Sujet Précédent Sujet Suivant

CHEVAL DE TROIE

GOUPIL59000 -  
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,

HELP ME ! j'ai un gros probleme avec un cheval de troie !
quelle démarche faut il suivre pour pourvoir l'éliminer ?

Aider moi au plus vite il est entraie de tous me supprimer sur mon pc ! GRRR !

Merci pour tous !

12 réponses

Réponse 1 / 12
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour

● Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

● Double-clique sur RSIT.exe afin de lancer RSIT.

● Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

● Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

● Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

● Poste le contenu de log.txt

0
GOUPIL59000
 
Voila le log.txt ,

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrateur at 2009-09-17 18:54:48
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 57 GB (39%) free of 147 GB
Total RAM: 511 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:08, on 17/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\hp_administrateur\local settings\application data\cpeaobqm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku117.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Sukoku\sukoku.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\HP_Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\HP_Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.4.3.1040\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] c:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cpeaobqm] "c:\documents and settings\hp_administrateur\local settings\application data\cpeaobqm.exe" cpeaobqm
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.lanson.net/svideo3.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sukoku Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku117.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
0
Réponse 2 / 12
ep44 Messages postés 7432 Statut Contributeur 3
 
Ok plusieurs infections sur ton PC

nous allons y aller par étapes

premièrement

Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le Bureau.

● Double-clique sur Navilog1.exe afin de lancer l'installation.

● Si le fix ne se lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.

● Appuie sur F ou f puis valide par Entrée.

● Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.

● Choisis l' option 1 et appuie sur la touche Entrée pour valider ton choix.

● Patiente jusqu'au message : *** Analyse terminée le ..... ***

● Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.

● Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.


0
GOUPIL59000
 
mince! le lien que tu m'as envoyé est mort!
0
Réponse 3 / 12
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour, excuse pour lr lien

voici
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

@+
0
GOUPIL59000
 
voila voila!

Fix Navipromo version 4.0.2 commencé le 18/09/2009 15:08:30,35

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 27.08.2009 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 02/16/05 16:07:13 Ver: 08.00.10
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090917-0] 4.8.1335 (Activated)


C:\ (Local Disk) - NTFS - Total:143 Go (Free:56 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


c:\docume~1\alluse~1\applic~1\Games-Attack supprimé !
c:\docume~1\hp_adm~1\locals~1\applic~1\cpeaobqm.exe supprimé !
c:\docume~1\hp_adm~1\locals~1\applic~1\cpeaobqm.dat supprimé !
c:\docume~1\hp_adm~1\locals~1\applic~1\cpeaobqm_nav.dat supprimé !
c:\docume~1\hp_adm~1\locals~1\applic~1\cpeaobqm_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\HP_Administrateur\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !




*** Scan terminé 18/09/2009 15:21:32,76 ***
0
Réponse 4 / 12
ep44 Messages postés 7432 Statut Contributeur 3
 
ok pour la suite

* Téléchargez Combofix depuis l'un des liens ci-dessous:

Lien 1
Lien 2

* IMPORTANT !!! Enregistrez ComboFix.exe sur votre Bureau

* Désactivez vos applications antivirus et anti-spyware, en général via un clic droit sur l'icône de la Zone de notification. Sinon, elles risquent d'interférer avec nos outils

* Faites un double clic sur combofix.exe & suivez les invites.

* Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles. Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

* Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.

**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Réduction à 95% de la taille originale [ 536 x 154 ]

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, vous devriez voir le message suivant:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Cliquez sur Oui/Yes, pour poursuivre avec la recherche de nuisibles.

Lorsque l'outil aura terminé, il affichera un rapport. Veuillez copier le contenu de C:\ComboFix.txt dans votre prochaine réponse.

0
GOUPIL59000
 
les liens ne fonctionnent pas; mais jvais essayer de trouver combofix tte seule!
merci pour ton aide^^
0
GOUPIL59000
 
voila le rapport de combofix, en revanche la Console de récupération Microsoft Windows ne s'est pas telechargée! jai peut etre raté une etape...




ComboFix 09-09-18.01 - HP_Administrateur 18/09/2009 20:32.2.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.210 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090917-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrateur\Local Settings\Application Data\DoubleD
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.8.1.4690\adwpx.exe
c:\program files\Internet Saving Optimizer\3.8.1.4690\Data\config.md
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.8.1.4690\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\NPIEaddon.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\unins000.dat
c:\program files\Internet Saving Optimizer\3.8.1.4690\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\2.0.0.1050\Data\config.md
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome.manifest
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\2.0.0.1050\FF\install.rdf
c:\program files\Media Access Startup\2.0.0.1050\HPCommon.dll
c:\program files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll
c:\program files\Media Access Startup\2.0.0.1050\hppx.exe
c:\program files\Media Access Startup\2.0.0.1050\MAHelper.exe
c:\program files\Media Access Startup\2.0.0.1050\unins000.dat
c:\program files\Media Access Startup\2.0.0.1050\unins000.exe
c:\program files\System Search Dispatcher\1.4.3.1040\ssD.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\105197.msi
c:\windows\Installer\116c5c.msi
c:\windows\Installer\1963205.msi
c:\windows\Installer\196682f.msi
c:\windows\Installer\2977c3.msi
c:\windows\Installer\3efa839.msi
c:\windows\Installer\412760.msi
c:\windows\Installer\45779.msi
c:\windows\Installer\4b71e3c.msi
c:\windows\Installer\4b71f79.msi
c:\windows\Installer\4b71f7e.msi
c:\windows\Installer\5b3e0f.msi
c:\windows\Installer\72a44.msi
c:\windows\Installer\778758.msp
c:\windows\Installer\77875f.msp
c:\windows\Installer\7c912.msi
c:\windows\Installer\81a78.msi
c:\windows\Installer\83d16.msi
c:\windows\Installer\9987c0f.msi
c:\windows\Installer\9c373a.msi
c:\windows\Installer\a053cc.msi
c:\windows\Installer\ae9248c.msi
c:\windows\Installer\dc8f15.msi
c:\windows\Installer\f93ce8.msi
c:\windows\kb913800.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-18 au 2009-09-18 ))))))))))))))))))))))))))))))))))))
.

2030-08-29 18:22 . 2030-08-29 18:22 97792 ----a-w- c:\windows\system32\AM21E.DLL
2030-08-29 18:22 . 2030-08-29 18:22 13824 ----a-w- c:\windows\system32\DSLITE.DLL
2030-08-29 18:22 . 2030-08-29 18:22 137728 ----a-w- c:\windows\system32\AMN21E.DLL
2009-09-18 13:07 . 2009-09-18 13:21 -------- d-----w- c:\program files\Navilog1
2009-09-17 16:54 . 2009-09-17 16:55 -------- d-----w- c:\program files\trend micro
2009-09-17 16:54 . 2009-09-17 16:55 -------- d-----w- C:\rsit
2009-09-15 23:15 . 2009-09-15 23:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer
2009-09-15 23:09 . 2009-09-16 01:36 -------- d-----w- c:\program files\Sukoku
2009-09-15 23:09 . 2009-09-15 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sukoku
2009-09-15 23:09 . 2009-09-15 23:09 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup
2009-09-15 23:09 . 2009-09-15 23:09 -------- d-----w- c:\program files\System Search Dispatcher
2009-09-15 23:08 . 2009-09-15 23:08 -------- d-----w- c:\program files\DoubleD
2009-09-09 21:53 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-08-27 14:40 . 2009-08-27 14:40 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Snapfish
2009-08-27 14:40 . 2009-08-27 14:40 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Snapfish

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 13:23 . 2006-12-19 19:51 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\OpenOffice.org2
2009-09-18 13:17 . 2007-05-12 15:46 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-17 18:59 . 2008-03-29 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-15 17:40 . 2007-01-08 04:33 -------- d-----w- c:\program files\eMule
2009-09-10 04:20 . 2009-05-13 18:00 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-23 19:44 . 2005-11-01 19:26 34192 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 14:29 . 2009-08-18 17:47 -------- d-----w- c:\program files\Pogo FR
2009-08-19 00:06 . 2008-02-06 17:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-18 23:35 . 2009-08-18 23:35 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Boolat Games
2009-08-18 23:34 . 2009-08-18 17:47 -------- d-----w- c:\program files\Oberon Media
2009-08-18 17:48 . 2009-08-18 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-08-09 22:59 . 2005-01-01 15:23 85396 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-09 22:59 . 2005-01-01 15:23 511874 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 22:53 . 2009-08-09 22:53 -------- d-----w- c:\program files\MSBuild
2009-08-09 22:53 . 2009-08-09 22:53 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 17:34 . 2005-01-01 08:08 -------- d-----w- c:\program files\Java
2009-08-06 17:21 . 2006-11-01 13:17 -------- d-----w- c:\program files\Gpotato
2009-08-05 12:49 . 2009-07-21 23:57 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\IMVUClient
2009-08-05 12:48 . 2009-07-21 23:58 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\IMVU
2009-08-05 09:00 . 2005-01-01 15:22 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 09:06 . 2006-09-15 00:09 -------- d-----w- c:\program files\Google
2009-08-03 05:18 . 2009-08-03 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-03 05:06 . 2009-08-03 05:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-03 05:06 . 2009-08-03 05:06 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\skypePM
2009-07-25 03:23 . 2008-12-06 12:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 10:58 . 2007-01-07 20:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-17 19:03 . 2005-01-01 15:22 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2005-01-01 15:23 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:57 . 2005-01-01 15:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2005-01-01 15:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2005-01-01 15:22 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:26 . 2005-01-01 15:23 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2005-01-01 15:23 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2005-01-01 15:23 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2005-01-01 15:22 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2005-01-01 15:22 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2005-01-01 15:22 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2005-01-01 15:22 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2005-12-19 13:56 . 2005-12-19 13:56 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Acme.PCHButton"="c:\progra~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe" [2005-01-01 159744]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 344064]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Outpost Firewall"="c:\program files\Agnitum\Outpost Firewall 1.0\outpost.exe" [2002-06-14 78848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-28 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-29 2551808]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur d'‚tat.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2006-12-28 802816]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/08/2009 20:39 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/08/2009 20:39 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/09/2008 13:33 24652]
S2 Sukoku Service;Sukoku Service;c:\documents and settings\All Users\Application Data\Sukoku\sukoku117.exe [16/09/2009 01:12 54760]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [01/01/2005 10:31 350282]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [24/05/2008 23:22 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [24/05/2008 23:41 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [24/05/2008 23:41 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [24/05/2008 23:43 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [24/05/2008 23:42 100008]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
S4 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [?]
S4 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [?]
S4 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [?]
S4 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [?]
S4 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [?]
S4 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [?]
S4 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [?]
S4 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [?]
S4 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [?]
S4 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [?]
S4 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [?]
S4 VFILT;Outpost Firewall Kernel Driver;\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [?]
.
Contenu du dossier 'Tâches planifiées'

2009-09-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-04 07:29]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\8g47898r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx??mkt=fr-FR&FORM=MICWU0&q=
FF - component: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\8g47898r.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-PS2 - c:\windows\system32\ps2.exe
AddRemove-Agnitum Outpost Firewall 1.0 - c:\program files\Agnitum\Outpost Firewall 1.0\uninst.exe
AddRemove-HijackThis - c:\documents and settings\HP_Administrateur\Bureau\HijackThis.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\2.0.0.1050\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 20:41
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-09-18 20:44
ComboFix-quarantined-files.txt 2009-09-18 18:44
ComboFix2.txt 2009-02-06 22:51

Avant-CF: 60 039 012 352 octets libres
Après-CF: 60 015 058 944 octets libres

265 --- E O F --- 2009-09-09 23:17
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
ep44 Messages postés 7432 Statut Contributeur 3
 
décidément

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
ou
https://forospyware.com
0
GOUPIL59000
 
et maintenant que dois je faire pr guerrir mon ptit pc docteur??
0
Réponse 6 / 12
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour,

Très bien combofix a bien travaillé, mais il nous reste encore pas mal de choses à nettoyer.

Fait ce qui suit :

* Sélectionne le texte suivant : 
KillaL::

Driver::
Sukoku Service

Folder::
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer      c:\program files\Sukoku       
c:\documents and settings\All Users\Application Data\Sukoku       
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup       
c:\program files\System Search Dispatcher

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur le lien ci dessous.
http://img399.imageshack.us/img399/7183/img210914jjufmoj0.gif
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Ces instructions ne concernent que cette machine. Elles ne doivent pas être appliquées sur un autre PC.

Ensuite poste bien ce rapport stp et tu feras ce qui suit par la suite

Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

● ( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!

● Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...
--> Tapes directement sur 2 ( option " suppression " ) puis tape sur [Entrée].

Le nettoyage commence .

! ne touche à rien lors de la suppression !

● Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

et pour finir

Télécharge CCleaner
https://filehippo.com/download_ccleaner/

Installe le (attention à l'installation pense à decocher l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner). Lance le en double cliquant sur CCleaner.exe

* Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69

Et pour finir

Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Une aide pour l'installation :
http://www.swl1f.net/viewtopic.php?f=14&t=68

* Installe le

* Lance malwarebytes

* Coche "Executer un examen complet"

* Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"

* Clique sur Supprimer la sélection

* Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir

* Fait copier coller et poste le rapport

Poste tout les rapports demandés stp
0
GOUPIL59000
 
ComboFix 09-09-18.01 - HP_Administrateur 20/09/2009 21:09.3.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.238 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Administrateur\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090919-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Sukoku
c:\documents and settings\All Users\Application Data\Sukoku\sukoku117.exe
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\config.md
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-010939.984.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-011502.843.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-012000.281.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-012343.359.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-013019.765.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-013025.500.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-021736.593.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-022014.796.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-024339.203.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-024450.765.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-024548.296.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-024723.687.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-024841.828.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-024930.468.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-025113.593.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-025205.609.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-030224.968.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-030656.421.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-030746.531.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-033907.078.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-135223.359.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-140012.984.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-140807.578.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-142806.062.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-145426.640.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-145452.640.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-145935.875.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-145952.171.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-151431.859.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-151531.031.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-151716.062.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-151806.234.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-173205.437.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-173642.812.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-174038.875.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-174350.875.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-180606.203.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-181840.765.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-183552.515.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-183636.781.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-184621.281.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-190331.640.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-192127.109.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-192147.140.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-194811.875.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-194937.500.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-200152.984.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-201309.328.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-202300.937.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-202515.656.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-203157.531.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-203401.234.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-205105.578.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-232455.593.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-232738.656.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-233456.984.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-233733.187.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-233819.546.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090916-233854.671.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-002024.343.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-031921.531.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-033923.343.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-042722.421.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-043158.812.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-153051.984.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-162054.609.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-162350.149.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-162534.751.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-162725.016.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-163053.579.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-163128.016.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-163134.141.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-163149.563.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-163227.813.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-163429.844.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-163651.188.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-163744.469.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-164741.297.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-173935.454.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-174357.313.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-174503.329.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-174844.157.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-175027.079.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-175606.860.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-175927.079.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-180040.610.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-180310.860.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-180342.954.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-180955.141.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-181108.485.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-183251.626.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-184233.188.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-190556.626.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-190655.438.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090917-200348.454.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-020439.876.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-020830.594.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-140656.109.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-150622.875.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-152702.843.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-153258.187.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-155950.000.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-160032.390.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-161054.203.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-165751.875.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-165828.258.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-170725.691.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-171001.820.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-172510.823.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-172644.934.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-182349.370.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-184049.436.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-184416.582.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-185535.894.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-185828.957.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-201303.910.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-202309.394.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-202343.066.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-202355.660.log
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Media Access Startup\2.0.0.1050\HJHP_20090918-202612.363.log
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.4.3.1040\Data\eacore.mx
c:\program files\System Search Dispatcher\1.4.3.1040\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.4.3.1040\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.4.3.1040\unins000.dat
c:\program files\System Search Dispatcher\1.4.3.1040\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SUKOKU_SERVICE
-------\Service_Sukoku Service


((((((((((((((((((((((((((((( Fichiers créés du 2009-08-20 au 2009-09-20 ))))))))))))))))))))))))))))))))))))
.

2030-08-29 18:22 . 2030-08-29 18:22 97792 ----a-w- c:\windows\system32\AM21E.DLL
2030-08-29 18:22 . 2030-08-29 18:22 13824 ----a-w- c:\windows\system32\DSLITE.DLL
2030-08-29 18:22 . 2030-08-29 18:22 137728 ----a-w- c:\windows\system32\AMN21E.DLL
2009-09-18 13:07 . 2009-09-18 13:21 -------- d-----w- c:\program files\Navilog1
2009-09-17 16:54 . 2009-09-17 16:55 -------- d-----w- c:\program files\trend micro
2009-09-17 16:54 . 2009-09-17 16:55 -------- d-----w- C:\rsit
2009-09-15 23:15 . 2009-09-15 23:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer
2009-09-15 23:09 . 2009-09-16 01:36 -------- d-----w- c:\program files\Sukoku
2009-09-15 23:08 . 2009-09-15 23:08 -------- d-----w- c:\program files\DoubleD
2009-09-09 21:53 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-08-27 14:40 . 2009-08-27 14:40 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Snapfish
2009-08-27 14:40 . 2009-08-27 14:40 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Snapfish

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 19:23 . 2007-05-12 15:46 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-20 17:18 . 2006-12-19 19:51 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\OpenOffice.org2
2009-09-19 23:50 . 2008-03-29 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-15 17:40 . 2007-01-08 04:33 -------- d-----w- c:\program files\eMule
2009-09-10 04:20 . 2009-05-13 18:00 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-23 19:44 . 2005-11-01 19:26 34192 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 14:29 . 2009-08-18 17:47 -------- d-----w- c:\program files\Pogo FR
2009-08-19 00:06 . 2008-02-06 17:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-18 23:35 . 2009-08-18 23:35 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Boolat Games
2009-08-18 23:34 . 2009-08-18 17:47 -------- d-----w- c:\program files\Oberon Media
2009-08-18 17:48 . 2009-08-18 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-08-09 22:59 . 2005-01-01 15:23 85396 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-09 22:59 . 2005-01-01 15:23 511874 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 22:53 . 2009-08-09 22:53 -------- d-----w- c:\program files\MSBuild
2009-08-09 22:53 . 2009-08-09 22:53 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 17:34 . 2005-01-01 08:08 -------- d-----w- c:\program files\Java
2009-08-06 17:21 . 2006-11-01 13:17 -------- d-----w- c:\program files\Gpotato
2009-08-05 12:49 . 2009-07-21 23:57 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\IMVUClient
2009-08-05 12:48 . 2009-07-21 23:58 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\IMVU
2009-08-05 09:00 . 2005-01-01 15:22 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 09:06 . 2006-09-15 00:09 -------- d-----w- c:\program files\Google
2009-08-03 05:18 . 2009-08-03 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-03 05:06 . 2009-08-03 05:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-03 05:06 . 2009-08-03 05:06 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\skypePM
2009-07-25 03:23 . 2008-12-06 12:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 10:58 . 2007-01-07 20:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-17 19:03 . 2005-01-01 15:22 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2005-01-01 15:23 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:57 . 2005-01-01 15:23 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2005-01-01 15:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2005-01-01 15:22 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:26 . 2005-01-01 15:23 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2005-01-01 15:23 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2005-01-01 15:23 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2005-01-01 15:22 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2005-01-01 15:22 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2005-01-01 15:22 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2005-01-01 15:22 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2005-12-19 13:56 . 2005-12-19 13:56 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-09-18_18.42.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-20 19:24 . 2009-09-20 19:24 16384 c:\windows\Temp\Perflib_Perfdata_56c.dat
+ 2009-09-20 19:24 . 2009-09-20 19:24 16384 c:\windows\Temp\Perflib_Perfdata_490.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Acme.PCHButton"="c:\progra~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe" [2005-01-01 159744]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 344064]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Outpost Firewall"="c:\program files\Agnitum\Outpost Firewall 1.0\outpost.exe" [2002-06-14 78848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-28 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-29 2551808]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur d'‚tat.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2006-12-28 802816]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/08/2009 20:39 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/08/2009 20:39 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/09/2008 13:33 24652]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [01/01/2005 10:31 350282]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [24/05/2008 23:22 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [24/05/2008 23:41 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [24/05/2008 23:41 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [24/05/2008 23:43 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [24/05/2008 23:42 100008]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
S4 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [?]
S4 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [?]
S4 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [?]
S4 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [?]
S4 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [?]
S4 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [?]
S4 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [?]
S4 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [?]
S4 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [?]
S4 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [?]
S4 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [?]
S4 VFILT;Outpost Firewall Kernel Driver;\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [?]
.
Contenu du dossier 'Tâches planifiées'

2009-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-04 07:29]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\8g47898r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx??mkt=fr-FR&FORM=MICWU0&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 - c:\program files\System Search Dispatcher\1.4.3.1040\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 21:24
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2136)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-09-20 21:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-20 19:33
ComboFix2.txt 2009-09-18 18:44
ComboFix3.txt 2009-02-06 22:51

Avant-CF: 59 721 154 560 octets libres
Après-CF: 60 012 240 896 octets libres

365 --- E O F --- 2009-09-09 23:17
0
GOUPIL59000
 
-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 02/16/05 16:07:13 Ver: 08.00.10
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090919-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:55 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 20/09/2009|22:11 )

-----------\\ FIX

Deleted! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@mywebsearch[2].txt

-----------\\ Searching for Files - Folders ...


-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(HP_Administrateur) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(HP_Administrateur) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(HP_Administrateur) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} => mybabylon_english


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop"


--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HP_ADM~1\Application Data\Azureus\torrents\Human Traffic -==Puta Crack Project==-.torrent
C:\DOCUME~1\HP_ADM~1\Local Settings\Application Data\ApplicationHistory\le château de chambord crack(no cd).exe.58f78c77.ini



1 - "C:\ToolBar SD\TB_1.txt" - 20/09/2009|22:13 - Option : [2]

-----------\\ Scan completed at 22:13:00,68












Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrateur at 2009-09-20 22:18:26
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 57 GB (39%) free of 147 GB
Total RAM: 511 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:43, on 20/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\HP_Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] c:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.lanson.net/svideo3.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
0
Réponse 7 / 12
ep44 Messages postés 7432 Statut Contributeur 3
 
très bien passe malwarebytes et poste le rapport stp
0
goupil59000
 
voici le dernier rapport!



Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 3

21/09/2009 01:02:47
mbam-log-2009-09-21 (01-02-47).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 224366
Temps écoulé: 2 hour(s), 16 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 124

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690 (Adware.DoubleD) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-011503.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-012000.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-012343.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-013019.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-013025.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-021736.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-022014.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-024339.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-024450.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-024548.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-024723.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-024841.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-024930.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-025113.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-025205.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-030225.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-030656.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-030746.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-033909.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-135224.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-140013.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-140807.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-142806.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-145426.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-145452.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-145935.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-145952.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-151431.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-151531.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-151716.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-151806.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-173205.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-173642.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-174038.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-174350.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-180606.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-181840.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-183552.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-183636.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-184621.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-190331.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-192127.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-192147.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-194811.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-194937.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-200153.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-201309.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-202300.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-202515.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-203157.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-203401.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-205105.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-232455.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-232738.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-233457.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-233733.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-233819.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090916-233854.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-002024.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-031921.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-033923.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-042722.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-043158.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-153052.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-162054.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-162350.181.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-162534.782.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-162725.047.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-163053.626.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-163128.047.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-163134.172.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-163149.594.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-163227.844.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-163429.891.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-163651.219.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-163744.501.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-164741.329.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-173935.485.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-174357.344.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-174503.360.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-174844.188.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-175027.110.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-175606.891.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-175927.126.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-180040.641.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-180310.907.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-180342.985.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-180955.172.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-181108.547.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-183251.657.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-184233.219.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-190556.672.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-190655.469.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090917-200348.485.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-020439.922.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-020830.626.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-140656.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-150622.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-152702.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-153258.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-155950.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-160032.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-161054.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-165751.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-165828.289.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-170725.722.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-171001.851.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-172510.854.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-172644.965.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-182349.401.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-184049.467.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-184416.613.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-185535.925.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-185828.988.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-201303.941.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-202309.425.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-202343.097.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-202355.691.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\NP_20090918-202612.394.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Internet Saving Optimizer\3.8.1.4690\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.
0
Réponse 8 / 12
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

très bien, pour la suite car ce n'est pas fini :

* Télécharge OTM (de Old_Timer) sur ton bureau,
* Double-clique sur OTM.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Instructions for Items to be Moved" :

:Processes
explorer.exe

:Services

:Reg

:Files
C:\Program Files\Sukoku
C:\f011b29995e552c494

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTM\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

* Lance OTM.
* Clique sur CleanUp! et clique sur OK.
* Une liste apparaît dans la partie gauche d'OTM.
* Un message apparaît pour confirmer le nettoyage. Confirme.
* Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

Ensuite fait ce qui suit

Fait un scan en ligne

avec https://www.bitdefender.com/toolbox/ Bitdefender et colle le rapport

Scan à faire sous Internet Explorer

Accepte le Control ActiveX de IE.
Regarde en haut de ton navigateur, tu as ce message tu fait un clique droit dessus et tu choisi "Installer la Controle ActiveX

http://pix.ep44.swl1f.free.fr/divers/Activex.png

Poste le rapport stp
0
goupil59000
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Sukoku moved successfully.
C:\f011b29995e552c494\i386 moved successfully.
C:\f011b29995e552c494\amd64 moved successfully.
C:\f011b29995e552c494 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: All Users

User: Default User
->Temp folder emptied: 34049 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Administrateur
->Temp folder emptied: 120841 bytes
->Temporary Internet Files folder emptied: 84781076 bytes
->Java cache emptied: 28447724 bytes
->FireFox cache emptied: 40039378 bytes
->Google Chrome cache emptied: 9798476 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 7276928 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_568.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 49816 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 162,87 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09222009_001452

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_568.dat moved successfully.

Registry entries deleted on Reboot...
0
Réponse 9 / 12
goupil59000
 
pour ce dernier rapport, je n'ai pas utilisé votre lien (impossible daller jusqu'au bout!)
jespére ke celui ke jai trouvé est similaire!

BitDefender Online Scanner

Scan report generated at: Tue, Sep 22, 2009 - 02:21:42

Scan path: C:\;D:\;E:\;F:\;H:\;I:\;J:\;K:\;

Statistics

Time

01:37:53

Files

525984

Folders

11764

Boot Sectors

0

Archives

18806

Packed Files

28576

Results

Identified Viruses

5

Infected Files

6

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

6

Engines Info

Virus Definitions

4244643

Engine build

AVCORE v2.1 Windows/i386 11.0.0.26 (Aug 27 2009)

Scan plugins

17

Archive plugins

44

Unpack plugins

8

E-mail plugins

6

System plugins

4

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP807\A0317180.exe

Detected with: Gen:Adware.Heur.pqW@dWZ5Nbk

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP807\A0317180.exe

Disinfection failed

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP807\A0317180.exe

Deleted

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP853\A0328732.rbf

Detected with: Application.Generic.220852

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP853\A0328732.rbf

Disinfection failed

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP853\A0328732.rbf

Deleted

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP853\A0329668.exe

Detected with: Application.Generic.208340

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP853\A0329668.exe

Disinfection failed

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP853\A0329668.exe

Deleted

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP855\A0329843.dll

Detected with: Application.Generic.222476

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP855\A0329843.dll

Disinfection failed

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP855\A0329843.dll

Deleted

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP856\A0330923.exe

Detected with: Application.Generic.224373

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP856\A0330923.exe

Disinfection failed

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP856\A0330923.exe

Deleted

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP858\A0331198.exe

Detected with: Application.Generic.224373

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP858\A0331198.exe

Disinfection failed

C:\System Volume Information\_restore{F4F1F86F-DDEA-4499-AE45-67D5345A230B}\RP858\A0331198.exe

Deleted
0
Réponse 10 / 12
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour,

très bien comment ce comporte ton PC ?
0
Réponse 11 / 12
goupil59000
 
bonjour! ca a l'air d'aller mieux! je n'ai donc plus de virus??
merci bcp pr ton aide!
0
Réponse 12 / 12
ep44 Messages postés 7432 Statut Contributeur 3
 
et bien attends ce n'es pas fini :

Télécharge ATF Cleaner par Atribune. <== Tu pourras garder ce logiciel pour une utilisation régulière.
http://www.atribune.org/ccount/click.php?id=1

Double-clique ATF-Cleaner.exe afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu principal, afin de fermer le programme.
Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

ensuite ce logiciel va t'aider a supprimer les outils utiliser

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
http://pc-system.fr/

Double clique sur ToolsCleaner2.exe >
puis Recherche
et sur Suppression
Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

ensuite fait ceci (IMPORTANT)

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..

Pense aussi à faire tes mises à jours régulièrement

Windows update : ==> ici =>http://www.update.microsoft.com/windowsupdate/v6/default.aspx
Java : ==> ici => https://www.java.com/fr/download/

Ces mises à jours sont très importantes pour la sécurité de ton PC.

N'installe qu'un seul parefeu !!
et bien sur qu'un antivirus

N'oublie pas de faire régulièrement les mises à jour de tes logiciels avant chaque scan.

* Tu peux aussi utiliser ces logiciels de sécurité

Malwarebytes => C'est un anti-malwares gratuit et en français, tu devras une fois installer le lancer périodiquement pour contrôler ton PC.
Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=68

Spyware Terminator => C'est un anti-spyware gratuit et en français, Il travaillera automatiquement grâce à son module résident, tu pourras le programmer pour effectuer un scan journalier.
Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=66

* Ensuite quelques conseils
L'infection de ton pc peut se faire de différente façon, voici en quelques lignes plusieurs points à éviter. ==> ici =>http://www.swl1f.net/viewtopic.php?f=14&t=67

* le navigateur

Essaye le navigateur Firefox plus sur/securisé qu IE
Firefox n'utilise pas le dangereux protocole ActiveX
* Téléchargement: ==> Firefox => http://www.mozilla-europe.org/fr/products/firefox/
* Tutorial pour le sécuriser: ==> ici =>https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/

Important
Surfez avec les droits administrateurs sur le net te rend vulnérable, il faut donc utiliser un autre compte que celui de l'administrateur


* Pour que ton pc retrouve un peu de jeunesse
* Pense a lancer une petite défragmentation.
* Utilise CCleaner régulièrement.
* Gère tes services grâce a ces 2 liens
==> ici => http://speedweb1.free.fr/frames2.php?page=service3 et ==> ici => http://speedweb1.free.fr/frames2.php?page=service4
* Utilise Zeb Utility
une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
Téléchargement : ==> ici ==> https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
Tuto : ==> ici => https://www.zebulon.fr/dossiers/autres/58-zebutility.html

Et pour finir

Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection

- Voir les règles du forum : ==> ici => https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

* malwarecomplaints => https://malwarecomplaints.info/

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
conforme au règle du forum (age, ville, département etc..)

Indique aussi le nom du Forum qui t'a aidé

* Tuto => http://www.malekal.com/malwarecomplaints.html

@+

0

Discussions similaires

expressions francaises
bifaka -
lanonyme -

4 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses