Bonjour, Mon anti virus me signale que le fichier 24.scr (écran de veille) est infecté par un Trojan. Ce fichier se trouve dans C:\WINDOWS\Sytem32\ Est-ce un fichier utile, voire important ? Puis-je le supprimer sans danger pur le fonctionnement de mon système ? Merci d'avance pour l'iade. pjlt

Suppression d'un fichier corrompu ds System32

Réponse 41 / 75

pjlt Messages postés 284 Statut Membre 16

Ci-dessous, le rapport de Toolscleaner de mon premier PC.

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\philippe\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\philippe\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\philippe\Bureau\Ad-remover.lnk: trouvé !
C:\Documents and Settings\philippe\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\philippe\Menu Démarrer\Programmes\Ad-remover: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\philippe\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\philippe\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\philippe\Bureau\Ad-remover.lnk: supprimé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: supprimé !
C:\Documents and Settings\philippe\Bureau\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\philippe\Menu Démarrer\Programmes\Ad-remover: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

pjlt

Réponse 42 / 75

pjlt Messages postés 284 Statut Membre 16

Ci-dessous les deux rapports RSIT de mon second PC.

Logfile of random's system information tool 1.06 (written by random/random)
Run by philippe at 2009-08-23 20:13:50
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 4 GB (16%) free of 25 GB
Total RAM: 1919 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:56, on 23/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\philippe\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\philippe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\WINDOWS\TEMP\E_S8C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Réponse 43 / 75

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Ok... Il y a quelques infections... Commence par faire ceci stp :

▶ Telecharge UsbFix de C_XX & Chiquitine29

▶ tutoriel d'installation

▶ tutoriel recherche

▶ Lance l installation avec les parametres par default

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix sur ton bureau

▶ Choisi l'option 1 (recherche)

▶ Laisse travailler l'outil

▶ Ensuite post le rapport UsbFix.txt qui apparaîtra

* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

* Note : "SniffC.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Réponse 44 / 75

pjlt Messages postés 284 Statut Membre 16

Ci-dessous, le rapport USBfix

############################## | UsbFix V6.021 |

User : philippe () # SALLEAMANGER
Update on 22/08/09 by Chiquitine29
Start at: 20:37:14 | 23/08/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Celeron(R) M CPU 440 @ 1.86GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1229 [VPS 090823-0] 4.8.1229 [ Enabled | Updated ]

C:\ -> Disque fixe local # 24,81 Go (3,99 Go free) # NTFS
D:\ -> Disque fixe local # 10,44 Go (260,03 Mo free) [Disque local] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local # 3 Go (2,66 Go free) [Travail actuel ] # NTFS
G:\ -> Disque fixe local # 6,13 Go (579,69 Mo free) [Nouveau nom] # NTFS
H:\ -> Disque fixe local # 10,78 Go (771,36 Mo free) [Nouveau nom] # NTFS
I:\ -> Disque CD-ROM
J:\ -> Disque fixe local # 17,5 Go (11,7 Go free) [Nouveau nom] # NTFS
L:\ -> Disque amovible # 3,73 Go (1,19 Go free) # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Présent ! C:\temp.txt
Présent ! J:\autorun.inf

################## | Suspect ! ... | https://www.virustotal.com/gui/ |

################## | Registre # Clés Run infectieuses |

Présent ! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
Présent ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 )

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{8fa66366-37e3-11de-9386-0018f3cd68ba}
Shell\Auto\command =K:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # UsbFix V6.021 ! |

pjlt

Réponse 45 / 75

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

▶ tutoriel nettoyage

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau

▶ choisi l'option 2 ( Suppression )

▶ Ton bureau disparaîtra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

▶ /!\ UsbFix te proposera d'uploader un dossier compressé à cette adresse : https://www.androidworld.fr/

▶ Ce dossier a été créé par UsbFix et est enregistré sur ton bureau.

▶ Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

▶ Merci d'avance pour ta contribution !!

Réponse 46 / 75

pjlt Messages postés 284 Statut Membre 16

Ci-dessous, le rapport d'USBFix

############################## | UsbFix V6.021 |

User : philippe () # SALLEAMANGER
Update on 22/08/09 by Chiquitine29
Start at: 21:32:35 | 23/08/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Celeron(R) M CPU 440 @ 1.86GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1229 [VPS 090823-0] 4.8.1229 [ Enabled | Updated ]

C:\ -> Disque fixe local # 24,81 Go (3,95 Go free) # NTFS
D:\ -> Disque fixe local # 10,44 Go (260,03 Mo free) [Disque local] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local # 3 Go (2,66 Go free) [Travail actuel ] # NTFS
G:\ -> Disque fixe local # 6,13 Go (579,69 Mo free) [Nouveau nom] # NTFS
H:\ -> Disque fixe local # 10,78 Go (771,36 Mo free) [Nouveau nom] # NTFS
I:\ -> Disque CD-ROM
J:\ -> Disque fixe local # 17,5 Go (11,7 Go free) [Nouveau nom] # NTFS
L:\ -> Disque amovible # 3,73 Go (1,19 Go free) # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\temp.txt
Supprimé ! J:\autorun.inf

################## | Autres |

################## | Suspect ! ... | https://www.virustotal.com/gui/ |

################## | Registre # Clés Run infectieuses |

# HKLM\software\microsoft\security center "AntiVirusDisableNotify" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "FirewallDisableNotify" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "UpdatesDisableNotify" # -> Reset sucessfully !

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{8fa66366-37e3-11de-9386-0018f3cd68ba}\Shell\Auto\Command

################## | Listing des fichiers présent |

[24/09/2008 06:57|--a------|319400] -> C:\23.JPG
[16/11/2007 16:45|--a------|524288] -> C:\A9RpAS.230
[22/02/2009 20:22|--a------|170] -> C:\ASWL2K.ini
[05/06/2007 20:40|--a------|0] -> C:\AUTOEXEC.BAT
[23/08/2009 20:21|---hs----|212] -> C:\boot.ini
[03/10/2001 01:20|-rahs----|4952] -> C:\Bootfont.bin
[16/08/2008 21:17|--a------|11153] -> C:\ComboFix.txt
[05/06/2007 20:40|--a------|0] -> C:\CONFIG.SYS
[27/08/2007 19:44|--a------|0] -> C:\debugSTD.txt
[22/08/2008 12:53|--a------|250177] -> C:\DeviceLink.log
[05/06/2007 20:40|-rahs----|0] -> C:\IO.SYS
[29/04/2009 10:54|--a------|90] -> C:\LogiSetup.log
[05/06/2007 20:40|-rahs----|0] -> C:\MSDOS.SYS
[04/08/2004 00:38|-rahs----|47564] -> C:\NTDETECT.COM
[04/08/2004 00:59|-rahs----|251712] -> C:\ntldr
[?|?|?] -> C:\pagefile.sys
[04/09/2008 13:42|--a------|287] -> C:\Raccourci vers Disque local (D).lnk
[11/12/2008 15:21|--a------|464] -> C:\Raccourci vers Documents de benedicte.lnk
[20/08/2009 16:51|--a------|290] -> C:\Raccourci vers Travail actuel (F).lnk
[09/08/2008 08:40|--a------|285] -> C:\radio365Quicklaunch.txt
[14/09/2009 15:15|--ah-----|268] -> C:\sqmdata00.sqm
[14/09/2009 20:14|--ah-----|268] -> C:\sqmdata01.sqm
[14/09/2009 22:22|--ah-----|268] -> C:\sqmdata02.sqm
[23/08/2009 20:21|--ah-----|268] -> C:\sqmdata03.sqm
[03/09/2009 23:54|--ah-----|268] -> C:\sqmdata04.sqm
[04/09/2009 09:21|--ah-----|268] -> C:\sqmdata05.sqm
[04/09/2009 23:06|--ah-----|268] -> C:\sqmdata06.sqm
[05/09/2009 20:13|--ah-----|268] -> C:\sqmdata07.sqm
[05/09/2009 23:56|--ah-----|268] -> C:\sqmdata08.sqm
[06/09/2009 05:19|--ah-----|268] -> C:\sqmdata09.sqm
[10/09/2009 20:26|--ah-----|268] -> C:\sqmdata10.sqm
[13/09/2009 10:33|--ah-----|268] -> C:\sqmdata11.sqm
[13/09/2009 10:43|--ah-----|268] -> C:\sqmdata12.sqm
[13/09/2009 10:45|--ah-----|172] -> C:\sqmdata13.sqm
[04/09/2009 16:04|--ah-----|268] -> C:\sqmdata14.sqm
[04/09/2009 17:13|--ah-----|268] -> C:\sqmdata15.sqm
[13/09/2009 11:11|--ah-----|268] -> C:\sqmdata16.sqm
[13/09/2009 22:45|--ah-----|268] -> C:\sqmdata17.sqm
[14/09/2009 07:47|--ah-----|268] -> C:\sqmdata18.sqm
[14/09/2009 10:03|--ah-----|268] -> C:\sqmdata19.sqm
[14/09/2009 15:15|--ah-----|244] -> C:\sqmnoopt00.sqm
[14/09/2009 20:14|--ah-----|244] -> C:\sqmnoopt01.sqm
[14/09/2009 22:22|--ah-----|244] -> C:\sqmnoopt02.sqm
[23/08/2009 20:21|--ah-----|244] -> C:\sqmnoopt03.sqm
[03/09/2009 23:54|--ah-----|244] -> C:\sqmnoopt04.sqm
[04/09/2009 09:21|--ah-----|244] -> C:\sqmnoopt05.sqm
[04/09/2009 23:06|--ah-----|244] -> C:\sqmnoopt06.sqm
[05/09/2009 20:13|--ah-----|244] -> C:\sqmnoopt07.sqm
[05/09/2009 23:56|--ah-----|244] -> C:\sqmnoopt08.sqm
[06/09/2009 05:19|--ah-----|244] -> C:\sqmnoopt09.sqm
[10/09/2009 20:26|--ah-----|244] -> C:\sqmnoopt10.sqm
[13/09/2009 10:33|--ah-----|244] -> C:\sqmnoopt11.sqm
[13/09/2009 10:43|--ah-----|244] -> C:\sqmnoopt12.sqm
[13/09/2009 10:45|--ah-----|172] -> C:\sqmnoopt13.sqm
[04/09/2009 16:04|--ah-----|244] -> C:\sqmnoopt14.sqm
[04/09/2009 17:13|--ah-----|244] -> C:\sqmnoopt15.sqm
[13/09/2009 11:11|--ah-----|244] -> C:\sqmnoopt16.sqm
[13/09/2009 22:45|--ah-----|244] -> C:\sqmnoopt17.sqm
[14/09/2009 07:47|--ah-----|244] -> C:\sqmnoopt18.sqm
[14/09/2009 10:03|--ah-----|244] -> C:\sqmnoopt19.sqm
[23/08/2009 21:35|--a------|6257] -> C:\UsbFix.txt
[05/08/2008 12:49|--a------|24461037] -> C:\xscan.txt
[17/08/2008 20:04|--a------|15360] -> D:\CONVERTISSEUR DEGRES DECIMAUX.xls
[04/11/2008 21:49|--a------|899414] -> D:\DVDDecrypter.exe
[04/11/2008 22:07|--a------|1035178] -> D:\dvdshrink_3.2_CSS-Free_for_ImgBurn_Fr.exe
[29/08/2007 22:17|--a------|290816] -> D:\FICHIER_articles.xls
[05/09/2008 13:58|--a------|17920] -> D:\Grille 65 au 25000_avec_noms_cartes.xls
[02/09/2008 11:08|--a------|3002712] -> D:\Lac de Caillouas.ecw
[02/09/2008 11:08|--a------|3761] -> D:\Lac de Caillouas.map
[24/09/2008 19:37|--a------|295936] -> D:\PAIEMENT sncf DU 24_09_08.doc
[21/07/2008 20:49|--a------|206] -> D:\Raccourci vers Lecteur CD.lnk
[09/11/2008 12:44|--a------|357936] -> D:\RealPlayer11GOLD_fr.exe
[04/11/2008 22:25|--a------|2698296] -> D:\SetupAnyDVD6479.exe
[24/06/2009 18:57|--a------|145] -> F:\Raccourci vers Lecteur CD.lnk
[31/07/2009 20:58|--a------|76796] -> F:\Vedette service MarDuf'.jpg
[13/06/2008 22:12|--a------|4507413] -> G:\13933071026101239.zip
[30/08/2007 20:44|--a------|2333031] -> G:\1895.zip
[05/12/2007 13:46|--a------|34300] -> G:\80514.htm
[05/06/2007 22:47|--a------|2855080] -> G:\aawsepersonal.exe
[21/07/2004 16:36|--a------|3019256] -> G:\afficher_extension_fichier_sous_winxp.wmv
[16/06/2007 22:32|--a------|11051106] -> G:\ashampoo_audiocd_mp3_studio300_se.exe
[02/12/2007 00:13|--a------|128185] -> G:\Asus A9Rp laptop experience with edgy - Ubuntu Forums.htm
[30/11/2007 22:00|--a------|18216] -> G:\Asus+A9Rp.htm
[05/06/2007 22:57|--a------|6469352] -> G:\avgas-setup-7.5.0.50.exe
[27/05/2007 19:48|--a------|57024] -> G:\balptt.zip
[18/04/2007 14:32|--a------|20992] -> G:\Bonjour Philippe.doc
[28/11/2007 23:22|--a------|99840] -> G:\Bonjour.doc
[24/11/2007 23:33|--ah-----|0] -> G:\BOOTLOG.TXT
[25/11/2007 22:14|--a------|9871] -> G:\build-essential.odt
[19/07/2008 23:15|--a------|310746] -> G:\canot couple.jpg
[19/07/2008 23:20|--a------|477719] -> G:\canot dessus .jpg
[19/07/2008 23:13|--a------|588624] -> G:\canot lateral.jpg
[29/03/2007 06:30|--a------|35791908] -> G:\catalogue.zip
[01/12/2008 03:10|--a------|369641472] -> G:\Clara.Sheller.2x01.Petite.Musique.Du.Mensonge.FR.HDTV.XViD-EPZ.avi
[01/12/2008 03:51|--a------|366200832] -> G:\Clara.Sheller.2x02.Une.Autruche.En.D‚capotable.FR.HDTV.XViD-EPZ.avi
[09/12/2007 09:01|--a------|91804] -> G:\commandes_de_base
[08/12/2007 19:54|--a------|1106054] -> G:\compat-wireless-2.6.tar.bz2
[03/12/2007 22:30|--a------|204800] -> G:\compil_1.doc
[27/11/2007 08:44|--a------|26624] -> G:\connexion internet wifi avec le module zd1211rw Jeu 25 Oct 07 21.doc
[26/11/2007 21:17|--a------|55622] -> G:\console - Documentation Ubuntu Francophone.htm
[08/05/2007 18:36|--a------|1701808] -> G:\cortvrml.exe
[08/05/2007 13:16|--a------|855] -> G:\cuisine.mst
[05/06/2007 23:11|--a------|3540066] -> G:\DBI_solution_bois_1.pdf
[05/06/2007 23:11|--a------|3798930] -> G:\DBI_solution_bois_2.pdf
[06/12/2007 22:48|--a------|498646] -> G:\dldr-wpa-supplicant_0.4.7.0_i386.deb
[06/12/2007 22:50|--a------|184731] -> G:\dldrinstall.run
[06/12/2007 22:54|--a------|336106] -> G:\driverloader_2.39_k2.6.20_15_generic_ubuntu_i386.deb.zip
[27/03/2007 08:05|--a------|2085211] -> G:\Easy_Calcul.zip
[16/06/2007 11:31|--a------|1232731] -> G:\eMule.1036.chm
[16/06/2007 11:31|--a------|3858985] -> G:\eMule0.48a-Installer.exe
[30/05/2007 23:50|--a------|11470608] -> G:\ewido-setup.exe
[14/12/2007 21:59|--a------|17723] -> G:\Forum Ubuntu-fr_org - Ouverture fichiers _htm _html enregistr‚s sous Win (FAT 32).htm
[13/12/2007 23:01|--a------|60414] -> G:\Forum Ubuntu-fr_org - Reconnaissance Wifi par chipset zd1211.htm
[25/11/2007 21:35|--a------|17152] -> G:\Forum Ubuntu-fr_org - Suppression du son … l'invite du login.htm
[04/03/2008 19:09|--a------|155868] -> G:\gmail-drive-shell-extension_gmail_drive_shell_extension_1.0.12_anglais_13783.zip
[01/09/2007 22:44|--a------|13416432] -> G:\Google_Earth_BZXV.exe
[22/06/2009 21:31|--a------|13824] -> G:\Grille dalles Pivs d'Europe.xls
[02/12/2007 15:05|--a------|160938] -> G:\How TO - Zydas ZD1211 on Edgy with WPA - Ubuntu Forums.htm
[21/04/2007 23:40|--a------|72] -> G:\internationale-sp_en.ram
[04/12/2007 18:25|--a------|273541] -> G:\Ir-n-e Pons.jpg
[20/06/2007 23:13|--a------|237568] -> G:\la_Internacional_Anarquista.mp3
[09/12/2007 09:02|--a------|47942] -> G:\learn_unix_in_10_minutes
[24/05/2007 22:55|--a------|103997] -> G:\lettre-mensuelle-35.pdf
[27/11/2007 21:39|--a------|46338] -> G:\Linux - L'installation de logiciels.htm
[06/12/2007 22:51|--a------|19704] -> G:\Linuxant - DriverLoader for Wireless LAN devices - DriverLoader Installer.htm
[03/12/2007 22:05|--a------|163840] -> G:\Linux_zd1211_UserGuide.doc
[05/12/2007 14:11|--a------|95744] -> G:\make install.doc
[29/11/2007 23:26|--a------|21751] -> G:\materielwifizd1211 - Documentation Ubuntu Francophone.htm
[19/04/2007 22:39|--a------|34208167] -> G:\Memento ICI SIC2.doc
[01/12/2008 13:25|--a------|92878] -> G:\Memo_Voyage_Juillet_MChristineV‚ronique.pdf
[01/12/2008 13:23|--a------|92667] -> G:\Memo_Voyage_Juillet_Philippe.pdf
[01/12/2008 13:24|--a------|93305] -> G:\Memo_Voyage_Juillet_V‚ronique.pdf
[06/12/2007 22:58|--a------|38919] -> G:\ndiswrapper - Documentation Ubuntu Francophone.htm
[06/12/2007 23:00|--a------|198324] -> G:\ndiswrapper-1.50.tar.gz
[28/11/2007 23:59|--a------|22016] -> G:\Notes.doc
[23/10/2007 22:43|--a------|1550222] -> G:\orario_navigazione_est_07.pdf
[27/06/2008 22:18|--a------|6104632] -> G:\picasaweb-current-setup.exe
[03/12/2007 22:50|--a------|98816] -> G:\poste.doc
[26/11/2007 08:44|--a------|15153] -> G:\rapport console.odt
[03/12/2007 20:06|--a------|96768] -> G:\renvoi commandes_2.doc
[03/12/2007 19:54|--a------|9007] -> G:\renvoi commandes_2.odt
[31/05/2007 00:38|--a------|1532] -> G:\Report-Scan-20070530-233804.txt
[05/12/2007 07:39|--a------|100352] -> G:\retou_wifi.doc
[08/05/2007 13:21|--a------|1357422] -> G:\room-arranger_room_arranger_4.67_version_shareware_francais_10968.exe
[05/06/2007 22:20|--a------|15174784] -> G:\setupfre.exe
[19/08/2004 17:10|--a------|28672] -> G:\setupSNK.exe
[29/08/2007 20:14|--a------|35898616] -> G:\setup_4_11_sp2.exe
[16/06/2007 22:20|--a------|6773861] -> G:\Setup_FreeConverter.exe
[02/12/2007 21:08|--a------|120855] -> G:\showthread.php.htm
[04/12/2007 23:42|--a------|95744] -> G:\sudo make install.doc
[21/12/2007 00:23|--a------|7984464] -> G:\terraexplorer_terraexplorer_5.0.2.10_basic_francais_40985.exe
[19/07/2008 23:57|--ahs----|24064] -> G:\Thumbs.db
[16/11/2008 07:21|--a------|6834208] -> G:\Thunderbird Setup 2.0.0.17.exe
[05/06/2007 23:27|--a------|9449829] -> G:\UPB_RT2005.pdf
[03/05/2007 20:54|--a------|47391] -> G:\Verrouillage centralis‚ 001.jpg
[03/05/2007 20:54|--a------|47760] -> G:\Verrouillage centralis‚ 002.jpg
[03/05/2007 20:54|--a------|47405] -> G:\Verrouillage centralis‚ 003.jpg
[03/05/2007 20:54|--a------|1025563] -> G:\Verrouillage centralis‚ 004.jpg
[03/05/2007 20:55|--a------|1289447] -> G:\Verrouillage centralis‚ 005.jpg
[03/05/2007 20:55|--a------|1016579] -> G:\Verrouillage centralis‚ 006.jpg
[30/11/2007 22:00|--a------|26508] -> G:\viewtopic.php.htm
[02/12/2007 21:05|--a------|41511] -> G:\Wlan-Konfiguration Notebook Asus A9RP Adapter WL-159g - Thema anzeigen - ubuntuusers.htm
[02/12/2007 15:21|--a------|36567] -> G:\Wlan-Konfiguration Notebook Asus A9RP Adapter WL-159g - Thema anzeigen - ubuntuusers.htm
[02/12/2007 15:50|--a------|39061] -> G:\zd1211-firmware-1.4.tar.bz2
[02/12/2007 22:30|--a------|104960] -> G:\zd1211.doc
[26/11/2007 23:24|--a------|22201] -> G:\zd1211.htm
[03/12/2007 21:28|--a------|445420] -> G:\ZD1211LnxDrv_2_21_0_0.tar.gz
[02/12/2007 16:36|--a------|10815] -> G:\zd1211memtool-0.1.tar.bz2
[04/12/2007 22:25|--a------|59392] -> G:\ZDUSB.C.doc
[14/12/2007 21:20|--a------|141491] -> G:\Zydas zd1211b unter suse 10_2 - linuxforen_de -- User helfen Usern.htm
[11/12/2008 17:43|--a------|12546897] -> H:\Pageflip.zip
[12/12/2008 09:45|--a------|733782366] -> H:\pageflip_v213_dynamic_v1_source.axx
[11/12/2008 17:33|--a------|5430939] -> H:\pageflip_v213_dynamic_v2_source.zip
[11/07/2006 18:35|--a------|503808] -> J:\msvcp71.dll
[16/12/2008 11:27|--a------|3902] -> J:\Opel EPC 3.01.txt
[19/08/2004 16:10|--a------|28672] -> J:\setupSNK.exe
[25/04/2007 07:52|--a------|20257084] -> L:\7829CS.byo
[25/04/2007 07:52|--a------|18232694] -> L:\7839CS.byo
[25/04/2007 07:52|--a------|20576268] -> L:\8809CS.byo
[25/04/2007 07:52|--a------|20015439] -> L:\8819CS.byo
[25/04/2007 07:52|--a------|18865549] -> L:\8829CS.byo
[25/04/2007 07:52|--a------|18551535] -> L:\8839CS.byo
[25/04/2007 07:52|--a------|19356408] -> L:\8849CS.byo
[25/04/2007 07:52|--a------|18421905] -> L:\9819CS.byo
[25/04/2007 07:52|--a------|19556380] -> L:\9829CS.byo
[25/04/2007 07:52|--a------|19081097] -> L:\9839CS.byo
[25/04/2007 07:52|--a------|27366071] -> L:\9849CS.byo
[25/04/2007 07:52|--a------|9885899] -> L:\9859CS.byo
[09/02/2009 03:40|--a------|730980352] -> L:\Archi - Archicad 10.rar
[09/02/2009 21:01|--a------|14771744] -> L:\IE7-WindowsXP-x86-fra.exe
[03/07/2009 08:55|--a------|705166] -> L:\r‚servation mess Bordeaux.pdf
[09/02/2009 21:02|--a------|8880680] -> L:\IE7-WindowsXP-KB944533-x86-FRA.exe
[07/08/2009 17:13|--a------|4884067] -> L:\catalogue naval.pdf
[28/07/2009 20:48|--a------|1147417] -> L:\Verti transvers Le Bot HM.jpg
[07/04/2009 17:40|--a------|20992] -> L:\lettre taxe hab.doc
[14/06/2009 10:04|--a------|1840039] -> L:\Bonne image sur PC de bureau.png
[07/08/2009 13:51|--a------|4005191] -> L:\FileZilla_3.2.6_win32-setup.exe
[14/06/2009 14:20|--a------|3790] -> L:\Top 100_imga du portable par Cbyo.map
[14/06/2009 14:20|--a------|119904] -> L:\Top 100_imga du portable par Cbyo.png
[14/06/2009 22:08|--a------|3746] -> L:\… tester.map
[14/06/2009 22:08|--a------|1060896] -> L:\… tester.png
[11/08/2009 22:13|--a------|87552] -> L:\Proportions poulies.xls
[17/06/2009 13:19|--a------|3764] -> L:\0919CS 25%_PCfixe.map
[17/06/2009 13:19|--a------|1238113] -> L:\0919CS 25%_PCfixe.png
[17/06/2009 13:21|--a------|3746] -> L:\essai201.map
[17/06/2009 13:21|--a------|1203961] -> L:\essai201.png
[17/06/2009 13:27|--a------|3748] -> L:\essai 203.map
[17/06/2009 13:27|--a------|1238113] -> L:\essai 203.png
[08/04/2005 18:13|--a------|1355776] -> L:\cByo 1.9.4.0.msi
[22/06/2009 15:50|--a------|24278048] -> L:\dotnetfx.exe
[25/04/2007 07:52|--a------|24392684] -> L:\0919CS.byo
[25/04/2007 07:52|--a------|23821078] -> L:\0929CS.byo
[25/04/2007 07:52|--a------|22752700] -> L:\0939CS.byo
[25/04/2007 07:52|--a------|21557572] -> L:\0949CS.byo
[25/04/2007 07:52|--a------|5328083] -> L:\0959CS.byo
[25/04/2007 07:52|--a------|27637779] -> L:\1929CS.byo
[25/04/2007 07:52|--a------|26030893] -> L:\1939CS.byo
[25/04/2007 07:52|--a------|21269031] -> L:\7819CS.byo
[19/08/2009 21:55|--a------|22016] -> L:\Message pour forum Arsenal.doc
[20/08/2009 23:43|--a------|553687] -> L:\regcleaner_regcleaner_4.3.0.780_francais_10573.exe

################## | Cracks / Keygens / Serials |

################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\philippe\Bureau\UsbFix_Upload_Me_SALLEAMANGER.zip : https://www.androidworld.fr/
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.021 ! |

pjlt

Réponse 47 / 75

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Ok maintenant :

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir

▶ Double clique sur le raccourci UsbFix présent sur ton bureau .

▶ Choisis l'option 3 ( Vaccination )

▶ Laisse travailler l'outil.

▶ Ensuite poste le rapport UsbFix.txt qui apparaîtra.

* Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

ensuite :

▶ Télécharge Combofix de sUBs

▶ et enregistre le sur le Bureau.

▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

▶ Je te conseille d'installer la console de récupération !!

ensuite envois le rapport et refais un nouveau rapport RSIT stp

Réponse 48 / 75

pjlt Messages postés 284 Statut Membre 16

J'ai un problème qui m'inquiète:

Je me suis absenté de mon poste après avoir posté mon dernier message, de retour devant, je constate que le poste est ouvert sur un écran de flashage de BIOS :AsusTek BIOS ROM Easy Flash utility. Ma clé USB est branché.

L'écran me propose de choisir un drive A: B: C: D:

Que faire ?...

pjlt

Réponse 49 / 75

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Aucune idée de ce message...

Essaye de retirer ta clé usb et de redémarrer le PC stp

Réponse 50 / 75

pjlt Messages postés 284 Statut Membre 16

Tu va rigoler !...

Dans la pièce où est mon portable, en marche, écran ouvert, mon chaton a été enfermé.
Il a l'habitute de monter partout et de regarder tout ce qui bouge et qui brille.
Il a du se mettre devant l'écran et appuyer sur les touches. Le hasard a fait que ça à ouvert un utiliatire de flashage du Bios.

J'ai éteind le poste par l'interrupteur, je l'ai rallumé. Tout semble OK;

Désolé pour ce contre temps;

pjlt

Réponse 51 / 75

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Ok lol ^^

As-tu fais ce message ??

Réponse 52 / 75

pjlt Messages postés 284 Statut Membre 16

J'ai fait la vaccination, ci-dessous, le rapport:

############################## | UsbFix V6.021 |

User : philippe () # SALLEAMANGER
Update on 22/08/09 by Chiquitine29
Start at: 22:47:25 | 23/08/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Celeron(R) M CPU 440 @ 1.86GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1229 [VPS 090823-0] 4.8.1229 [ Enabled | Updated ]

C:\ -> Disque fixe local # 24,81 Go (4,03 Go free) # NTFS
D:\ -> Disque fixe local # 10,44 Go (260,05 Mo free) [Disque local] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local # 3 Go (2,66 Go free) [Travail actuel ] # NTFS
G:\ -> Disque fixe local # 6,13 Go (579,69 Mo free) [Nouveau nom] # NTFS
H:\ -> Disque fixe local # 10,78 Go (771,38 Mo free) [Nouveau nom] # NTFS
I:\ -> Disque CD-ROM
J:\ -> Disque fixe local # 17,5 Go (11,7 Go free) [Nouveau nom] # NTFS
L:\ -> Disque amovible # 3,73 Go (1,19 Go free) # FAT32

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# G:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# H:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# J:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# L:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## | ! Fin du rapport # UsbFix V6.021 ! |

Réponse 53 / 75

pjlt Messages postés 284 Statut Membre 16

Ci-dessous, le rapport de Combofix.

ComboFix 09-08-22.06 - philippe 23/08/2009 23:08.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1919.1507 [GMT 2:00]
Running from: c:\documents and settings\philippe\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090823-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. /i

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\philippe\Application Data\wiaserva.log
c:\documents and settings\philippe\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\010112010146120114.xe
c:\windows\0101120101464949.xe
c:\windows\Installer\175fd.msi
c:\windows\ld12.exe
c:\windows\patch.exe
c:\windows\prxid93ps.dat
c:\windows\system32\tmp2.tmp
c:\windows\system32\win.ini

.
((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-09-13 08:46 . 2009-09-13 08:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-23 18:33 . 2009-08-23 20:47 -------- d-----w- C:\UsbFix
2009-08-23 18:13 . 2009-08-23 18:13 -------- d-----w- C:\rsit
2009-08-20 23:54 . 2009-08-20 23:54 -------- d-----w- c:\documents and settings\mariechristine\Application Data\PC Suite
2009-08-20 23:54 . 2009-08-20 23:54 -------- d-----w- c:\documents and settings\mariechristine\Application Data\Nokia
2009-08-20 23:45 . 2009-08-20 23:50 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft
2009-08-20 22:46 . 2009-08-21 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\11544064
2009-08-20 21:45 . 2009-08-20 22:19 -------- d-----w- c:\program files\RegCleaner
2009-08-18 20:19 . 2009-08-18 20:19 148 ----a-w- c:\documents and settings\philippe\delself.bat
2009-08-16 15:54 . 2009-08-18 23:09 -------- d-----w- c:\documents and settings\philippe\Application Data\vlc
2009-08-16 15:52 . 2009-08-16 15:52 -------- d-----w- c:\program files\VideoLAN
2009-07-27 07:33 . 2009-07-27 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-07-27 07:33 . 2009-07-27 07:33 -------- d-----w- c:\program files\Fichiers communs\Nokia
2009-07-27 07:32 . 2009-07-27 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-07-27 07:32 . 2009-07-27 07:34 -------- d-----w- c:\documents and settings\philippe\Application Data\Nokia
2009-07-27 07:31 . 2009-07-27 07:31 -------- d-----w- c:\program files\Fichiers communs\PCSuite
2009-07-27 07:31 . 2009-07-27 07:31 -------- d-----w- c:\program files\DIFX
2009-07-27 07:31 . 2009-07-27 07:32 -------- d-----w- c:\documents and settings\philippe\Application Data\PC Suite
2009-07-27 07:31 . 2009-07-27 07:31 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-27 07:31 . 2007-02-22 08:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcj.sys
2009-07-27 07:31 . 2007-02-22 08:15 8320 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2009-07-27 07:31 . 2007-02-22 08:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2009-07-27 07:31 . 2007-02-22 08:15 137216 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2009-07-27 07:31 . 2007-02-22 08:15 65536 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-07-27 07:31 . 2007-02-22 08:15 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-07-27 07:31 . 2009-07-27 07:33 -------- d-----w- c:\program files\Nokia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-14 13:33 . 2008-09-18 09:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-23 18:29 . 2009-02-09 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 13:35 . 2007-06-16 08:32 -------- d-----w- c:\program files\eMule
2009-08-18 06:55 . 2008-09-24 07:40 -------- d-----w- c:\documents and settings\philippe\Application Data\FileZilla
2009-08-17 12:12 . 2008-12-07 15:20 -------- d-----w- c:\documents and settings\philippe\Application Data\dvdcss
2009-08-03 11:36 . 2008-12-21 09:48 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-12-21 09:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 12:59 . 2009-07-22 12:58 18432 ----a-w- c:\windows\ss3unstl.exe
2009-07-22 12:57 . 2009-07-22 12:58 1173360 ----a-w- c:\windows\system32\Mutin.scr
2009-07-16 14:56 . 2008-10-09 17:56 -------- d-----w- c:\program files\Windows Live
2009-07-08 19:48 . 2009-07-08 19:48 -------- d-----w- c:\documents and settings\philippe\Application Data\Apple Computer
2009-06-28 19:18 . 2008-03-08 07:40 -------- d-----w- c:\program files\OziExplorer
2009-06-13 20:26 . 2009-06-13 20:26 3638 ----a-r- c:\documents and settings\philippe\Application Data\Microsoft\Installer\{E746BFDD-A7EB-4762-9D2A-623143857A1D}\ARPPRODUCTICON.exe
2009-06-03 13:33 . 2007-07-01 06:55 32888 ----a-w- c:\documents and settings\philippe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-12-24 04:37 . 2007-12-24 04:37 8065864 ----a-w- c:\program files\rel_setup_radio365-1.2.exe
2007-12-20 21:24 . 2007-12-20 21:24 194 ----a-w- c:\program files\Lancez TerraExplorer.URL
2007-07-17 16:11 . 2007-07-17 16:11 38 -c--a-w- c:\program files\cd.inf
2007-07-17 16:11 . 2007-07-17 16:11 2195456 ----a-w- c:\program files\@promt Professional 7.8 English Giant.msi
2007-07-16 20:04 . 2007-07-16 20:04 97 ----a-w- c:\program files\Adresse IP.url
2007-07-13 14:50 . 2007-07-13 14:50 201406982 ----a-w- c:\program files\Data.Cab
2004-11-25 19:27 . 2004-11-25 19:27 1822848 ----a-w- c:\program files\instmsiw.exe
2004-11-25 19:25 . 2004-11-25 19:25 1709160 ----a-w- c:\program files\instmsia.exe
2008-08-30 17:28 . 2008-08-30 17:23 24 -csh--w- c:\windows\S261FA506.tmp
2008-04-25 13:45 . 2008-03-24 19:39 56 --sh--r- c:\windows\system32\3A3F5FA976.sys
2008-03-23 22:27 . 2008-03-23 22:27 8 --sh--r- c:\windows\system32\76A95F3F3A.sys
2004-08-19 16:09 . 2004-08-19 16:09 65024 --sha-w- c:\windows\system32\asycfilt.dll
2004-08-19 16:09 . 2004-08-19 16:09 611328 --sha-w- c:\windows\system32\comctl32.dll
2004-08-19 16:09 . 2004-08-19 16:09 1028096 --sha-w- c:\windows\system32\mfc42.dll
2001-10-02 23:20 . 2001-10-02 23:20 57344 --sha-w- c:\windows\system32\mfc42loc.dll
2004-08-19 16:09 . 2004-08-19 16:09 413696 --sha-w- c:\windows\system32\msvcp60.dll
2004-08-19 16:09 . 2004-08-19 16:09 343040 --sha-w- c:\windows\system32\msvcrt.dll
2001-10-02 23:20 . 2001-10-02 23:20 253952 --sha-w- c:\windows\system32\msvcrt20.dll
2004-08-19 16:09 . 2004-08-19 16:09 553472 --sha-w- c:\windows\system32\oleaut32.dll
2004-08-19 16:09 . 2004-08-19 16:09 83456 --sha-w- c:\windows\system32\olepro32.dll
2004-08-19 16:09 . 2004-08-19 16:09 30749 --sha-w- c:\windows\system32\vbajet32.dll
.

------- Sigcheck -------

[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\SoftwareDistribution\Download\507067b70cd6d949aad91fc738213e69\sp2gdr\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\SoftwareDistribution\Download\507067b70cd6d949aad91fc738213e69\sp2qfe\tcpip.sys
[-] 2009-01-19 21:38 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-01-19 21:38 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\TCPIP.SYS

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-29 6731312]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-27 344064]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 295936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-04 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-02 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-16 531272]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-17 16143872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\philippe\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [02/04/2008 13:55 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/04/2008 13:55 20560]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [05/06/2007 20:55 16269]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\drivers\lvce.sys [29/04/2009 10:55 44544]
S3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);c:\windows\system32\drivers\ZD1211BU.sys [05/06/2007 20:55 425472]
S4 L2oiockha;L2oiockha;c:\windows\system32\drivers\pciidex.sys [04/08/2004 00:59 25088]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: secuser.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 23:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-23 23:14
ComboFix-quarantined-files.txt 2009-08-23 21:14
ComboFix2.txt 2008-08-16 19:17

Pre-Run: 4 291 723 264 octets libres
Post-Run: 4 356 468 736 octets libres

173

Réponse 54 / 75

pjlt Messages postés 284 Statut Membre 16

Ci-dessous, le nouveau rapport de RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by philippe at 2009-08-23 23:18:12
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 4 GB (16%) free of 25 GB
Total RAM: 1919 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:14, on 23/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\philippe\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\philippe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Réponse 55 / 75

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Ok... Pour vérifier, fais ceci stp :

▶ Télécharger et enregistrer lopSD sur le Bureau

▶ Double-clic Lop S&D

▶ Faire l'installation

▶ Fermer toutes les applications

▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau

▶ Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

▶ Taper F pour français , puis presser entrée

▶ Taper 1

▶ Presser Entrée

▶ Le PC va redémarrer

* Note : si l'antivirus annonce une infection dans TEMP , l'ignorer

▶ Attendre l'apparition du rapport

▶ Copier le rapport et le coller dans la réponse

* le rapport se trouve aussi à C:\lopR

Réponse 56 / 75

pjlt Messages postés 284 Statut Membre 16

Ci-dessous, le rapport lopSD

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M CPU 440 @ 1.86GHz )
BIOS : Default System BIOS
USER : philippe ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 090823-0] 4.8.1229 (Not Activated)
C:\ (Local Disk) - NTFS - Total:24 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:3 Go (Free:2 Go)
G:\ (Local Disk) - NTFS - Total:6 Go (Free:0 Go)
H:\ (Local Disk) - NTFS - Total:10 Go (Free:0 Go)
I:\ (CD or DVD)
J:\ (Local Disk) - NTFS - Total:17 Go (Free:11 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 23/08/2009|23:33 )

--------------------\\ Listing des dossiers dans APPLIC~1

[21/08/2009|01:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[21/08/2009|02:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\11544064
[22/01/2009|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[01/06/2009|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apowersoft
[04/10/2007|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[04/10/2007|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/06/2009|14:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[25/04/2008|19:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[18/12/2008|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
[04/11/2008|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[09/08/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[29/06/2007|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[24/03/2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[21/12/2008|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[20/07/2009|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[04/12/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[23/03/2009|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[27/07/2009|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[20/03/2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PanaVue
[27/07/2009|09:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[10/02/2009|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[04/11/2008|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
[11/07/2008|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[29/06/2007|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro
[14/08/2008|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/10/2008|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[14/09/2008|14:32] C:\DOCUME~1\BENEDI~1\APPLIC~1\Adobe
[19/03/2008|14:22] C:\DOCUME~1\BENEDI~1\APPLIC~1\Google
[01/07/2007|19:06] C:\DOCUME~1\BENEDI~1\APPLIC~1\Identities
[01/07/2007|19:08] C:\DOCUME~1\BENEDI~1\APPLIC~1\Macromedia
[23/03/2008|23:53] C:\DOCUME~1\BENEDI~1\APPLIC~1\Microsoft
[31/10/2007|12:00] C:\DOCUME~1\BENEDI~1\APPLIC~1\Mozilla
[01/07/2007|19:07] C:\DOCUME~1\BENEDI~1\APPLIC~1\MSNInstaller
[16/07/2008|14:30] C:\DOCUME~1\BENEDI~1\APPLIC~1\Real
[04/01/2008|17:30] C:\DOCUME~1\BENEDI~1\APPLIC~1\Sun
[01/07/2007|20:03] C:\DOCUME~1\BENEDI~1\APPLIC~1\VadeRetro
[29/06/2008|17:00] C:\DOCUME~1\BENEDI~1\APPLIC~1\WinRAR

[05/06/2007|20:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[05/06/2007|20:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[07/01/2008|09:57] C:\DOCUME~1\MARIEC~1\APPLIC~1\Adobe
[13/08/2008|20:46] C:\DOCUME~1\MARIEC~1\APPLIC~1\Corel
[27/03/2008|08:22] C:\DOCUME~1\MARIEC~1\APPLIC~1\Google
[06/06/2007|14:38] C:\DOCUME~1\MARIEC~1\APPLIC~1\Identities
[14/08/2007|11:16] C:\DOCUME~1\MARIEC~1\APPLIC~1\Macromedia
[21/08/2009|01:55] C:\DOCUME~1\MARIEC~1\APPLIC~1\Microsoft
[31/01/2009|13:57] C:\DOCUME~1\MARIEC~1\APPLIC~1\Mozilla
[11/02/2009|12:25] C:\DOCUME~1\MARIEC~1\APPLIC~1\NCH Swift Sound
[21/08/2009|01:54] C:\DOCUME~1\MARIEC~1\APPLIC~1\Nokia
[21/08/2009|01:54] C:\DOCUME~1\MARIEC~1\APPLIC~1\PC Suite
[27/03/2008|08:21] C:\DOCUME~1\MARIEC~1\APPLIC~1\Real
[04/12/2007|15:40] C:\DOCUME~1\MARIEC~1\APPLIC~1\VadeRetro

[05/06/2007|20:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[16/12/2008|13:11] C:\DOCUME~1\philippe\APPLIC~1\Adobe
[08/07/2009|21:48] C:\DOCUME~1\philippe\APPLIC~1\Apple Computer
[05/04/2009|22:38] C:\DOCUME~1\philippe\APPLIC~1\Autodesk
[30/08/2008|20:38] C:\DOCUME~1\philippe\APPLIC~1\cByo
[04/06/2009|13:49] C:\DOCUME~1\philippe\APPLIC~1\convertisseur
[25/04/2008|19:48] C:\DOCUME~1\philippe\APPLIC~1\Corel
[18/12/2008|16:39] C:\DOCUME~1\philippe\APPLIC~1\DAEMON Tools
[18/12/2008|16:28] C:\DOCUME~1\philippe\APPLIC~1\DAEMON Tools Lite
[18/12/2008|16:39] C:\DOCUME~1\philippe\APPLIC~1\DAEMON Tools Pro
[04/11/2008|10:36] C:\DOCUME~1\philippe\APPLIC~1\DeepBurner
[17/08/2009|14:12] C:\DOCUME~1\philippe\APPLIC~1\dvdcss
[18/08/2009|08:55] C:\DOCUME~1\philippe\APPLIC~1\FileZilla
[30/11/2007|23:13] C:\DOCUME~1\philippe\APPLIC~1\Gajim
[01/05/2008|12:39] C:\DOCUME~1\philippe\APPLIC~1\Google
[08/08/2008|12:41] C:\DOCUME~1\philippe\APPLIC~1\gtk-2.0
[01/12/2007|21:43] C:\DOCUME~1\philippe\APPLIC~1\Help
[09/12/2007|20:30] C:\DOCUME~1\philippe\APPLIC~1\Identities
[27/08/2007|19:22] C:\DOCUME~1\philippe\APPLIC~1\InstallShield
[24/03/2008|10:24] C:\DOCUME~1\philippe\APPLIC~1\Leadertech
[05/06/2007|21:41] C:\DOCUME~1\philippe\APPLIC~1\Macromedia
[21/12/2008|11:48] C:\DOCUME~1\philippe\APPLIC~1\Malwarebytes
[13/06/2009|22:26] C:\DOCUME~1\philippe\APPLIC~1\Microsoft
[01/02/2009|21:32] C:\DOCUME~1\philippe\APPLIC~1\Mozilla
[04/12/2008|14:50] C:\DOCUME~1\philippe\APPLIC~1\NCH Swift Sound
[27/07/2009|09:34] C:\DOCUME~1\philippe\APPLIC~1\Nokia
[30/11/2007|23:12] C:\DOCUME~1\philippe\APPLIC~1\OpenOffice.org2
[27/07/2009|09:32] C:\DOCUME~1\philippe\APPLIC~1\PC Suite
[26/04/2009|15:37] C:\DOCUME~1\philippe\APPLIC~1\Sibelius Software
[02/11/2007|11:19] C:\DOCUME~1\philippe\APPLIC~1\Sun
[16/11/2008|07:23] C:\DOCUME~1\philippe\APPLIC~1\Thunderbird
[29/06/2007|19:41] C:\DOCUME~1\philippe\APPLIC~1\VadeRetro
[19/08/2009|01:09] C:\DOCUME~1\philippe\APPLIC~1\vlc
[23/12/2007|21:57] C:\DOCUME~1\philippe\APPLIC~1\WinRAR

[25/01/2008|23:04] C:\DOCUME~1\VERONI~1\APPLIC~1\Adobe
[18/10/2008|17:11] C:\DOCUME~1\VERONI~1\APPLIC~1\Corel
[14/05/2008|18:51] C:\DOCUME~1\VERONI~1\APPLIC~1\Google
[17/06/2007|20:34] C:\DOCUME~1\VERONI~1\APPLIC~1\Identities
[17/06/2007|20:35] C:\DOCUME~1\VERONI~1\APPLIC~1\Macromedia
[14/04/2008|18:05] C:\DOCUME~1\VERONI~1\APPLIC~1\Microsoft
[26/12/2007|11:33] C:\DOCUME~1\VERONI~1\APPLIC~1\Mozilla
[17/03/2008|09:31] C:\DOCUME~1\VERONI~1\APPLIC~1\Real

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[23/08/2009 23:14][--ah-----] C:\WINDOWS\tasks\SA.DAT
[03/10/2001 01:20][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[09/12/2008|20:02] C:\Program Files\AC3Filter
[22/01/2009|16:14] C:\Program Files\Adobe
[03/06/2009|14:51] C:\Program Files\AIDA32 - Personal System Information
[05/06/2007|21:20] C:\Program Files\Alwil Software
[16/12/2008|13:09] C:\Program Files\Ashampoo
[16/12/2008|13:11] C:\Program Files\Astonsoft
[05/06/2007|20:54] C:\Program Files\ASUS
[09/06/2007|09:02] C:\Program Files\ATI Technologies
[03/06/2009|14:53] C:\Program Files\AutoCAD 2005
[02/11/2008|18:58] C:\Program Files\AviSynth 2.5
[02/01/2008|13:47] C:\Program Files\Axis Communications
[09/12/2008|21:12] C:\Program Files\Axon Data
[05/09/2008|14:46] C:\Program Files\CartoExploreur
[21/06/2009|16:07] C:\Program Files\cByo
[05/06/2007|20:37] C:\Program Files\ComPlus Applications
[09/08/2008|09:16] C:\Program Files\Conduit
[04/06/2009|13:46] C:\Program Files\Convertisseur
[25/04/2008|19:44] C:\Program Files\Corel
[18/12/2008|16:33] C:\Program Files\DAEMON Tools Lite
[10/02/2009|21:54] C:\Program Files\DAEMON Tools Toolbar
[27/07/2009|09:31] C:\Program Files\DIFX
[03/06/2009|14:56] C:\Program Files\DivX
[16/03/2009|22:56] C:\Program Files\Dptech
[04/11/2008|21:54] C:\Program Files\DVD Decrypter
[18/08/2009|15:35] C:\Program Files\eMule
[02/10/2008|12:29] C:\Program Files\EPSON
[22/01/2009|16:08] C:\Program Files\ffdshow
[23/08/2009|23:11] C:\Program Files\Fichiers communs
[11/11/2008|19:02] C:\Program Files\FileZilla FTP Client
[16/06/2007|21:22] C:\Program Files\Free Mp3 Wma Converter_CD Ripper_Audio Cutter
[30/11/2007|23:13] C:\Program Files\Gajim
[08/06/2009|00:03] C:\Program Files\GlobalMapper9
[07/12/2008|17:24] C:\Program Files\GNU
[09/08/2008|09:16] C:\Program Files\Google
[29/06/2007|19:40] C:\Program Files\Goto Software
[25/06/2007|21:16] C:\Program Files\Graphex3
[10/02/2009|21:55] C:\Program Files\GRETECH
[05/06/2007|21:57] C:\Program Files\Grisoft
[22/01/2009|08:56] C:\Program Files\GSpot
[06/01/2008|00:26] C:\Program Files\IGN Rando
[29/04/2009|09:00] C:\Program Files\InstallShield Installation Information
[09/02/2009|23:23] C:\Program Files\Internet Explorer
[09/02/2009|23:23] C:\Program Files\IZArc
[02/12/2008|08:31] C:\Program Files\Java
[08/03/2008|20:00] C:\Program Files\License
[09/02/2009|23:29] C:\Program Files\LitexMedia
[24/12/2007|06:38] C:\Program Files\Live365
[23/08/2009|20:29] C:\Program Files\Malwarebytes' Anti-Malware
[05/06/2007|20:36] C:\Program Files\Messenger
[08/02/2009|22:44] C:\Program Files\Micro Application
[26/08/2007|21:43] C:\Program Files\Microsoft ActiveSync
[05/06/2007|20:41] C:\Program Files\microsoft frontpage
[06/06/2007|07:17] C:\Program Files\Microsoft Office
[14/09/2009|15:33] C:\Program Files\Microsoft Silverlight
[09/06/2007|09:17] C:\Program Files\Motorola
[05/06/2007|20:38] C:\Program Files\Movie Maker
[09/02/2009|23:29] C:\Program Files\Mozilla Firefox
[10/02/2009|21:56] C:\Program Files\Mozilla Thunderbird
[01/07/2007|19:06] C:\Program Files\MSN
[05/06/2007|20:36] C:\Program Files\MSN Gaming Zone
[09/10/2008|20:06] C:\Program Files\MSN Messenger
[16/07/2008|21:57] C:\Program Files\MSXML 4.0
[27/08/2007|19:23] C:\Program Files\Navman
[09/02/2009|23:21] C:\Program Files\NCH Software
[16/12/2008|13:12] C:\Program Files\NCH Swift Sound
[05/06/2007|20:38] C:\Program Files\NetMeeting
[27/07/2009|09:33] C:\Program Files\Nokia
[13/06/2009|22:25] C:\Program Files\Nyditot
[05/06/2007|20:37] C:\Program Files\Online Services
[25/11/2007|22:52] C:\Program Files\OpenOffice.org 2.3
[05/06/2007|20:38] C:\Program Files\Outlook Express
[28/06/2009|21:18] C:\Program Files\OziExplorer
[10/03/2008|14:26] C:\Program Files\Panasonic
[20/03/2008|13:19] C:\Program Files\PanaVue
[27/07/2009|09:31] C:\Program Files\PC Connectivity Solution
[03/06/2008|16:47] C:\Program Files\PC Wizard 2007
[27/01/2009|23:43] C:\Program Files\PDFCreator
[14/08/2007|19:37] C:\Program Files\PowerQuest
[04/10/2007|22:11] C:\Program Files\QuickTime
[09/02/2009|23:28] C:\Program Files\Realtek
[08/03/2008|20:00] C:\Program Files\Redist
[21/08/2009|00:19] C:\Program Files\RegCleaner
[05/06/2007|20:39] C:\Program Files\Services en ligne
[26/04/2009|15:37] C:\Program Files\Sibelius Software
[16/12/2008|13:08] C:\Program Files\SlySoft
[09/08/2008|09:16] C:\Program Files\torrent_search
[16/08/2008|17:44] C:\Program Files\Trend Micro
[05/04/2009|22:41] C:\Program Files\Uninstall Information
[16/08/2009|17:52] C:\Program Files\VideoLAN
[22/01/2009|16:38] C:\Program Files\VirtualDub
[23/01/2009|18:52] C:\Program Files\WinAVI Video Converter
[23/01/2009|21:43] C:\Program Files\WinAVI VideoConverter
[16/07/2009|16:56] C:\Program Files\Windows Live
[29/04/2009|10:55] C:\Program Files\Windows Media Components
[20/01/2009|22:18] C:\Program Files\Windows Media Connect 2
[20/01/2009|22:18] C:\Program Files\Windows Media Player
[05/06/2007|20:36] C:\Program Files\Windows NT
[05/06/2007|20:39] C:\Program Files\WindowsUpdate
[23/12/2007|21:56] C:\Program Files\WinRAR
[05/06/2007|20:41] C:\Program Files\xerox
[01/06/2009|13:14] C:\Program Files\Xilisoft
[01/12/2008|18:28] C:\Program Files\Xvid
[16/12/2008|13:17] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[22/01/2009|16:15] C:\Program Files\Fichiers communs\Adobe
[25/04/2008|19:45] C:\Program Files\Fichiers communs\Corel
[03/06/2009|14:53] C:\Program Files\Fichiers communs\Designer
[24/03/2008|21:36] C:\Program Files\Fichiers communs\InstallShield
[02/11/2007|11:10] C:\Program Files\Fichiers communs\Java
[29/04/2009|10:56] C:\Program Files\Fichiers communs\Logitech
[16/12/2008|13:15] C:\Program Files\Fichiers communs\Microsoft Shared
[05/06/2007|20:38] C:\Program Files\Fichiers communs\MSSoap
[27/07/2009|09:33] C:\Program Files\Fichiers communs\Nokia
[05/06/2007|22:26] C:\Program Files\Fichiers communs\ODBC
[27/07/2009|09:31] C:\Program Files\Fichiers communs\PCSuite
[01/12/2008|07:34] C:\Program Files\Fichiers communs\Real
[05/06/2007|20:38] C:\Program Files\Fichiers communs\Services
[05/06/2007|22:26] C:\Program Files\Fichiers communs\SpeechEngines
[06/06/2007|07:17] C:\Program Files\Fichiers communs\System
[09/10/2008|20:02] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 39 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\philippe\Cookies\philippe@advertising[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 23:34:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:1][D:1]-> C:\DOCUME~1\philippe\LOCALS~1\Temp
[F:59][D:0]-> C:\DOCUME~1\philippe\Cookies
[F:9][D:4]-> C:\DOCUME~1\philippe\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 23/08/2009|23:35 - Option : [1]

--------------------\\ Fin du rapport a 23:35:18

Réponse 57 / 75

pjlt Messages postés 284 Statut Membre 16

Ci-dessous, le rapport lopSD

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M CPU 440 @ 1.86GHz )
BIOS : Default System BIOS
USER : philippe ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 090823-0] 4.8.1229 (Not Activated)
C:\ (Local Disk) - NTFS - Total:24 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:3 Go (Free:2 Go)
G:\ (Local Disk) - NTFS - Total:6 Go (Free:0 Go)
H:\ (Local Disk) - NTFS - Total:10 Go (Free:0 Go)
I:\ (CD or DVD)
J:\ (Local Disk) - NTFS - Total:17 Go (Free:11 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 23/08/2009|23:33 )

--------------------\\ Listing des dossiers dans APPLIC~1

[21/08/2009|01:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[21/08/2009|02:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\11544064
[22/01/2009|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[01/06/2009|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apowersoft
[04/10/2007|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[04/10/2007|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/06/2009|14:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[25/04/2008|19:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[18/12/2008|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
[04/11/2008|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[09/08/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[29/06/2007|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[24/03/2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[21/12/2008|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[20/07/2009|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[04/12/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[23/03/2009|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[27/07/2009|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[20/03/2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PanaVue
[27/07/2009|09:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[10/02/2009|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[04/11/2008|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
[11/07/2008|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[29/06/2007|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro
[14/08/2008|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/10/2008|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[14/09/2008|14:32] C:\DOCUME~1\BENEDI~1\APPLIC~1\Adobe
[19/03/2008|14:22] C:\DOCUME~1\BENEDI~1\APPLIC~1\Google
[01/07/2007|19:06] C:\DOCUME~1\BENEDI~1\APPLIC~1\Identities
[01/07/2007|19:08] C:\DOCUME~1\BENEDI~1\APPLIC~1\Macromedia
[23/03/2008|23:53] C:\DOCUME~1\BENEDI~1\APPLIC~1\Microsoft
[31/10/2007|12:00] C:\DOCUME~1\BENEDI~1\APPLIC~1\Mozilla
[01/07/2007|19:07] C:\DOCUME~1\BENEDI~1\APPLIC~1\MSNInstaller
[16/07/2008|14:30] C:\DOCUME~1\BENEDI~1\APPLIC~1\Real
[04/01/2008|17:30] C:\DOCUME~1\BENEDI~1\APPLIC~1\Sun
[01/07/2007|20:03] C:\DOCUME~1\BENEDI~1\APPLIC~1\VadeRetro
[29/06/2008|17:00] C:\DOCUME~1\BENEDI~1\APPLIC~1\WinRAR

[05/06/2007|20:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[05/06/2007|20:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[07/01/2008|09:57] C:\DOCUME~1\MARIEC~1\APPLIC~1\Adobe
[13/08/2008|20:46] C:\DOCUME~1\MARIEC~1\APPLIC~1\Corel
[27/03/2008|08:22] C:\DOCUME~1\MARIEC~1\APPLIC~1\Google
[06/06/2007|14:38] C:\DOCUME~1\MARIEC~1\APPLIC~1\Identities
[14/08/2007|11:16] C:\DOCUME~1\MARIEC~1\APPLIC~1\Macromedia
[21/08/2009|01:55] C:\DOCUME~1\MARIEC~1\APPLIC~1\Microsoft
[31/01/2009|13:57] C:\DOCUME~1\MARIEC~1\APPLIC~1\Mozilla
[11/02/2009|12:25] C:\DOCUME~1\MARIEC~1\APPLIC~1\NCH Swift Sound
[21/08/2009|01:54] C:\DOCUME~1\MARIEC~1\APPLIC~1\Nokia
[21/08/2009|01:54] C:\DOCUME~1\MARIEC~1\APPLIC~1\PC Suite
[27/03/2008|08:21] C:\DOCUME~1\MARIEC~1\APPLIC~1\Real
[04/12/2007|15:40] C:\DOCUME~1\MARIEC~1\APPLIC~1\VadeRetro

[05/06/2007|20:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[16/12/2008|13:11] C:\DOCUME~1\philippe\APPLIC~1\Adobe
[08/07/2009|21:48] C:\DOCUME~1\philippe\APPLIC~1\Apple Computer
[05/04/2009|22:38] C:\DOCUME~1\philippe\APPLIC~1\Autodesk
[30/08/2008|20:38] C:\DOCUME~1\philippe\APPLIC~1\cByo
[04/06/2009|13:49] C:\DOCUME~1\philippe\APPLIC~1\convertisseur
[25/04/2008|19:48] C:\DOCUME~1\philippe\APPLIC~1\Corel
[18/12/2008|16:39] C:\DOCUME~1\philippe\APPLIC~1\DAEMON Tools
[18/12/2008|16:28] C:\DOCUME~1\philippe\APPLIC~1\DAEMON Tools Lite
[18/12/2008|16:39] C:\DOCUME~1\philippe\APPLIC~1\DAEMON Tools Pro
[04/11/2008|10:36] C:\DOCUME~1\philippe\APPLIC~1\DeepBurner
[17/08/2009|14:12] C:\DOCUME~1\philippe\APPLIC~1\dvdcss
[18/08/2009|08:55] C:\DOCUME~1\philippe\APPLIC~1\FileZilla
[30/11/2007|23:13] C:\DOCUME~1\philippe\APPLIC~1\Gajim
[01/05/2008|12:39] C:\DOCUME~1\philippe\APPLIC~1\Google
[08/08/2008|12:41] C:\DOCUME~1\philippe\APPLIC~1\gtk-2.0
[01/12/2007|21:43] C:\DOCUME~1\philippe\APPLIC~1\Help
[09/12/2007|20:30] C:\DOCUME~1\philippe\APPLIC~1\Identities
[27/08/2007|19:22] C:\DOCUME~1\philippe\APPLIC~1\InstallShield
[24/03/2008|10:24] C:\DOCUME~1\philippe\APPLIC~1\Leadertech
[05/06/2007|21:41] C:\DOCUME~1\philippe\APPLIC~1\Macromedia
[21/12/2008|11:48] C:\DOCUME~1\philippe\APPLIC~1\Malwarebytes
[13/06/2009|22:26] C:\DOCUME~1\philippe\APPLIC~1\Microsoft
[01/02/2009|21:32] C:\DOCUME~1\philippe\APPLIC~1\Mozilla
[04/12/2008|14:50] C:\DOCUME~1\philippe\APPLIC~1\NCH Swift Sound
[27/07/2009|09:34] C:\DOCUME~1\philippe\APPLIC~1\Nokia
[30/11/2007|23:12] C:\DOCUME~1\philippe\APPLIC~1\OpenOffice.org2
[27/07/2009|09:32] C:\DOCUME~1\philippe\APPLIC~1\PC Suite
[26/04/2009|15:37] C:\DOCUME~1\philippe\APPLIC~1\Sibelius Software
[02/11/2007|11:19] C:\DOCUME~1\philippe\APPLIC~1\Sun
[16/11/2008|07:23] C:\DOCUME~1\philippe\APPLIC~1\Thunderbird
[29/06/2007|19:41] C:\DOCUME~1\philippe\APPLIC~1\VadeRetro
[19/08/2009|01:09] C:\DOCUME~1\philippe\APPLIC~1\vlc
[23/12/2007|21:57] C:\DOCUME~1\philippe\APPLIC~1\WinRAR

[25/01/2008|23:04] C:\DOCUME~1\VERONI~1\APPLIC~1\Adobe
[18/10/2008|17:11] C:\DOCUME~1\VERONI~1\APPLIC~1\Corel
[14/05/2008|18:51] C:\DOCUME~1\VERONI~1\APPLIC~1\Google
[17/06/2007|20:34] C:\DOCUME~1\VERONI~1\APPLIC~1\Identities
[17/06/2007|20:35] C:\DOCUME~1\VERONI~1\APPLIC~1\Macromedia
[14/04/2008|18:05] C:\DOCUME~1\VERONI~1\APPLIC~1\Microsoft
[26/12/2007|11:33] C:\DOCUME~1\VERONI~1\APPLIC~1\Mozilla
[17/03/2008|09:31] C:\DOCUME~1\VERONI~1\APPLIC~1\Real

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[23/08/2009 23:14][--ah-----] C:\WINDOWS\tasks\SA.DAT
[03/10/2001 01:20][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[09/12/2008|20:02] C:\Program Files\AC3Filter
[22/01/2009|16:14] C:\Program Files\Adobe
[03/06/2009|14:51] C:\Program Files\AIDA32 - Personal System Information
[05/06/2007|21:20] C:\Program Files\Alwil Software
[16/12/2008|13:09] C:\Program Files\Ashampoo
[16/12/2008|13:11] C:\Program Files\Astonsoft
[05/06/2007|20:54] C:\Program Files\ASUS
[09/06/2007|09:02] C:\Program Files\ATI Technologies
[03/06/2009|14:53] C:\Program Files\AutoCAD 2005
[02/11/2008|18:58] C:\Program Files\AviSynth 2.5
[02/01/2008|13:47] C:\Program Files\Axis Communications
[09/12/2008|21:12] C:\Program Files\Axon Data
[05/09/2008|14:46] C:\Program Files\CartoExploreur
[21/06/2009|16:07] C:\Program Files\cByo
[05/06/2007|20:37] C:\Program Files\ComPlus Applications
[09/08/2008|09:16] C:\Program Files\Conduit
[04/06/2009|13:46] C:\Program Files\Convertisseur
[25/04/2008|19:44] C:\Program Files\Corel
[18/12/2008|16:33] C:\Program Files\DAEMON Tools Lite
[10/02/2009|21:54] C:\Program Files\DAEMON Tools Toolbar
[27/07/2009|09:31] C:\Program Files\DIFX
[03/06/2009|14:56] C:\Program Files\DivX
[16/03/2009|22:56] C:\Program Files\Dptech
[04/11/2008|21:54] C:\Program Files\DVD Decrypter
[18/08/2009|15:35] C:\Program Files\eMule
[02/10/2008|12:29] C:\Program Files\EPSON
[22/01/2009|16:08] C:\Program Files\ffdshow
[23/08/2009|23:11] C:\Program Files\Fichiers communs
[11/11/2008|19:02] C:\Program Files\FileZilla FTP Client
[16/06/2007|21:22] C:\Program Files\Free Mp3 Wma Converter_CD Ripper_Audio Cutter
[30/11/2007|23:13] C:\Program Files\Gajim
[08/06/2009|00:03] C:\Program Files\GlobalMapper9
[07/12/2008|17:24] C:\Program Files\GNU
[09/08/2008|09:16] C:\Program Files\Google
[29/06/2007|19:40] C:\Program Files\Goto Software
[25/06/2007|21:16] C:\Program Files\Graphex3
[10/02/2009|21:55] C:\Program Files\GRETECH
[05/06/2007|21:57] C:\Program Files\Grisoft
[22/01/2009|08:56] C:\Program Files\GSpot
[06/01/2008|00:26] C:\Program Files\IGN Rando
[29/04/2009|09:00] C:\Program Files\InstallShield Installation Information
[09/02/2009|23:23] C:\Program Files\Internet Explorer
[09/02/2009|23:23] C:\Program Files\IZArc
[02/12/2008|08:31] C:\Program Files\Java
[08/03/2008|20:00] C:\Program Files\License
[09/02/2009|23:29] C:\Program Files\LitexMedia
[24/12/2007|06:38] C:\Program Files\Live365
[23/08/2009|20:29] C:\Program Files\Malwarebytes' Anti-Malware
[05/06/2007|20:36] C:\Program Files\Messenger
[08/02/2009|22:44] C:\Program Files\Micro Application
[26/08/2007|21:43] C:\Program Files\Microsoft ActiveSync
[05/06/2007|20:41] C:\Program Files\microsoft frontpage
[06/06/2007|07:17] C:\Program Files\Microsoft Office
[14/09/2009|15:33] C:\Program Files\Microsoft Silverlight
[09/06/2007|09:17] C:\Program Files\Motorola
[05/06/2007|20:38] C:\Program Files\Movie Maker
[09/02/2009|23:29] C:\Program Files\Mozilla Firefox
[10/02/2009|21:56] C:\Program Files\Mozilla Thunderbird
[01/07/2007|19:06] C:\Program Files\MSN
[05/06/2007|20:36] C:\Program Files\MSN Gaming Zone
[09/10/2008|20:06] C:\Program Files\MSN Messenger
[16/07/2008|21:57] C:\Program Files\MSXML 4.0
[27/08/2007|19:23] C:\Program Files\Navman
[09/02/2009|23:21] C:\Program Files\NCH Software
[16/12/2008|13:12] C:\Program Files\NCH Swift Sound
[05/06/2007|20:38] C:\Program Files\NetMeeting
[27/07/2009|09:33] C:\Program Files\Nokia
[13/06/2009|22:25] C:\Program Files\Nyditot
[05/06/2007|20:37] C:\Program Files\Online Services
[25/11/2007|22:52] C:\Program Files\OpenOffice.org 2.3
[05/06/2007|20:38] C:\Program Files\Outlook Express
[28/06/2009|21:18] C:\Program Files\OziExplorer
[10/03/2008|14:26] C:\Program Files\Panasonic
[20/03/2008|13:19] C:\Program Files\PanaVue
[27/07/2009|09:31] C:\Program Files\PC Connectivity Solution
[03/06/2008|16:47] C:\Program Files\PC Wizard 2007
[27/01/2009|23:43] C:\Program Files\PDFCreator
[14/08/2007|19:37] C:\Program Files\PowerQuest
[04/10/2007|22:11] C:\Program Files\QuickTime
[09/02/2009|23:28] C:\Program Files\Realtek
[08/03/2008|20:00] C:\Program Files\Redist
[21/08/2009|00:19] C:\Program Files\RegCleaner
[05/06/2007|20:39] C:\Program Files\Services en ligne
[26/04/2009|15:37] C:\Program Files\Sibelius Software
[16/12/2008|13:08] C:\Program Files\SlySoft
[09/08/2008|09:16] C:\Program Files\torrent_search
[16/08/2008|17:44] C:\Program Files\Trend Micro
[05/04/2009|22:41] C:\Program Files\Uninstall Information
[16/08/2009|17:52] C:\Program Files\VideoLAN
[22/01/2009|16:38] C:\Program Files\VirtualDub
[23/01/2009|18:52] C:\Program Files\WinAVI Video Converter
[23/01/2009|21:43] C:\Program Files\WinAVI VideoConverter
[16/07/2009|16:56] C:\Program Files\Windows Live
[29/04/2009|10:55] C:\Program Files\Windows Media Components
[20/01/2009|22:18] C:\Program Files\Windows Media Connect 2
[20/01/2009|22:18] C:\Program Files\Windows Media Player
[05/06/2007|20:36] C:\Program Files\Windows NT
[05/06/2007|20:39] C:\Program Files\WindowsUpdate
[23/12/2007|21:56] C:\Program Files\WinRAR
[05/06/2007|20:41] C:\Program Files\xerox
[01/06/2009|13:14] C:\Program Files\Xilisoft
[01/12/2008|18:28] C:\Program Files\Xvid
[16/12/2008|13:17] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[22/01/2009|16:15] C:\Program Files\Fichiers communs\Adobe
[25/04/2008|19:45] C:\Program Files\Fichiers communs\Corel
[03/06/2009|14:53] C:\Program Files\Fichiers communs\Designer
[24/03/2008|21:36] C:\Program Files\Fichiers communs\InstallShield
[02/11/2007|11:10] C:\Program Files\Fichiers communs\Java
[29/04/2009|10:56] C:\Program Files\Fichiers communs\Logitech
[16/12/2008|13:15] C:\Program Files\Fichiers communs\Microsoft Shared
[05/06/2007|20:38] C:\Program Files\Fichiers communs\MSSoap
[27/07/2009|09:33] C:\Program Files\Fichiers communs\Nokia
[05/06/2007|22:26] C:\Program Files\Fichiers communs\ODBC
[27/07/2009|09:31] C:\Program Files\Fichiers communs\PCSuite
[01/12/2008|07:34] C:\Program Files\Fichiers communs\Real
[05/06/2007|20:38] C:\Program Files\Fichiers communs\Services
[05/06/2007|22:26] C:\Program Files\Fichiers communs\SpeechEngines
[06/06/2007|07:17] C:\Program Files\Fichiers communs\System
[09/10/2008|20:02] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 39 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\philippe\Cookies\philippe@advertising[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 23:34:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:1][D:1]-> C:\DOCUME~1\philippe\LOCALS~1\Temp
[F:59][D:0]-> C:\DOCUME~1\philippe\Cookies
[F:9][D:4]-> C:\DOCUME~1\philippe\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 23/08/2009|23:35 - Option : [1]

--------------------\\ Fin du rapport a 23:35:18

Réponse 58 / 75

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

▶ Relance Lop S&D

▶ Choisis cette fois-ci l'option 2 (Suppression)

▶ Ne ferme pas la fenêtre lors de la suppression !

▶ Poste le rapport généré (C:\lopR.txt)

* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

et ensuite refais un nouveau rapport hijackthis stp

Réponse 59 / 75

pjlt Messages postés 284 Statut Membre 16

Il faut absolument que je quitte pour ce soir;

On peut reprendre demain ?

Merci beaucoup pour l'aide

pjlt

Réponse 60 / 75

geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10

Oui y a pas de soucis, j'allais aussi quitter le PC^^

Bonne fin de soirée @+

Suppression d'un fichier corrompu ds System32

75 réponses

Votre réponse

Discussions similaires

Newsletters