probleme de virus Fermé

Question

Bonjour,


Avast me détecte 2 virus trojean-gens , j'ai supprimer le fichier qui avait était  infecter . J'ai supprimer le virus  X fois mais il reviens toujours   . Y a -t-il un moyen de m'en débarrasser , en étant sur vista  ?

cordialement sylvirus

Xplode · Answer

Salut, commence par faire ceci :

                               [RSIT] 


[x] Télécharge Random's System Information Tool à cette adresse : http://images.malwareremoval.com/random/RSIT.exe

[x] Double clique sur " RSIT.exe ".

[x] Clique sur " Continue ".

[x] Si hijackthis n'est pas présent il sera automatiquement téléchargé et tu devras accepter la license.

[x] Une fois l'analyse finie, deux fichiers ( info.txt & log.txt ) s'ouvriront.

[x] Copie colle le contenu des deux rapports dans ton prochain message

[x] Si jamais tu as fermé les rapports sans faire attention, ils sont sous C:\rsit

sylvirus · Answer

voici les rapports : 

Logfile of random's system information tool 1.06 (written by random/random)
Run by compaq at 2009-09-27 17:39:47
Microsoft® Windows Vista™ Édition Familiale Basique  Service Pack 1
System drive C: has 427 GB (92%) free of 465 GB
Total RAM: 1918 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:51, on 27/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32undll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\compaq\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird	hunderbird.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\compaq\Downloads\RSIT.exe
C:\Program Files	rend micro\compaq.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://troner.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\compaq\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbaresources\fr-FR\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1ca311950010cf0) (gupdate1ca311950010cf0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

Xplode · Answer

Fais ceci :

Malwarebyte's anti-malware ----->

[x] Télécharge Malwarebyte's anti-malware (MBAM) à cette adresse : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

[x] Installe le

[x] Coche bien tout les éléments trouvés et supprime les !

[x] Un tutoriel pour son utilisation est disponible ici : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

[x] Suis les indications données sur le lien précédent puis copie/colle le rapport généré dans ton prochain message

sylvirus · Answer

bonsoir , voici les rapport donner :

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2865
Windows 6.0.6001 Service Pack 1

27/09/2009 18:47:12
mbam-log-2009-09-27 (18-47-12).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 262147
Temps écoulé: 50 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


je ne comprend pas celui-ci n'a pas detecter de virus , alors que avast m'en a detecter plusieur , pouriez-vous m'expliquer pourquoi ?

Xplode · Answer

Malwarebyte's est un anti malware, avast un antivirus, c'est donc normal qu'il ne trouve pas les mêmes résultats qu'avast.

Peux tu fais un scan avec avast puis copier/coller le rapport dans ton prochain post ?

sylvirus · Answer

avast m'affiche que le dossier ou ce trouve les trojean-gens est :C:\$Recycle.Bin\S-1-5-21-3645355661-278102613-3225079166-1000\$RL07NWH.zip\Setup.exe\Setup_00.exe\TorrentSpeederSU.exe\TorentSilentInstall.exe

j'ai supprimer ce truc plusieur fois en vint il revien toujours .

Xplode · Answer

Télécharge ComboFix à cette adresse : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suis scrupuleusement les instructions de ce tutoriel : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Poste ensuite le rapport dans ton prochain message.

sylvirus · Answer

voici le raport donner :

AAC Decoder
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3 - Français
AOL Toolbar 5.0
Assistant de connexion Windows Live
AutoUpdate
avast! Antivirus
Cards_Calendar_OrderGift_DoMorePlugout
CyberLink DVD Suite Deluxe
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Dofus 1.28.0
DVD Play
Galerie de photos Windows Live
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
Installation Windows Live
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
LabelPrint
LightScribe System Software  1.14.17.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
MKV Splitter
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Mozilla Firefox (3.5.3)
Mozilla Thunderbird (2.0.0.23)
MSVCRT
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
Notification de cadeaux MSN
NVIDIA Drivers
Outil de téléchargement Windows Live
Power2Go
PowerDirector
PSSWCORE
Python 2.5.2
Quick Zip 4.60.019
Realtek High Definition Audio Driver
SPORE Creature Creator Trial Edition
Spybot - Search & Destroy
Spyware Doctor 6.1
The Cleaner 2010
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
Version de démonstration de Microsoft Office Home and Student 2007
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Contrôle parental
Windows Live FolderShare
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Toolbar
Windows Live Writer
Yahoo! Toolbar

Xplode · Answer

Ce n'est pas le rapport de ComboFix, il se trouve sous C:\COMBOFIX.txt

sylvirus · Answer

je suis desoler je me suis tromper , voici le raport :

ComboFix 09-09-25.01 - compaq 27/09/2009 19:23.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique   6.0.6001.1.1252.33.1036.18.1918.971 [GMT 2:00]
Lancé depuis: c:\users\compaq\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3645355661-278102613-3225079166-500

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-08-27 au 2009-09-27  ))))))))))))))))))))))))))))))))))))
.

2009-09-27 17:30 . 2009-09-27 17:30	--------	d-----w-	c:\users\Default\AppData\Local	emp
2009-09-27 15:56 . 2009-09-27 15:56	--------	d-----w-	c:\users\compaq\AppData\Roaming\Malwarebytes
2009-09-27 15:56 . 2009-09-10 12:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-27 15:56 . 2009-09-27 15:56	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-09-27 15:56 . 2009-09-27 15:56	--------	d-----w-	c:\programdata\Malwarebytes
2009-09-27 15:56 . 2009-09-10 12:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-27 14:34 . 2008-12-11 06:38	159600	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2009-09-27 14:34 . 2009-08-24 12:05	206256	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2009-09-27 14:34 . 2009-08-19 09:01	86888	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-27 14:33 . 2009-09-27 14:36	--------	d-----w-	c:\program files\Common Files\PC Tools
2009-09-27 14:33 . 2008-12-10 09:36	64392	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2009-09-27 14:33 . 2009-09-27 14:36	--------	d-----w-	c:\program files\Spyware Doctor
2009-09-27 14:33 . 2009-09-27 14:33	--------	d-----w-	c:\users\compaq\AppData\Roaming\PC Tools
2009-09-27 14:33 . 2009-09-27 14:33	--------	d-----w-	c:\programdata\PC Tools
2009-09-27 11:30 . 2009-09-27 11:30	680	----a-w-	c:\users\compaq\AppData\Local\d3d9caps.dat
2009-09-27 10:42 . 2009-09-27 11:30	--------	d-----w-	c:\program files\The Cleaner
2009-09-27 07:30 . 2009-09-27 07:25	15688	----a-w-	c:\windows\system32\lsdelete.exe
2009-09-27 07:25 . 2009-09-27 07:25	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
2009-09-27 07:22 . 2009-09-27 07:22	--------	dc-h--w-	c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-27 07:22 . 2009-09-27 07:25	--------	d-----w-	c:\programdata\Lavasoft
2009-09-27 07:22 . 2009-09-27 07:22	--------	d-----w-	c:\program files\Lavasoft
2009-09-27 07:10 . 2009-09-27 07:16	--------	d-----w-	c:\users\compaq\AppData\Roaming\HouseCall 6.6
2009-09-26 20:45 . 2009-09-26 20:45	--------	d-----w-	c:\users\compaq\AppData\Roaming\DivX
2009-09-26 18:13 . 2009-09-27 15:44	--------	d-----w-	c:\program files	rend micro
2009-09-26 18:13 . 2009-09-26 18:14	--------	d-----w-	C:sit
2009-09-26 04:51 . 2009-09-27 11:31	--------	d-----w-	c:\programdata\Yahoo! Companion
2009-09-26 04:51 . 2009-09-26 04:51	--------	d-----w-	c:\users\compaq\AppData\Roaming\Yahoo!
2009-09-26 04:51 . 2009-09-26 04:51	--------	d-----w-	c:\program files\Yahoo!
2009-09-25 15:16 . 2009-09-27 14:08	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2009-09-25 15:16 . 2009-09-26 06:09	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-09-22 16:13 . 2009-09-15 10:54	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-09-22 16:13 . 2009-09-15 10:54	52368	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-09-22 16:13 . 2009-09-15 10:55	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-09-22 16:13 . 2009-09-15 10:55	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-09-22 16:13 . 2009-09-15 10:53	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-09-22 16:13 . 2009-09-15 10:59	1279968	----a-w-	c:\windows\system32\aswBoot.exe
2009-09-22 16:13 . 2009-09-15 10:55	53328	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2009-09-22 16:05 . 2009-09-22 16:05	308160	----a-w-	c:\users\compaq\avast_home_setup.exe
2009-09-17 15:55 . 2009-09-17 15:55	--------	d-----w-	c:\users\compaq\AppData\Roaming\muvee Technologies
2009-09-17 12:05 . 2009-09-17 12:05	--------	d-----w-	c:\program files\Unity
2009-09-16 15:32 . 2009-09-16 15:33	--------	d-----w-	c:\users\compaq\AppData\Roaming\Media Player Classic
2009-09-16 15:32 . 2006-03-20 14:37	5693440	----a-w-	c:\users\compaq\mplayerc.exe
2009-09-16 09:43 . 2009-09-16 09:43	--------	d-----w-	c:\users\Public\CyberLink
2009-09-10 16:40 . 2009-09-10 16:40	--------	d-----w-	c:\users\compaq\AppData\Local\TempDIR
2009-09-10 05:12 . 2009-08-14 17:07	897608	----a-w-	c:\windows\system32\drivers	cpip.sys
2009-09-10 05:12 . 2009-08-14 16:29	104960	----a-w-	c:\windows\system32
etiohlp.dll
2009-09-10 05:12 . 2009-08-14 14:16	9728	----a-w-	c:\windows\system32\TCPSVCS.EXE
2009-09-10 05:12 . 2009-08-14 14:16	17920	----a-w-	c:\windows\system32\ROUTE.EXE
2009-09-10 05:12 . 2009-08-14 14:16	11264	----a-w-	c:\windows\system32\MRINFO.EXE
2009-09-10 05:12 . 2009-08-14 14:16	27136	----a-w-	c:\windows\system32\NETSTAT.EXE
2009-09-10 05:12 . 2009-08-14 14:16	19968	----a-w-	c:\windows\system32\ARP.EXE
2009-09-10 05:12 . 2009-08-14 14:16	8704	----a-w-	c:\windows\system32\HOSTNAME.EXE
2009-09-10 05:12 . 2009-08-14 14:16	10240	----a-w-	c:\windows\system32\finger.exe
2009-09-10 05:12 . 2009-08-14 16:29	17920	----a-w-	c:\windows\system32
etevent.dll
2009-09-10 05:11 . 2009-07-11 19:32	513024	----a-w-	c:\windows\system32\wlansvc.dll
2009-09-10 05:11 . 2009-07-11 19:32	302592	----a-w-	c:\windows\system32\wlansec.dll
2009-09-10 05:11 . 2009-07-11 19:32	293376	----a-w-	c:\windows\system32\wlanmsm.dll
2009-09-10 05:11 . 2009-07-11 19:29	127488	----a-w-	c:\windows\system32\L2SecHC.dll
2009-09-10 05:11 . 2009-06-10 12:11	2868224	----a-w-	c:\windows\system32\mf.dll
2009-09-09 06:47 . 2009-09-09 06:47	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2009-09-09 06:46 . 2009-09-27 14:51	--------	d-----w-	c:\users\compaq\AppData\Local\Google
2009-09-09 06:46 . 2009-09-27 14:33	--------	d-----w-	c:\program files\Google
2009-09-09 06:46 . 2009-09-10 06:07	--------	d-----w-	c:\program files\Common Files\DivX Shared
2009-09-09 06:46 . 2009-09-26 06:49	--------	d-----w-	c:\program files\DivX
2009-09-09 06:42 . 2009-09-09 06:42	--------	d-----w-	c:\users\compaq\AppData\Roaming\vlc
2009-09-09 06:42 . 2009-09-09 06:53	--------	d-----w-	c:\users\compaq\VLC
2009-09-08 20:42 . 2009-09-08 20:42	--------	d-----w-	c:\program files\Conduit
2009-09-06 12:13 . 2009-09-18 16:31	--------	d-----w-	c:\program files\Dofus
2009-09-04 18:56 . 2009-09-04 18:56	--------	d-----w-	c:\users\compaq\AppData\Roaming\WildTangent
2009-09-04 16:43 . 2009-09-04 16:43	--------	d-----w-	c:\program files\QuickZip4
2009-09-04 01:02 . 2009-06-22 10:22	2048	----a-w-	c:\windows\system32	zres.dll
2009-09-03 20:09 . 2009-09-03 20:09	--------	d-----w-	c:\users\compaq\AppData\Local\Shareaza
2009-09-03 19:44 . 2009-09-25 17:08	--------	d-----w-	c:\programdata\eMule
2009-09-03 19:43 . 2009-09-10 19:48	--------	d-----w-	c:\users\compaq\AppData\Local\eMule
2009-09-03 19:36 . 2008-06-20 01:14	97800	----a-w-	c:\windows\system32\infocardapi.dll
2009-09-03 19:36 . 2008-06-20 01:14	105016	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-03 19:36 . 2008-06-20 01:14	43544	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2009-09-03 19:36 . 2008-06-20 01:14	11264	----a-w-	c:\windows\system32\icardres.dll
2009-09-03 19:36 . 2008-06-20 01:14	622080	----a-w-	c:\windows\system32\icardagt.exe
2009-09-03 19:35 . 2008-06-20 01:14	781344	----a-w-	c:\windows\system32\PresentationNative_v0300.dll
2009-09-03 19:35 . 2008-06-20 01:14	326160	----a-w-	c:\windows\system32\PresentationHost.exe
2009-09-03 19:31 . 2008-07-27 18:03	96760	----a-w-	c:\windows\system32\dfshim.dll
2009-09-03 19:31 . 2008-07-27 18:03	41984	----a-w-	c:\windows\system32
etfxperf.dll
2009-09-03 19:31 . 2008-07-27 18:03	282112	----a-w-	c:\windows\system32\mscoree.dll
2009-09-03 19:31 . 2008-07-27 18:03	158720	----a-w-	c:\windows\system32\mscorier.dll
2009-09-03 19:31 . 2008-07-27 18:03	83968	----a-w-	c:\windows\system32\mscories.dll
2009-09-03 19:29 . 2009-09-03 19:29	--------	d-----w-	c:\program files\MSXML 4.0
2009-09-03 19:24 . 2009-06-15 18:20	439896	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2009-09-03 19:24 . 2009-06-15 15:24	175104	----a-w-	c:\windows\system32\wdigest.dll
2009-09-03 19:24 . 2009-06-15 15:24	270848	----a-w-	c:\windows\system32\schannel.dll
2009-09-03 19:24 . 2009-06-15 15:23	1256448	----a-w-	c:\windows\system32\lsasrv.dll
2009-09-03 19:24 . 2009-06-15 15:22	213504	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-03 19:24 . 2009-06-15 15:21	499712	----a-w-	c:\windows\system32\kerberos.dll
2009-09-03 19:24 . 2009-06-15 15:24	72704	----a-w-	c:\windows\system32\secur32.dll
2009-09-03 19:24 . 2009-06-15 12:57	9728	----a-w-	c:\windows\system32\lsass.exe
2009-09-03 19:23 . 2009-09-03 19:23	--------	d-----w-	c:\programdata\Brother
2009-09-03 15:31 . 2009-09-03 15:31	--------	d-----w-	c:\program files\Alwil Software
2009-09-03 12:58 . 2009-09-27 11:30	--------	d-----w-	c:\users\compaq\Tracing
2009-09-03 12:56 . 2009-09-11 01:11	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-03 12:56 . 2009-09-27 07:25	--------	dc----w-	c:\windows\system32\DRVSTORE
2009-09-03 12:56 . 2009-08-05 20:48	54632	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2009-09-03 12:55 . 2009-09-03 12:55	--------	d-----w-	c:\program files\Microsoft Sync Framework
2009-09-03 12:54 . 2006-11-29 11:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll
2009-09-03 12:53 . 2009-09-03 12:53	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2009-09-03 12:52 . 2009-09-03 12:52	--------	d-----w-	c:\program files\Microsoft
2009-09-03 12:51 . 2009-09-03 12:51	--------	d-----w-	c:\program files\Windows Live SkyDrive
2009-09-03 12:51 . 2009-09-03 12:56	--------	d-----w-	c:\program files\Windows Live
2009-09-03 12:51 . 2009-09-03 12:51	--------	d-----w-	c:\windows\PCHEALTH
2009-09-03 12:41 . 2009-09-03 12:41	--------	d-----w-	c:\program files\Common Files\Windows Live
2009-09-03 12:14 . 2009-09-03 12:14	0	----a-w-	c:\windows
sreg.dat
2009-09-03 12:14 . 2009-09-03 12:14	--------	d-----w-	c:\users\compaq\AppData\Local\Thunderbird
2009-09-03 12:14 . 2009-09-03 12:14	--------	d-----w-	c:\users\compaq\AppData\Roaming\Thunderbird
2009-09-03 12:14 . 2009-09-09 06:47	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-09-03 12:10 . 2009-09-03 12:10	--------	d-----w-	c:\users\compaq\AppData\Local\Mozilla
2009-09-03 11:23 . 2009-09-06 11:27	--------	d-----w-	c:\users\compaq\AppData\Local\Microsoft Games
2009-09-03 11:09 . 2009-06-10 12:07	91136	----a-w-	c:\windows\system32\avifil32.dll
2009-09-03 11:08 . 2009-08-28 12:39	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2009-09-03 11:08 . 2009-08-28 10:15	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-03 11:08 . 2008-06-23 01:59	996352	----a-w-	c:\windows\system32\WMNetMgr.dll
2009-09-03 11:08 . 2008-06-23 01:58	94720	----a-w-	c:\windows\system32\logagent.exe
2009-09-03 11:08 . 2008-04-10 05:12	738304	----a-w-	c:\windows\system32\inetcomm.dll
2009-09-03 11:08 . 2008-10-21 05:25	1645568	----a-w-	c:\windows\system32\connect.dll
2009-09-03 11:08 . 2009-04-23 12:43	784896	----a-w-	c:\windows\system32pcrt4.dll
2009-09-03 11:08 . 2008-09-10 03:40	1334272	----a-w-	c:\windows\system32\msxml6.dll
2009-09-03 10:53 . 2008-10-16 21:13	1809944	----a-w-	c:\windows\system32\wuaueng.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 01:10 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-09-02 19:02 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Photo Gallery
2009-09-02 19:02 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Defender
2009-09-02 19:02 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Collaboration
2009-09-02 19:02 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Calendar
2009-09-02 12:08 . 2009-09-02 12:08	1845	--sha-r-	c:\windows\system32\drivers\103C_HP_CPC_FR415AA-ABF SR5612FR_YC_0Pres_QCNX839_E84WEv3PrA3_49_INettle3_SECS_V2.2_B5.17_T080423_WUH1_L40C_M1918_J500_7AMD_8Athlon Dual Core 4450e_92.3_#090902_N10DE03EF_Z_G10DE03D0.MRK
2009-09-02 12:08 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Sidebar
2009-09-02 12:04 . 2009-09-02 12:04	--------	d-sh--we	c:\programdata\Modèles
2009-09-02 12:04 . 2009-09-02 12:04	--------	d-sh--we	c:\programdata\Menu Démarrer
2009-09-02 09:59 . 2009-09-02 09:37	--------	d-----w-	c:\program files\Hewlett-Packard
2009-09-02 09:54 . 2009-09-02 09:35	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-09-02 09:49 . 2009-09-02 09:38	--------	d-----w-	c:\program files\HP
2009-09-02 09:38 . 2009-09-02 09:35	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-09-02 09:37 . 2009-09-02 09:37	--------	d-----w-	c:\programdata\NVIDIA
2009-09-02 09:35 . 2009-09-02 09:35	319456	----a-w-	c:\windows\DIFxAPI.dll
2009-09-02 09:35 . 2009-09-02 09:35	315392	----a-w-	c:\windows\HideWin.exe
2009-09-02 09:35 . 2009-09-02 09:35	--------	d-----w-	c:\program files\Realtek
2009-09-02 09:21 . 2009-09-02 09:21	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-14 04:58 . 2009-09-27 14:34	7396	----a-w-	c:\windows\system32\drivers\pctcore.cat
2009-07-26 14:44 . 2009-07-26 14:44	48448	----a-w-	c:\windows\system32\sirenacm.dll
2009-07-18 16:06 . 2009-09-03 11:09	827904	----a-w-	c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-09-03 11:09	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-09-03 11:09	26624	----a-w-	c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-09-03 11:10	71680	----a-w-	c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-09-03 11:09	313344	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-09-03 11:09	4096	----a-w-	c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-09-03 11:09	7680	----a-w-	c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-09-03 11:09	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2009-07-14 00:15 . 2009-07-14 00:15	90112	----a-w-	c:\windows\system32\dpl100.dll
2009-07-14 00:15 . 2009-07-14 00:15	823296	----a-w-	c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15	823296	----a-w-	c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15	815104	----a-w-	c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15	811008	----a-w-	c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15	802816	----a-w-	c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15	685056	----a-w-	c:\windows\system32\DivX.dll
2009-07-10 11:01 . 2009-07-10 11:01	307560	----a-w-	c:\windows\WLXPGSS.SCR
2009-07-14 00:16 . 2009-07-14 00:16	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-07-03 972080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-27 520024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-06-24 46416]

c:\users\compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\compaq\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-9-9 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8BE9B2AA-578F-400A-B884-5DDD6C573E1F}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{2FD9B504-4E05-4B1A-A9CD-141F06185D2E}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{9DC86F59-24EC-4677-A5E0-B10521475E27}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8C76184E-F04E-4337-AB32-0FB052EB66E9}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live FolderShare
"TCP Query User{859A6CFB-E7DA-4D12-8CFD-6D034A2FB64D}c:\program files\emule\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{0CA40F02-FE15-4256-BA29-314E8991FB3A}c:\program files\emule\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{34571491-7553-4388-9CDF-302461E95B47}c:\program files\echanblard\emule.exe"= UDP:c:\program files\echanblard\emule.exe:eMule
"UDP Query User{B73D1324-9B6F-4F0A-82AE-C13E2B3E369D}c:\program files\echanblard\emule.exe"= TCP:c:\program files\echanblard\emule.exe:eMule

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [27/09/2009 09:25 64160]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [27/09/2009 16:34 206256]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [22/09/2009 18:13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22/09/2009 18:13 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22/09/2009 18:13 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:33 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1028432]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [26/09/2009 07:38 1153368]
S2 gupdate1ca311950010cf0;Service Google Update (gupdate1ca311950010cf0);c:\program files\Google\Update\GoogleUpdate.exe [09/09/2009 08:46 133104]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [03/09/2009 14:56 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [27/09/2009 16:33 348752]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2009-09-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:25]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 06:46]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 06:46]

2009-09-16 c:\windows\Tasks\HPCeeScheduleForcompaq.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-09-02 18:03]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.troner.net/
IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbaresources\fr-FR\local\search.html
FF - ProfilePath - c:\users\compaq\AppData\Roaming\Mozilla\Firefox\Profiles\8hce1d4m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2186548&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=IEFM1&q=
FF - component: c:\users\compaq\AppData\Roaming\Mozilla\Firefox\Profiles\8hce1d4m.default\extensions\{fe37be35-b028-49f9-bb0c-6a38c4e55b97}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7
pGoogleOneClick8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader
pUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{fe37be35-b028-49f9-bb0c-6a38c4e55b97} - (no file)
BHO-{fe37be35-b028-49f9-bb0c-6a38c4e55b97} - (no file)
Toolbar-{fe37be35-b028-49f9-bb0c-6a38c4e55b97} - (no file)
WebBrowser-{FE37BE35-B028-49F9-BB0C-6A38C4E55B97} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 19:30
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 


c:\users\compaq\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
Heure de fin: 2009-09-27 19:32
ComboFix-quarantined-files.txt  2009-09-27 17:32

Avant-CF: 446 656 258 048 octets libres
Après-CF: 445 657 600 000 octets libres

302	--- E O F ---	2009-09-25 20:55

Xplode · Answer

Peux tu me reposter un log de RSIT ?

sylvirus · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by compaq at 2009-09-27 17:44:33
Microsoft® Windows Vista™ Édition Familiale Basique  Service Pack 1
System drive C: has 427 GB (92%) free of 465 GB
Total RAM: 1918 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:36, on 27/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32undll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\compaq\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Mozilla Thunderbird	hunderbird.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\compaq\Downloads\RSIT.exe
C:\Program Files	rend micro\compaq.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://troner.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\compaq\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbaresources\fr-FR\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1ca311950010cf0) (gupdate1ca311950010cf0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

Bastoon · Answer

Salut,
Je te conseille de jeter ton ordi a la benne et d'en racheter un autre.
A ton service.
A plus.

Xplode · Answer

Commence par désinstaller ces programmes :

Google toolbar
Yahoo Toolbar
AOL Toolbar
Windows Live Toolbar


Désinstalle aussi Ad-aware et Spybot  qui font doublon avec MBAM et qui sont moins puissants.

Ensuite fait ceci :


VirusTotal :

Rend toi sur https://www.virustotal.com/gui/

Clique sur " Parcourir " puis séléctionne le fichier suivant : C:\Windows\SMINST\launcher.exe

Poste le contenu du rapport de scan dans ton prochain message.

sylvirus · Answer

voici le rapport : 

Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 5.0.0.2 2009.03.26 - 
AntiVir 7.9.0.126 2009.03.26 - 
Antiy-AVL 2.0.3.1 2009.03.27 - 
Authentium 5.1.2.4 2009.03.26 - 
Avast 4.8.1335.0 2009.03.25 - 
AVG 8.5.0.283 2009.03.25 - 
BitDefender 7.2 2009.03.26 - 
CAT-QuickHeal 10.00 2009.03.26 - 
ClamAV 0.94.1 2009.03.26 - 
Comodo 1084 2009.03.25 - 
DrWeb 4.44.0.09170 2009.03.26 - 
eSafe 7.0.17.0 2009.03.25 - 
eTrust-Vet 31.6.6418 2009.03.26 - 
F-Prot 4.4.4.56 2009.03.26 - 
F-Secure 8.0.14470.0 2009.03.26 - 
Fortinet 3.117.0.0 2009.03.26 - 
GData 19 2009.03.26 - 
Ikarus T3.1.1.48.0 2009.03.26 - 
K7AntiVirus 7.10.680 2009.03.24 - 
Kaspersky 7.0.0.125 2009.03.26 - 
McAfee 5564 2009.03.25 - 
McAfee+Artemis 5564 2009.03.25 - 
McAfee-GW-Edition 6.7.6 2009.03.26 - 
Microsoft 1.4502 2009.03.26 - 
NOD32 3963 2009.03.25 - 
Norman  2009.03.25 - 
nProtect 2009.1.8.0 2009.03.26 Trojan/W32.Agent.44168 
Panda 10.0.0.10 2009.03.25 - 
PCTools 4.4.2.0 2009.03.25 - 
Prevx1 3.0 2009.04.27 - 
Rising 21.22.32.00 2009.03.26 - 
Sophos 4.39.0 2009.03.26 - 
Sunbelt 3.2.1858.2 2009.03.26 - 
Symantec 1.4.4.12 2009.03.26 - 
TheHacker 6.3.3.7.292 2009.03.26 - 
TrendMicro 8.700.0.1004 2009.03.26 - 
VBA32 3.12.10.1 2009.03.26 - 
ViRobot 2009.3.25.1663 2009.03.25 Trojan.Win32.Agent.44168 
VirusBuster 4.6.5.0 2009.03.25 - 
Information additionnelle 
File size: 46416 bytes 
MD5   : eafb6ff6ef64fc4d6edc3025257a6201 
SHA1  : 0558452b011cd7a28b0a1b6f072c1d6050f1398d 
SHA256: d726b4f34f575ea89afeeed47789de3c16a21d438848a6b074716868f1ac2af3 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4858
timedatestamp.....: 0x454F2771 (Mon Nov 6 13:15:45 2006)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x41C9 0x5000 5.38 5c5a7f6e4e9784110db25bddcc6dee3c
.rdata 0x6000 0x1458 0x2000 3.03 ae638035d8f027226689b7c38288aca2
.data 0x8000 0xB30 0x1000 2.60 90612eb9fcc7c59a48e1552b7ea3bb65
.rsrc 0x9000 0x3B0 0x1000 0.96 3b4d5d544aab5d57e8e6f20740ea399c

( 0 imports )


( 0 exports )
 
TrID  : File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%) 
ssdeep: 768:3qkjP6maLVgM5/7a8misGa86TUBqtI3FTvc5LBbbK:3ZjSmaLVgePLsD86ltItvc5lbK 
PEiD  : - 
CWSandbox: http://research.sunbelt-software.com/... 
RDS   : NSRL Reference Data Set
-

Xplode · Answer

- Télécharge OTMoveIt (de Old_Timer) https://www.luanagames.com/index.fr.html sur ton Bureau.

- Double-clique sur OTMoveIt.exe
- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
- Copie le texte en gras ci dessous et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved

:processes
explorer.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] 
"Launcher"=-

:files
C:\Windows\SMINST\launcher.exe 

:commands
[emptytemp]
[purity]
[start explorer]


- Clique sur MoveIt! pour lancer la suppression.
- Si OTMoveIt propose de redémarrer ton PC, accepte.
- Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
- Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles

sylvirus · Answer

voici le rapport: 

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Unable to delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Launcher .
========== FILES ==========
File move failed. C:\Windows\SMINST\Launcher.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\compaq\AppData\Local\Temp\JETC273.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\compaq\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows	emp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 09272009_202417

Files moved on Reboot...
File move failed. C:\Windows\SMINST\Launcher.exe scheduled to be moved on reboot.
File C:\Users\compaq\AppData\Local\Temp\JETC273.tmp not found!
File move failed. C:\Users\compaq\AppData\Local\Temp\MainFrame.Log.txt scheduled to be moved on reboot.
File move failed. C:\Windows	emp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

sylvirus · Answer

merci de m avoir aider je penses que j en suis debarasser pour l instant  cordialement sylvirus

Probleme de virus

18 réponses

Discussions similaires