6.03 Go (0 Mo free) [Crysis] # CDFS
# F:\ # Disque fixe local # 9.53 Go (7.4 Go free) [sauvegarde] # NTFS
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Fichiers / Dossiers infectieux C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\system32 ]
Found ! - C:\WINDOWS\system32\mdelk.exe
Found ! - C:\WINDOWS\system32\wintems.exe
Found ! - C:\WINDOWS\system32\ban_list.txt
################## [ C:\WINDOWS\system32\drivers ]
Found ! - "C:\WINDOWS\system32\drivers\down"
################## [ C:\.. Application Data ... ]
Found ! - "C:\Documents and Settings\romain\Application Data\m\flec006.exe"
Found ! - "C:\Documents and Settings\romain\Application Data\m\list.oct"
Found ! - "C:\Documents and Settings\romain\Application Data\m\data.oct"
Found ! - "C:\Documents and Settings\romain\Application Data\m\srvlist.oct"
Found ! - "C:\Documents and Settings\romain\Application Data\m\shared"
Found ! - "C:\Documents and Settings\romain\Application Data\m"
Found ! - "C:\Documents and Settings\romain\Application Data\drivers"
Found ! - "C:\Documents and Settings\romain\Application Data\drivers\srosa2.sys"
Found ! - "C:\Documents and Settings\romain\Application Data\drivers\wfsintwq.sys"
Found ! - "C:\Documents and Settings\romain\Application Data\drivers\winupgro.exe"
Found ! - "C:\Documents and Settings\romain\Application Data\drivers\downld"
################## [ Registre / Clés infectieuses ]
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Ubisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
# Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
################## [ Recherche dans supports amovibles]
# Contenu de l'autorun : D:\autorun.inf
[autorun]
open = autorun.exe
icon = setup\america.ico
# Contenu de l'autorun : E:\autorun.inf
[autorun]
open=AutoRunCD.exe
icon=AutoRunCD.exe, 0
# Presence des fichiers :
Found ! [2000-07-24 13:11][-r-------] - D:\autorun.inf
Found ! [2007-07-19 15:53][-r-------] - E:\autorun.inf
################## [ Registre / Mountpoint2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.720 ! ]
Voici le rapport affiché :
############################## [ FindyKill V4.720 ]
# User : romain (Administrateurs) # SPEEDY
# Update on 22/03/09 by Chiquitine29
# Start at: 11:13:07 | 2009-03-26
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Athlon(tm) XP 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149.05 Go (90.49 Go free) # NTFS
# D:\ # Disque CD-ROM # 355.5 Mo (0 Mo free) [AMERICA_0] # CDFS
# E:\ # Disque CD-ROM # 6.03 Go (0 Mo free) [Crysis] # CDFS
# F:\ # Disque fixe local # 9.53 Go (7.4 Go free) [sauvegarde] # NTFS
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Fichiers / Dossiers infectieux C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\system32 ]
Found ! - C:\WINDOWS\system32\mdelk.exe
Found ! - C:\WINDOWS\system32\wintems.exe
Found ! - C:\WINDOWS\system32\ban_list.txt
################## [ C:\WINDOWS\system32\drivers ]
Found ! - "C:\WINDOWS\system32\drivers\down"
################## [ C:\.. Application Data ... ]
Found ! - "C:\Documents and Settings\romain\Application Data\m\flec006.exe"
Found ! - "C:\Documents and Settings\romain\Application Data\m\list.oct"
Found ! - "C:\Documents and Settings\romain\Application Data\m\data.oct"
Found ! - "C:\Documents and Settings\romain\Application Data\m\srvlist.oct"
Found ! - "C:\Documents and Settings\romain\Application Data\m\shared"
Found ! - "C:\Documents and Settings\romain\Application Data\m"
Found ! - "C:\Documents and Settings\romain\Application Data\drivers"
Found ! - "C:\Documents and Settings\romain\Application Data\drivers\srosa2.sys"
Found ! - "C:\Documents and Settings\romain\Application Data\drivers\wfsintwq.sys"
Found ! - "C:\Documents and Settings\romain\Application Data\drivers\winupgro.exe"
Found ! - "C:\Documents and Settings\romain\Application Data\drivers\downld"
################## [ Registre / Clés infectieuses ]
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Ubisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
# Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
################## [ Recherche dans supports amovibles]
# Contenu de l'autorun : D:\autorun.inf
[autorun]
open = autorun.exe
icon = setup\america.ico
# Contenu de l'autorun : E:\autorun.inf
[autorun]
open=AutoRunCD.exe
icon=AutoRunCD.exe, 0
# Presence des fichiers :
Found ! [2000-07-24 13:11][-r-------] - D:\autorun.inf
Found ! [2007-07-19 15:53][-r-------] - E:\autorun.inf
################## [ Registre / Mountpoint2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.720 ! ]
Ced_King
Messages postés
3511
Date d'inscription
lundi 2 mars 2009
Statut
Contributeur
Dernière intervention
10 octobre 2016
664
26 mars 2009 à 11:22
26 mars 2009 à 11:22
Re,
- Il s'agit tout simplement de Bagle, Cette cochonnerie s'attrape en telechargeant des cracks et keygens..
- Je te conseille donc de tous les supprimer, si tu ne veux pas etre reinfecté aussitot.
- Ensuite,
- Deconnectes toi du net et fermes toutes les applications en cours
- Branches tes disques amovibles ( clé usb, disque dur externe, ipod etc..) sans les ouvrir
- Lances Findykill et choisis l'option2
- il y aura 2 redemarrages, laisses l'outil travailler
- a la fin, un rapport c:\findykill.txt est généré, postes son contenu
/!\si ton bureau ne reapparait pas, presse Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Onglet "Processus" > Fichier (menu) > Nouvelle tâche (Exécuter...) > tape explorer et clique sur OK.
-----------------
Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe
- Fermes toutes les applications en cours et double clic sur RSIT.exe
- Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license
- Une fois l'analyse terminée, 2 rapports.txt s'ouvrent, log.txt à l'écran et info.txt dans la barre des taches
- Postes le contenu des 2 rapports
.
- Il s'agit tout simplement de Bagle, Cette cochonnerie s'attrape en telechargeant des cracks et keygens..
- Je te conseille donc de tous les supprimer, si tu ne veux pas etre reinfecté aussitot.
- Ensuite,
- Deconnectes toi du net et fermes toutes les applications en cours
- Branches tes disques amovibles ( clé usb, disque dur externe, ipod etc..) sans les ouvrir
- Lances Findykill et choisis l'option2
- il y aura 2 redemarrages, laisses l'outil travailler
- a la fin, un rapport c:\findykill.txt est généré, postes son contenu
/!\si ton bureau ne reapparait pas, presse Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Onglet "Processus" > Fichier (menu) > Nouvelle tâche (Exécuter...) > tape explorer et clique sur OK.
-----------------
Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe
- Fermes toutes les applications en cours et double clic sur RSIT.exe
- Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license
- Une fois l'analyse terminée, 2 rapports.txt s'ouvrent, log.txt à l'écran et info.txt dans la barre des taches
- Postes le contenu des 2 rapports
.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Reggie94
Messages postés
6
Date d'inscription
jeudi 26 mars 2009
Statut
Membre
Dernière intervention
26 mars 2009
26 mars 2009 à 11:42
26 mars 2009 à 11:42
Merci de tes réponses Ced_King
Voici le rapport fait avec Findykill :
############################## [ FindyKill V4.720 ]
# User : romain (Administrateurs) # SPEEDY
# Update on 22/03/09 by Chiquitine29
# Start at: 11:30:21 | 2009-03-26
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Athlon(tm) XP 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149.05 Go (90.45 Go free) # NTFS
# D:\ # Disque CD-ROM # 355.5 Mo (0 Mo free) [AMERICA_0] # CDFS
# E:\ # Disque CD-ROM # 6.03 Go (0 Mo free) [Crysis] # CDFS
# F:\ # Disque fixe local # 9.53 Go (7.36 Go free) [sauvegarde] # NTFS
# H:\ # Disque amovible # 966.81 Mo (1.52 Mo free) # FAT
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Infected Files / Folders C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\system32 ]
Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
################## [ C:\WINDOWS\system32\drivers ]
Deleted ! - "C:\WINDOWS\system32\drivers\down"
################## [ C:\.. Application Data ... ]
Deleted ! - "C:\Documents and Settings\romain\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\romain\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\romain\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\romain\Application Data\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\romain\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\romain\Application Data\m"
Deleted ! - "C:\Documents and Settings\romain\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\romain\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\romain\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\romain\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\romain\Application Data\drivers"
################## [ Registry / Infected keys ]
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\MuleAppData
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Ubisoft
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Cleaning Removable drives ]
# Deleting files :
Not deleted !! - D:\autorun.inf
Not deleted !! - E:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Documents and Settings\romain\Application Data\drivers\winupgro.exe
CRC32 .. : f3cba7e5
MD5 .... : e6a85566aa0ce09e7ebff92034ea972a
Deleted ! : C:\Program Files\MessengerPlus! 3\MsgPlus.exe
# Taille : 872448 # MD5 : E6A85566AA0CE09E7EBFF92034EA972A
################## [ PEH Corrupted ]
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashEnhcd.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\copyx64.exe
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\MSN\MSNCoreFiles\update.exe
################## [ ! End of Report # FindyKill V4.720 ! ]
Le rapport log.txt :
Logfile of random's system information tool 1.06 (written by random/random)
Run by romain at 2009-03-26 11:38:45
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 93 GB (61%) free of 153 GB
Total RAM: 1023 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38, on 2009-03-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\romain\Mes documents\RSIT.exe
C:\Program Files\trend micro\romain.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Voici le rapport fait avec Findykill :
############################## [ FindyKill V4.720 ]
# User : romain (Administrateurs) # SPEEDY
# Update on 22/03/09 by Chiquitine29
# Start at: 11:30:21 | 2009-03-26
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Athlon(tm) XP 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149.05 Go (90.45 Go free) # NTFS
# D:\ # Disque CD-ROM # 355.5 Mo (0 Mo free) [AMERICA_0] # CDFS
# E:\ # Disque CD-ROM # 6.03 Go (0 Mo free) [Crysis] # CDFS
# F:\ # Disque fixe local # 9.53 Go (7.36 Go free) [sauvegarde] # NTFS
# H:\ # Disque amovible # 966.81 Mo (1.52 Mo free) # FAT
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Infected Files / Folders C:\ ]
################## [ C:\WINDOWS ]
################## [ C:\WINDOWS\system32 ]
Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
################## [ C:\WINDOWS\system32\drivers ]
Deleted ! - "C:\WINDOWS\system32\drivers\down"
################## [ C:\.. Application Data ... ]
Deleted ! - "C:\Documents and Settings\romain\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\romain\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\romain\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\romain\Application Data\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\romain\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\romain\Application Data\m"
Deleted ! - "C:\Documents and Settings\romain\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\romain\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\romain\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\romain\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\romain\Application Data\drivers"
################## [ Registry / Infected keys ]
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\MuleAppData
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Ubisoft
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-1580436667-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Cleaning Removable drives ]
# Deleting files :
Not deleted !! - D:\autorun.inf
Not deleted !! - E:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Documents and Settings\romain\Application Data\drivers\winupgro.exe
CRC32 .. : f3cba7e5
MD5 .... : e6a85566aa0ce09e7ebff92034ea972a
Deleted ! : C:\Program Files\MessengerPlus! 3\MsgPlus.exe
# Taille : 872448 # MD5 : E6A85566AA0CE09E7EBFF92034EA972A
################## [ PEH Corrupted ]
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashEnhcd.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\copyx64.exe
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\MSN\MSNCoreFiles\update.exe
################## [ ! End of Report # FindyKill V4.720 ! ]
Le rapport log.txt :
Logfile of random's system information tool 1.06 (written by random/random)
Run by romain at 2009-03-26 11:38:45
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 93 GB (61%) free of 153 GB
Total RAM: 1023 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38, on 2009-03-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\romain\Mes documents\RSIT.exe
C:\Program Files\trend micro\romain.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)
O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)
O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU)
O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU)
O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Ced_King
Messages postés
3511
Date d'inscription
lundi 2 mars 2009
Statut
Contributeur
Dernière intervention
10 octobre 2016
664
26 mars 2009 à 12:02
26 mars 2009 à 12:02
Re,
- Je vois que tu as utilisé Combofix, il s'agit d'un outil qui peut s'averer dangeureux si il est mal utilisé :
-Clique sur Démarrer puis Exécuter. Tapes combofix /u dans la zone de saisie puis OK.
- Puis va à la racine du disque dur et supprimes ceci : c/qobox
----------------------------------
- Telecharges LopSD et enregistres le sur ton bureau:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
- Desactives la garde de ton antivirus et antispyware
- Clic droit sur l'icone de ton bureau pour lancer l'install
- Une fois installé, fermes toutes les applications en cours
- Clic droit sur lopsd.exe et choisis la langue puis valides par "Entrée "
- Au menu, choisis l'option1 et patientes jusqu'à la fin du scan
- Un rapport sera généré, postes son contenu
-----------------------------
- Je vois que tu as utilisé Combofix, il s'agit d'un outil qui peut s'averer dangeureux si il est mal utilisé :
-Clique sur Démarrer puis Exécuter. Tapes combofix /u dans la zone de saisie puis OK.
- Puis va à la racine du disque dur et supprimes ceci : c/qobox
----------------------------------
- Telecharges LopSD et enregistres le sur ton bureau:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
- Desactives la garde de ton antivirus et antispyware
- Clic droit sur l'icone de ton bureau pour lancer l'install
- Une fois installé, fermes toutes les applications en cours
- Clic droit sur lopsd.exe et choisis la langue puis valides par "Entrée "
- Au menu, choisis l'option1 et patientes jusqu'à la fin du scan
- Un rapport sera généré, postes son contenu
-----------------------------
Reggie94
Messages postés
6
Date d'inscription
jeudi 26 mars 2009
Statut
Membre
Dernière intervention
26 mars 2009
26 mars 2009 à 12:09
26 mars 2009 à 12:09
Voici le rapport généré :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : romain ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:90 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:6 Go (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:9 Go (Free:7 Go)
H:\ (USB) - FAT - Total:966 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-03-26|12:08 )
--------------------\\ Listing des dossiers dans APPLIC~1
[2009-01-29|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009-01-21|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\235B
[2009-02-18|13:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2009-01-29|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2009-01-29|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2009-02-07|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2009-02-03|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KONAMI
[2008-12-22|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lionhead Studios
[2008-12-21|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[2009-03-18|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-12-23|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-12-21|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-12-21|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-12-21|14:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-12-21|14:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2009-03-14|18:44] C:\DOCUME~1\romain\APPLIC~1\Adobe
[2009-01-29|15:31] C:\DOCUME~1\romain\APPLIC~1\Apple Computer
[2008-12-21|14:27] C:\DOCUME~1\romain\APPLIC~1\ATI
[2009-01-08|19:15] C:\DOCUME~1\romain\APPLIC~1\Copernic
[2008-12-22|16:41] C:\DOCUME~1\romain\APPLIC~1\Google
[2008-12-21|14:12] C:\DOCUME~1\romain\APPLIC~1\Identities
[2009-01-25|11:53] C:\DOCUME~1\romain\APPLIC~1\InstallShield
[2008-12-22|17:08] C:\DOCUME~1\romain\APPLIC~1\Lionhead Studios
[2008-12-21|20:23] C:\DOCUME~1\romain\APPLIC~1\Macromedia
[2008-12-21|19:44] C:\DOCUME~1\romain\APPLIC~1\Media Player Classic
[2009-03-05|13:02] C:\DOCUME~1\romain\APPLIC~1\Microsoft
[2008-12-21|19:47] C:\DOCUME~1\romain\APPLIC~1\vlc
[2009-03-17|15:36] C:\DOCUME~1\romain\APPLIC~1\Vso
[2009-02-12|19:40] C:\DOCUME~1\romain\APPLIC~1\WinRAR
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[2009-03-26 11:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2002-08-30 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[2009-02-18|13:44] C:\Program Files\Adobe
[2009-03-24|11:52] C:\Program Files\Alwil Software
[2009-01-29|15:30] C:\Program Files\Apple Software Update
[2008-12-21|14:24] C:\Program Files\ATI Technologies
[2009-01-29|15:30] C:\Program Files\Bonjour
[2009-03-26|11:07] C:\Program Files\CCleaner
[2008-12-21|14:07] C:\Program Files\ComPlus Applications
[2009-01-08|19:15] C:\Program Files\Copernic Agent
[2008-12-21|14:45] C:\Program Files\Creative
[2008-12-21|19:35] C:\Program Files\Druide
[2009-01-03|18:02] C:\Program Files\EA SPORTS
[2008-12-26|11:26] C:\Program Files\Electronic Arts
[2009-03-24|10:19] C:\Program Files\eMule
[2009-03-18|09:15] C:\Program Files\Fichiers communs
[2009-03-26|11:34] C:\Program Files\FindyKill
[2009-02-21|11:37] C:\Program Files\GameShadow
[2008-12-26|11:44] C:\Program Files\GameSpy
[2009-02-07|19:57] C:\Program Files\Google
[2009-03-12|14:48] C:\Program Files\icons
[2009-02-24|14:52] C:\Program Files\InstallShield Installation Information
[2009-03-12|14:48] C:\Program Files\instructions
[2008-12-23|14:28] C:\Program Files\Internet Explorer
[2009-01-29|15:31] C:\Program Files\iPod
[2009-01-29|15:31] C:\Program Files\iTunes
[2008-12-24|23:48] C:\Program Files\JDHalfrack Enterprises
[2008-12-21|19:43] C:\Program Files\K-Lite Codec Pack
[2009-02-03|17:58] C:\Program Files\KONAMI
[2008-12-22|16:54] C:\Program Files\Lionhead Studios Ltd
[2008-12-21|19:26] C:\Program Files\Logitech
[2008-12-21|23:07] C:\Program Files\LucasArts
[2008-12-24|23:46] C:\Program Files\MaddenAmp
[2008-12-23|14:22] C:\Program Files\Messenger
[2009-03-26|11:33] C:\Program Files\MessengerPlus! 3
[2009-03-06|14:17] C:\Program Files\Micro Application
[2008-12-21|14:09] C:\Program Files\microsoft frontpage
[2009-01-03|00:34] C:\Program Files\Microsoft LifeCam
[2008-12-23|14:08] C:\Program Files\Movie Maker
[2008-12-26|13:52] C:\Program Files\MSBuild
[2008-12-21|14:06] C:\Program Files\MSN
[2008-12-21|14:06] C:\Program Files\MSN Gaming Zone
[2008-12-23|14:07] C:\Program Files\NetMeeting
[2008-12-23|14:07] C:\Program Files\Outlook Express
[2009-03-14|19:35] C:\Program Files\OzWolf Inc
[2008-12-27|23:06] C:\Program Files\PhotoFiltre
[2009-01-29|15:30] C:\Program Files\QuickTime
[2008-12-26|13:51] C:\Program Files\Reference Assemblies
[2009-01-25|11:54] C:\Program Files\SEGA
[2008-12-21|14:06] C:\Program Files\Services en ligne
[2009-01-29|18:17] C:\Program Files\Steinberg
[2009-03-26|11:38] C:\Program Files\trend micro
[2009-01-11|02:30] C:\Program Files\TVAnts
[2009-02-24|14:52] C:\Program Files\Ubisoft
[2008-12-21|14:12] C:\Program Files\Uninstall Information
[2009-02-12|15:42] C:\Program Files\Valve
[2008-12-21|19:47] C:\Program Files\VideoLAN
[2008-12-24|00:17] C:\Program Files\VSO
[2008-12-21|20:19] C:\Program Files\Windows Installer 4.5 SDK
[2008-12-21|20:22] C:\Program Files\Windows Live
[2009-01-03|00:28] C:\Program Files\Windows Media Player
[2008-12-23|14:07] C:\Program Files\Windows NT
[2008-12-21|17:40] C:\Program Files\WindowsUpdate
[2009-02-12|19:39] C:\Program Files\WinRAR
[2008-12-21|14:09] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[2009-02-18|13:44] C:\Program Files\Fichiers communs\Adobe
[2009-01-29|15:31] C:\Program Files\Fichiers communs\Apple
[2009-01-08|19:14] C:\Program Files\Fichiers communs\Copernic
[2008-12-21|22:38] C:\Program Files\Fichiers communs\DirectX
[2008-12-21|23:06] C:\Program Files\Fichiers communs\InstallShield
[2008-12-21|19:16] C:\Program Files\Fichiers communs\Logishrd
[2008-12-21|19:26] C:\Program Files\Fichiers communs\Logitech
[2009-02-21|11:33] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-12-21|14:07] C:\Program Files\Fichiers communs\MSSoap
[2008-12-21|14:02] C:\Program Files\Fichiers communs\ODBC
[2008-12-21|14:07] C:\Program Files\Fichiers communs\Services
[2008-12-21|14:01] C:\Program Files\Fichiers communs\SpeechEngines
[2008-12-23|14:07] C:\Program Files\Fichiers communs\System
[2009-03-18|09:15] C:\Program Files\Fichiers communs\Windows Live
[2008-12-21|20:21] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 34 Processes )
iexplore.exe ~ [PID:600]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\romain\Cookies\romain@advertising[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 12:08:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 30
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:6][D:4]-> C:\DOCUME~1\romain\LOCALS~1\Temp
[F:37][D:0]-> C:\DOCUME~1\romain\Cookies
[F:562][D:6]-> C:\DOCUME~1\romain\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 2009-03-26|12:09 - Option : [1]
--------------------\\ Fin du rapport a 12:09:23
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : romain ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:90 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:6 Go (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:9 Go (Free:7 Go)
H:\ (USB) - FAT - Total:966 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-03-26|12:08 )
--------------------\\ Listing des dossiers dans APPLIC~1
[2009-01-29|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009-01-21|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\235B
[2009-02-18|13:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2009-01-29|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2009-01-29|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2009-02-07|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2009-02-03|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KONAMI
[2008-12-22|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lionhead Studios
[2008-12-21|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[2009-03-18|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-12-23|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-12-21|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-12-21|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-12-21|14:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-12-21|14:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2009-03-14|18:44] C:\DOCUME~1\romain\APPLIC~1\Adobe
[2009-01-29|15:31] C:\DOCUME~1\romain\APPLIC~1\Apple Computer
[2008-12-21|14:27] C:\DOCUME~1\romain\APPLIC~1\ATI
[2009-01-08|19:15] C:\DOCUME~1\romain\APPLIC~1\Copernic
[2008-12-22|16:41] C:\DOCUME~1\romain\APPLIC~1\Google
[2008-12-21|14:12] C:\DOCUME~1\romain\APPLIC~1\Identities
[2009-01-25|11:53] C:\DOCUME~1\romain\APPLIC~1\InstallShield
[2008-12-22|17:08] C:\DOCUME~1\romain\APPLIC~1\Lionhead Studios
[2008-12-21|20:23] C:\DOCUME~1\romain\APPLIC~1\Macromedia
[2008-12-21|19:44] C:\DOCUME~1\romain\APPLIC~1\Media Player Classic
[2009-03-05|13:02] C:\DOCUME~1\romain\APPLIC~1\Microsoft
[2008-12-21|19:47] C:\DOCUME~1\romain\APPLIC~1\vlc
[2009-03-17|15:36] C:\DOCUME~1\romain\APPLIC~1\Vso
[2009-02-12|19:40] C:\DOCUME~1\romain\APPLIC~1\WinRAR
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[2009-03-26 11:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2002-08-30 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[2009-02-18|13:44] C:\Program Files\Adobe
[2009-03-24|11:52] C:\Program Files\Alwil Software
[2009-01-29|15:30] C:\Program Files\Apple Software Update
[2008-12-21|14:24] C:\Program Files\ATI Technologies
[2009-01-29|15:30] C:\Program Files\Bonjour
[2009-03-26|11:07] C:\Program Files\CCleaner
[2008-12-21|14:07] C:\Program Files\ComPlus Applications
[2009-01-08|19:15] C:\Program Files\Copernic Agent
[2008-12-21|14:45] C:\Program Files\Creative
[2008-12-21|19:35] C:\Program Files\Druide
[2009-01-03|18:02] C:\Program Files\EA SPORTS
[2008-12-26|11:26] C:\Program Files\Electronic Arts
[2009-03-24|10:19] C:\Program Files\eMule
[2009-03-18|09:15] C:\Program Files\Fichiers communs
[2009-03-26|11:34] C:\Program Files\FindyKill
[2009-02-21|11:37] C:\Program Files\GameShadow
[2008-12-26|11:44] C:\Program Files\GameSpy
[2009-02-07|19:57] C:\Program Files\Google
[2009-03-12|14:48] C:\Program Files\icons
[2009-02-24|14:52] C:\Program Files\InstallShield Installation Information
[2009-03-12|14:48] C:\Program Files\instructions
[2008-12-23|14:28] C:\Program Files\Internet Explorer
[2009-01-29|15:31] C:\Program Files\iPod
[2009-01-29|15:31] C:\Program Files\iTunes
[2008-12-24|23:48] C:\Program Files\JDHalfrack Enterprises
[2008-12-21|19:43] C:\Program Files\K-Lite Codec Pack
[2009-02-03|17:58] C:\Program Files\KONAMI
[2008-12-22|16:54] C:\Program Files\Lionhead Studios Ltd
[2008-12-21|19:26] C:\Program Files\Logitech
[2008-12-21|23:07] C:\Program Files\LucasArts
[2008-12-24|23:46] C:\Program Files\MaddenAmp
[2008-12-23|14:22] C:\Program Files\Messenger
[2009-03-26|11:33] C:\Program Files\MessengerPlus! 3
[2009-03-06|14:17] C:\Program Files\Micro Application
[2008-12-21|14:09] C:\Program Files\microsoft frontpage
[2009-01-03|00:34] C:\Program Files\Microsoft LifeCam
[2008-12-23|14:08] C:\Program Files\Movie Maker
[2008-12-26|13:52] C:\Program Files\MSBuild
[2008-12-21|14:06] C:\Program Files\MSN
[2008-12-21|14:06] C:\Program Files\MSN Gaming Zone
[2008-12-23|14:07] C:\Program Files\NetMeeting
[2008-12-23|14:07] C:\Program Files\Outlook Express
[2009-03-14|19:35] C:\Program Files\OzWolf Inc
[2008-12-27|23:06] C:\Program Files\PhotoFiltre
[2009-01-29|15:30] C:\Program Files\QuickTime
[2008-12-26|13:51] C:\Program Files\Reference Assemblies
[2009-01-25|11:54] C:\Program Files\SEGA
[2008-12-21|14:06] C:\Program Files\Services en ligne
[2009-01-29|18:17] C:\Program Files\Steinberg
[2009-03-26|11:38] C:\Program Files\trend micro
[2009-01-11|02:30] C:\Program Files\TVAnts
[2009-02-24|14:52] C:\Program Files\Ubisoft
[2008-12-21|14:12] C:\Program Files\Uninstall Information
[2009-02-12|15:42] C:\Program Files\Valve
[2008-12-21|19:47] C:\Program Files\VideoLAN
[2008-12-24|00:17] C:\Program Files\VSO
[2008-12-21|20:19] C:\Program Files\Windows Installer 4.5 SDK
[2008-12-21|20:22] C:\Program Files\Windows Live
[2009-01-03|00:28] C:\Program Files\Windows Media Player
[2008-12-23|14:07] C:\Program Files\Windows NT
[2008-12-21|17:40] C:\Program Files\WindowsUpdate
[2009-02-12|19:39] C:\Program Files\WinRAR
[2008-12-21|14:09] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[2009-02-18|13:44] C:\Program Files\Fichiers communs\Adobe
[2009-01-29|15:31] C:\Program Files\Fichiers communs\Apple
[2009-01-08|19:14] C:\Program Files\Fichiers communs\Copernic
[2008-12-21|22:38] C:\Program Files\Fichiers communs\DirectX
[2008-12-21|23:06] C:\Program Files\Fichiers communs\InstallShield
[2008-12-21|19:16] C:\Program Files\Fichiers communs\Logishrd
[2008-12-21|19:26] C:\Program Files\Fichiers communs\Logitech
[2009-02-21|11:33] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-12-21|14:07] C:\Program Files\Fichiers communs\MSSoap
[2008-12-21|14:02] C:\Program Files\Fichiers communs\ODBC
[2008-12-21|14:07] C:\Program Files\Fichiers communs\Services
[2008-12-21|14:01] C:\Program Files\Fichiers communs\SpeechEngines
[2008-12-23|14:07] C:\Program Files\Fichiers communs\System
[2009-03-18|09:15] C:\Program Files\Fichiers communs\Windows Live
[2008-12-21|20:21] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 34 Processes )
iexplore.exe ~ [PID:600]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\romain\Cookies\romain@advertising[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 12:08:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 30
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:6][D:4]-> C:\DOCUME~1\romain\LOCALS~1\Temp
[F:37][D:0]-> C:\DOCUME~1\romain\Cookies
[F:562][D:6]-> C:\DOCUME~1\romain\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 2009-03-26|12:09 - Option : [1]
--------------------\\ Fin du rapport a 12:09:23
Ced_King
Messages postés
3511
Date d'inscription
lundi 2 mars 2009
Statut
Contributeur
Dernière intervention
10 octobre 2016
664
26 mars 2009 à 12:21
26 mars 2009 à 12:21
- Ensuite, relances LopSD et choisis l'option2
- Patientes jusqu'a la fin du scann un rapport sera généré, postes son contenu
--------------------------
Telecharges Malwarebytes' Anti-Malware :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- Installe le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour
- Une fois installé, fermes toutes les applications en cours et lances Malwarebytes
- Executes un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse)
- A la fin du scan clic sur " Afficher les resultats ", si Malwarebytes a trouvé des infections >> clic sur " Supprimer la selection "
- Si il a besoin de redemarrer le pc pour finir la desinfection, acceptes
- Un rapport s'etablira, postes son contenu.
.
- Patientes jusqu'a la fin du scann un rapport sera généré, postes son contenu
--------------------------
Telecharges Malwarebytes' Anti-Malware :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- Installe le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour
- Une fois installé, fermes toutes les applications en cours et lances Malwarebytes
- Executes un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse)
- A la fin du scan clic sur " Afficher les resultats ", si Malwarebytes a trouvé des infections >> clic sur " Supprimer la selection "
- Si il a besoin de redemarrer le pc pour finir la desinfection, acceptes
- Un rapport s'etablira, postes son contenu.
.
Reggie94
Messages postés
6
Date d'inscription
jeudi 26 mars 2009
Statut
Membre
Dernière intervention
26 mars 2009
26 mars 2009 à 12:44
26 mars 2009 à 12:44
LopSD :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : romain ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:90 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:6 Go (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:9 Go (Free:7 Go)
H:\ (USB) - FAT - Total:966 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 2009-03-26|12:23 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\romain\Cookies\romain@advertising[1].txt
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[2009-01-29|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009-01-21|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\235B
[2009-02-18|13:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2009-01-29|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2009-01-29|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2009-02-07|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2009-02-03|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KONAMI
[2008-12-22|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lionhead Studios
[2008-12-21|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[2009-03-18|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-12-23|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-12-21|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-12-21|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-12-21|14:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-12-21|14:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2009-03-14|18:44] C:\DOCUME~1\romain\APPLIC~1\Adobe
[2009-01-29|15:31] C:\DOCUME~1\romain\APPLIC~1\Apple Computer
[2008-12-21|14:27] C:\DOCUME~1\romain\APPLIC~1\ATI
[2009-01-08|19:15] C:\DOCUME~1\romain\APPLIC~1\Copernic
[2008-12-22|16:41] C:\DOCUME~1\romain\APPLIC~1\Google
[2008-12-21|14:12] C:\DOCUME~1\romain\APPLIC~1\Identities
[2009-01-25|11:53] C:\DOCUME~1\romain\APPLIC~1\InstallShield
[2008-12-22|17:08] C:\DOCUME~1\romain\APPLIC~1\Lionhead Studios
[2008-12-21|20:23] C:\DOCUME~1\romain\APPLIC~1\Macromedia
[2008-12-21|19:44] C:\DOCUME~1\romain\APPLIC~1\Media Player Classic
[2009-03-05|13:02] C:\DOCUME~1\romain\APPLIC~1\Microsoft
[2008-12-21|19:47] C:\DOCUME~1\romain\APPLIC~1\vlc
[2009-03-17|15:36] C:\DOCUME~1\romain\APPLIC~1\Vso
[2009-02-12|19:40] C:\DOCUME~1\romain\APPLIC~1\WinRAR
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[2009-03-26 11:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2002-08-30 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[2009-02-18|13:44] C:\Program Files\Adobe
[2009-03-24|11:52] C:\Program Files\Alwil Software
[2009-01-29|15:30] C:\Program Files\Apple Software Update
[2008-12-21|14:24] C:\Program Files\ATI Technologies
[2009-01-29|15:30] C:\Program Files\Bonjour
[2009-03-26|11:07] C:\Program Files\CCleaner
[2008-12-21|14:07] C:\Program Files\ComPlus Applications
[2009-01-08|19:15] C:\Program Files\Copernic Agent
[2008-12-21|14:45] C:\Program Files\Creative
[2008-12-21|19:35] C:\Program Files\Druide
[2009-01-03|18:02] C:\Program Files\EA SPORTS
[2008-12-26|11:26] C:\Program Files\Electronic Arts
[2009-03-24|10:19] C:\Program Files\eMule
[2009-03-18|09:15] C:\Program Files\Fichiers communs
[2009-03-26|11:34] C:\Program Files\FindyKill
[2009-02-21|11:37] C:\Program Files\GameShadow
[2008-12-26|11:44] C:\Program Files\GameSpy
[2009-02-07|19:57] C:\Program Files\Google
[2009-03-12|14:48] C:\Program Files\icons
[2009-02-24|14:52] C:\Program Files\InstallShield Installation Information
[2009-03-12|14:48] C:\Program Files\instructions
[2008-12-23|14:28] C:\Program Files\Internet Explorer
[2009-01-29|15:31] C:\Program Files\iPod
[2009-01-29|15:31] C:\Program Files\iTunes
[2008-12-24|23:48] C:\Program Files\JDHalfrack Enterprises
[2008-12-21|19:43] C:\Program Files\K-Lite Codec Pack
[2009-02-03|17:58] C:\Program Files\KONAMI
[2008-12-22|16:54] C:\Program Files\Lionhead Studios Ltd
[2008-12-21|19:26] C:\Program Files\Logitech
[2008-12-21|23:07] C:\Program Files\LucasArts
[2008-12-24|23:46] C:\Program Files\MaddenAmp
[2008-12-23|14:22] C:\Program Files\Messenger
[2009-03-26|11:33] C:\Program Files\MessengerPlus! 3
[2009-03-06|14:17] C:\Program Files\Micro Application
[2008-12-21|14:09] C:\Program Files\microsoft frontpage
[2009-01-03|00:34] C:\Program Files\Microsoft LifeCam
[2008-12-23|14:08] C:\Program Files\Movie Maker
[2008-12-26|13:52] C:\Program Files\MSBuild
[2008-12-21|14:06] C:\Program Files\MSN
[2008-12-21|14:06] C:\Program Files\MSN Gaming Zone
[2008-12-23|14:07] C:\Program Files\NetMeeting
[2008-12-23|14:07] C:\Program Files\Outlook Express
[2009-03-14|19:35] C:\Program Files\OzWolf Inc
[2008-12-27|23:06] C:\Program Files\PhotoFiltre
[2009-01-29|15:30] C:\Program Files\QuickTime
[2008-12-26|13:51] C:\Program Files\Reference Assemblies
[2009-01-25|11:54] C:\Program Files\SEGA
[2008-12-21|14:06] C:\Program Files\Services en ligne
[2009-01-29|18:17] C:\Program Files\Steinberg
[2009-03-26|11:38] C:\Program Files\trend micro
[2009-01-11|02:30] C:\Program Files\TVAnts
[2009-02-24|14:52] C:\Program Files\Ubisoft
[2008-12-21|14:12] C:\Program Files\Uninstall Information
[2009-02-12|15:42] C:\Program Files\Valve
[2008-12-21|19:47] C:\Program Files\VideoLAN
[2008-12-24|00:17] C:\Program Files\VSO
[2008-12-21|20:19] C:\Program Files\Windows Installer 4.5 SDK
[2008-12-21|20:22] C:\Program Files\Windows Live
[2009-01-03|00:28] C:\Program Files\Windows Media Player
[2008-12-23|14:07] C:\Program Files\Windows NT
[2008-12-21|17:40] C:\Program Files\WindowsUpdate
[2009-02-12|19:39] C:\Program Files\WinRAR
[2008-12-21|14:09] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[2009-02-18|13:44] C:\Program Files\Fichiers communs\Adobe
[2009-01-29|15:31] C:\Program Files\Fichiers communs\Apple
[2009-01-08|19:14] C:\Program Files\Fichiers communs\Copernic
[2008-12-21|22:38] C:\Program Files\Fichiers communs\DirectX
[2008-12-21|23:06] C:\Program Files\Fichiers communs\InstallShield
[2008-12-21|19:16] C:\Program Files\Fichiers communs\Logishrd
[2008-12-21|19:26] C:\Program Files\Fichiers communs\Logitech
[2009-02-21|11:33] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-12-21|14:07] C:\Program Files\Fichiers communs\MSSoap
[2008-12-21|14:02] C:\Program Files\Fichiers communs\ODBC
[2008-12-21|14:07] C:\Program Files\Fichiers communs\Services
[2008-12-21|14:01] C:\Program Files\Fichiers communs\SpeechEngines
[2008-12-23|14:07] C:\Program Files\Fichiers communs\System
[2009-03-18|09:15] C:\Program Files\Fichiers communs\Windows Live
[2008-12-21|20:21] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 33 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 12:23:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 30
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:6][D:4]-> C:\DOCUME~1\romain\LOCALS~1\Temp
[F:53][D:0]-> C:\DOCUME~1\romain\Cookies
[F:1039][D:6]-> C:\DOCUME~1\romain\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 2009-03-26|12:09 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 2009-03-26|12:24 - Option : [2]
--------------------\\ Fin du rapport a 12:24:25
Rapport Malwarebytes' Anti-Malware :
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 5.1.2600 Service Pack 3
2009-03-26 12:43:22
mbam-log-2009-03-26 (12-43-22).txt
Type de recherche: Examen rapide
Eléments examinés: 57619
Temps écoulé: 2 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : romain ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:90 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:6 Go (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:9 Go (Free:7 Go)
H:\ (USB) - FAT - Total:966 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 2009-03-26|12:23 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\romain\Cookies\romain@advertising[1].txt
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[2009-01-29|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009-01-21|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\235B
[2009-02-18|13:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2009-01-29|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2009-01-29|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2009-02-07|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2009-02-03|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KONAMI
[2008-12-22|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lionhead Studios
[2008-12-21|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[2009-03-18|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-12-23|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-12-21|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-12-21|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-12-21|14:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-12-21|14:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2009-03-14|18:44] C:\DOCUME~1\romain\APPLIC~1\Adobe
[2009-01-29|15:31] C:\DOCUME~1\romain\APPLIC~1\Apple Computer
[2008-12-21|14:27] C:\DOCUME~1\romain\APPLIC~1\ATI
[2009-01-08|19:15] C:\DOCUME~1\romain\APPLIC~1\Copernic
[2008-12-22|16:41] C:\DOCUME~1\romain\APPLIC~1\Google
[2008-12-21|14:12] C:\DOCUME~1\romain\APPLIC~1\Identities
[2009-01-25|11:53] C:\DOCUME~1\romain\APPLIC~1\InstallShield
[2008-12-22|17:08] C:\DOCUME~1\romain\APPLIC~1\Lionhead Studios
[2008-12-21|20:23] C:\DOCUME~1\romain\APPLIC~1\Macromedia
[2008-12-21|19:44] C:\DOCUME~1\romain\APPLIC~1\Media Player Classic
[2009-03-05|13:02] C:\DOCUME~1\romain\APPLIC~1\Microsoft
[2008-12-21|19:47] C:\DOCUME~1\romain\APPLIC~1\vlc
[2009-03-17|15:36] C:\DOCUME~1\romain\APPLIC~1\Vso
[2009-02-12|19:40] C:\DOCUME~1\romain\APPLIC~1\WinRAR
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[2009-03-26 11:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2002-08-30 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[2009-02-18|13:44] C:\Program Files\Adobe
[2009-03-24|11:52] C:\Program Files\Alwil Software
[2009-01-29|15:30] C:\Program Files\Apple Software Update
[2008-12-21|14:24] C:\Program Files\ATI Technologies
[2009-01-29|15:30] C:\Program Files\Bonjour
[2009-03-26|11:07] C:\Program Files\CCleaner
[2008-12-21|14:07] C:\Program Files\ComPlus Applications
[2009-01-08|19:15] C:\Program Files\Copernic Agent
[2008-12-21|14:45] C:\Program Files\Creative
[2008-12-21|19:35] C:\Program Files\Druide
[2009-01-03|18:02] C:\Program Files\EA SPORTS
[2008-12-26|11:26] C:\Program Files\Electronic Arts
[2009-03-24|10:19] C:\Program Files\eMule
[2009-03-18|09:15] C:\Program Files\Fichiers communs
[2009-03-26|11:34] C:\Program Files\FindyKill
[2009-02-21|11:37] C:\Program Files\GameShadow
[2008-12-26|11:44] C:\Program Files\GameSpy
[2009-02-07|19:57] C:\Program Files\Google
[2009-03-12|14:48] C:\Program Files\icons
[2009-02-24|14:52] C:\Program Files\InstallShield Installation Information
[2009-03-12|14:48] C:\Program Files\instructions
[2008-12-23|14:28] C:\Program Files\Internet Explorer
[2009-01-29|15:31] C:\Program Files\iPod
[2009-01-29|15:31] C:\Program Files\iTunes
[2008-12-24|23:48] C:\Program Files\JDHalfrack Enterprises
[2008-12-21|19:43] C:\Program Files\K-Lite Codec Pack
[2009-02-03|17:58] C:\Program Files\KONAMI
[2008-12-22|16:54] C:\Program Files\Lionhead Studios Ltd
[2008-12-21|19:26] C:\Program Files\Logitech
[2008-12-21|23:07] C:\Program Files\LucasArts
[2008-12-24|23:46] C:\Program Files\MaddenAmp
[2008-12-23|14:22] C:\Program Files\Messenger
[2009-03-26|11:33] C:\Program Files\MessengerPlus! 3
[2009-03-06|14:17] C:\Program Files\Micro Application
[2008-12-21|14:09] C:\Program Files\microsoft frontpage
[2009-01-03|00:34] C:\Program Files\Microsoft LifeCam
[2008-12-23|14:08] C:\Program Files\Movie Maker
[2008-12-26|13:52] C:\Program Files\MSBuild
[2008-12-21|14:06] C:\Program Files\MSN
[2008-12-21|14:06] C:\Program Files\MSN Gaming Zone
[2008-12-23|14:07] C:\Program Files\NetMeeting
[2008-12-23|14:07] C:\Program Files\Outlook Express
[2009-03-14|19:35] C:\Program Files\OzWolf Inc
[2008-12-27|23:06] C:\Program Files\PhotoFiltre
[2009-01-29|15:30] C:\Program Files\QuickTime
[2008-12-26|13:51] C:\Program Files\Reference Assemblies
[2009-01-25|11:54] C:\Program Files\SEGA
[2008-12-21|14:06] C:\Program Files\Services en ligne
[2009-01-29|18:17] C:\Program Files\Steinberg
[2009-03-26|11:38] C:\Program Files\trend micro
[2009-01-11|02:30] C:\Program Files\TVAnts
[2009-02-24|14:52] C:\Program Files\Ubisoft
[2008-12-21|14:12] C:\Program Files\Uninstall Information
[2009-02-12|15:42] C:\Program Files\Valve
[2008-12-21|19:47] C:\Program Files\VideoLAN
[2008-12-24|00:17] C:\Program Files\VSO
[2008-12-21|20:19] C:\Program Files\Windows Installer 4.5 SDK
[2008-12-21|20:22] C:\Program Files\Windows Live
[2009-01-03|00:28] C:\Program Files\Windows Media Player
[2008-12-23|14:07] C:\Program Files\Windows NT
[2008-12-21|17:40] C:\Program Files\WindowsUpdate
[2009-02-12|19:39] C:\Program Files\WinRAR
[2008-12-21|14:09] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[2009-02-18|13:44] C:\Program Files\Fichiers communs\Adobe
[2009-01-29|15:31] C:\Program Files\Fichiers communs\Apple
[2009-01-08|19:14] C:\Program Files\Fichiers communs\Copernic
[2008-12-21|22:38] C:\Program Files\Fichiers communs\DirectX
[2008-12-21|23:06] C:\Program Files\Fichiers communs\InstallShield
[2008-12-21|19:16] C:\Program Files\Fichiers communs\Logishrd
[2008-12-21|19:26] C:\Program Files\Fichiers communs\Logitech
[2009-02-21|11:33] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-12-21|14:07] C:\Program Files\Fichiers communs\MSSoap
[2008-12-21|14:02] C:\Program Files\Fichiers communs\ODBC
[2008-12-21|14:07] C:\Program Files\Fichiers communs\Services
[2008-12-21|14:01] C:\Program Files\Fichiers communs\SpeechEngines
[2008-12-23|14:07] C:\Program Files\Fichiers communs\System
[2009-03-18|09:15] C:\Program Files\Fichiers communs\Windows Live
[2008-12-21|20:21] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 33 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 12:23:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 30
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:6][D:4]-> C:\DOCUME~1\romain\LOCALS~1\Temp
[F:53][D:0]-> C:\DOCUME~1\romain\Cookies
[F:1039][D:6]-> C:\DOCUME~1\romain\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 2009-03-26|12:09 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 2009-03-26|12:24 - Option : [2]
--------------------\\ Fin du rapport a 12:24:25
Rapport Malwarebytes' Anti-Malware :
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 5.1.2600 Service Pack 3
2009-03-26 12:43:22
mbam-log-2009-03-26 (12-43-22).txt
Type de recherche: Examen rapide
Eléments examinés: 57619
Temps écoulé: 2 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Ced_King
Messages postés
3511
Date d'inscription
lundi 2 mars 2009
Statut
Contributeur
Dernière intervention
10 octobre 2016
664
26 mars 2009 à 12:53
26 mars 2009 à 12:53
Ok,
* Mets Adobe à jour : ( n'installes pas la barre d'outil google, décoches la)
https://get2.adobe.com/reader/otherversions/
---------------------
* Installes la dernière version de Java :
https://www.java.com/fr/download/manual.jsp
-------------------
* Une fois à jour, télécharges JavaRa.zip
http://raproducts.org/click/click.php?id=1
---> Autorise le processus a se connecter si il te le demande
. Cliques sur Install et suis les instructions
- Quand l'installation est finie, reviens à l'écran JavaRa
-Clic sur " Remove Old Versions " ou " recherches d'anciennes versions " --> cliques sur " oui "
-l'outil va travailler, cliques ensuite sur " Ok " et à nouveau sur Ok
- Un rapport s'ouvrira, refermes l'application puis postes le
---------------------
Suite à Bagle, tu vas devoir reinstaller un antivirus :
- Je te conseille de prendre Avira antivir, beaucoup plus performant, c'est ce que l'on fait de mieux en gratuits
https://www.avira.com/ et un tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
Note :( 1 seul antivirus et 1 pare-feu )
------------------------
Ensuite, une fois ceci fait, lances un scan avec Avira en mode sans echec
- Postes le rapport généré
* Mets Adobe à jour : ( n'installes pas la barre d'outil google, décoches la)
https://get2.adobe.com/reader/otherversions/
---------------------
* Installes la dernière version de Java :
https://www.java.com/fr/download/manual.jsp
-------------------
* Une fois à jour, télécharges JavaRa.zip
http://raproducts.org/click/click.php?id=1
---> Autorise le processus a se connecter si il te le demande
. Cliques sur Install et suis les instructions
- Quand l'installation est finie, reviens à l'écran JavaRa
-Clic sur " Remove Old Versions " ou " recherches d'anciennes versions " --> cliques sur " oui "
-l'outil va travailler, cliques ensuite sur " Ok " et à nouveau sur Ok
- Un rapport s'ouvrira, refermes l'application puis postes le
---------------------
Suite à Bagle, tu vas devoir reinstaller un antivirus :
- Je te conseille de prendre Avira antivir, beaucoup plus performant, c'est ce que l'on fait de mieux en gratuits
https://www.avira.com/ et un tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
Note :( 1 seul antivirus et 1 pare-feu )
------------------------
Ensuite, une fois ceci fait, lances un scan avec Avira en mode sans echec
- Postes le rapport généré
Reggie94
Messages postés
6
Date d'inscription
jeudi 26 mars 2009
Statut
Membre
Dernière intervention
26 mars 2009
26 mars 2009 à 13:08
26 mars 2009 à 13:08
Voici le rapport de JavaRa
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Thu Mar 26 13:04:17 2009
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
------------------------------------
Finished reporting.
Et pour l'antivirus je dois remettre Avast, car ce n'est pas vraiment mon PC et je ne voudrais pas que le propriétaire de l'ordinateur voie qu'il y a eu des modifications. Sa pose un problême si je remet Avast ?.
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Thu Mar 26 13:04:17 2009
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
------------------------------------
Finished reporting.
Et pour l'antivirus je dois remettre Avast, car ce n'est pas vraiment mon PC et je ne voudrais pas que le propriétaire de l'ordinateur voie qu'il y a eu des modifications. Sa pose un problême si je remet Avast ?.
Ced_King
Messages postés
3511
Date d'inscription
lundi 2 mars 2009
Statut
Contributeur
Dernière intervention
10 octobre 2016
664
26 mars 2009 à 13:17
26 mars 2009 à 13:17
Non pas de soucis, juste qu'il est vraiment pas terrible...
-----------------------
Donc fais ceci à la place :
Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (Avec Internet Explorer)
- En bas à droite, clique sur Démarrer Online-scanner
- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte
- Accepte les Contrôles ActiveX
- Choisis Poste de travail pour le scan.
- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport
- Pour t'aider à utiliser le scan en ligne :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
----------------------------
-----------------------
Donc fais ceci à la place :
Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (Avec Internet Explorer)
- En bas à droite, clique sur Démarrer Online-scanner
- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte
- Accepte les Contrôles ActiveX
- Choisis Poste de travail pour le scan.
- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport
- Pour t'aider à utiliser le scan en ligne :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
----------------------------