virus

Question

Bonjour,
J ai un pc bourée de virus des tonnes de processus bizares se lance et on me dit que windows a fait une mise à jour et qu il faut que je redémarre mon pc ( a mon avis sa fait longtemps que microsoft ne fais plus de mise à jour de xp toute les 3 semaines)

aidez moi à virer ces virus

please

Xplode · Answer

Salut, tu peux commencer par faire ceci pour un diagnostic complet de ton PC :

                               [RSIT] 


[x] Télécharge Random's System Information Tool à cette adresse : http://images.malwareremoval.com/random/RSIT.exe

[x] Double clique sur " RSIT.exe ".

[x] Clique sur " Continue ".

[x] Si hijackthis n'est pas présent il sera automatiquement téléchargé et tu devras accepter la license.

[x] Une fois l'analyse finie, deux fichiers ( info.txt & log.txt ) s'ouvriront.

[x] Copie colle le contenu des deux rapports dans ton prochain message

[x] Si jamais tu as fermé les rapports sans faire attention, ils sont sous C:\rsit

Thiem · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dan at 2009-09-27 19:59:32
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 628 MB (2%) free of 31 GB
Total RAM: 2046 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:58, on 27/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
D:\Documents and Settings\avast\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
D:\Documents and Settings\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\DOCUME~1\avast\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Documents and Settings\iTunesHelper.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Documents and Settings\amélioration windows\StartClock\StartClock.exe
D:\Documents and Settings\amélioration windows\win flip\WinFlip.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Dan\Mes documents\Downloads\RSIT (1).exe
C:\Program Files	rend micro\Dan.exe
C:\Program Files\Fichiers communs\Symantec Shared\COH\coh32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avast!] D:\DOCUME~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [VisualTooltip] D:\Documents and Settings\amélioration windows\VisualToolTip\VisualToolTip.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Documents and Settings\iTunesHelper.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\RunOnce: []  (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: []  (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1010\..\RunOnce: []  (User 'Thibaut')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Marion')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1012\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1012\..\RunOnce: []  (User '?')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1013\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1013\..\RunOnce: []  (User '?')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')
O4 - Startup: StartClock.lnk = ?
O4 - Startup: WinFlip.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: apache - Apache Software Foundation - C:\Program Files\ImmobilierLoyerocherdigital\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Documents and Settings\avast\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Documents and Settings\avast\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Documents and Settings\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Documents and Settings\avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98c6b311d32da) (gupdate1c98c6b311d32da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Documents and Settings\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

Xplode · Answer

Ok, commence par faire ceci :

USBfix ------>

[x] Télécharge USBfix à cette adresse : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

[x] Un tutoriel est disponible ici : https://www.malekal.com/usbfix-supprimer-virus-usb/

[x] Installe le

[x] Branche tout tes médias amovibles ( clés USB, DD externe )

[x] Lance USBfix en cliquant sur l'icône qui est sur ton bureau ( Clique droit -> Executer en tant qu'administrateur pour vista )

[x] Choisis l'option F ( pour français ) et valide en appuyant sur entrée.

[x] Au menu principal, choisi l'option 1

[x] Laisse l'outil travailler puis poste le rapport dans ton prochain message

---------------------------------

Malwarebyte's anti-malware ----->

[x] Télécharge Malwarebyte's anti-malware (MBAM) à cette adresse : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

[x] Installe le

[x] Coche bien tout les éléments trouvés et supprime les !

[x] Un tutoriel pour son utilisation est disponible ici : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

[x] Suis les indications données sur le lien précédent puis copie/colle le rapport généré dans ton prochain message

Thiem · Answer

j ai déja utilisé usb fix récement et est nettoyé les clés et malwarebytes ne trouve rien

Xplode · Answer

Repasse quand même USBfix, il reste une infection USB.

Thiem · Answer

tu aurai le nom de la clé en question j en est une vingtaine plus un  disque dur

Xplode · Answer

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{779a3688-831e-11dc-8bd1-00038a000015}]
shell\iledefrance\command - G:\start.exe 


Passe l'option 1 d'USBfix.

Thiem · Answer

j ai jamais ouvert en g et "iledefrance" je vois pas

Xplode · Answer

Peux tu suivres mes instructions ?

Si tu ne fais rien de ce que je te dis, ce n'est même pas la peine de venir poster..

Thiem · Answer

je texplique...
j essai de sui..
ah attend il a fini

############################## | UsbFix V6.037 |

User : Dan (Administrateurs) # DANIEL
Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 20:45:31 | 27/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

              Intel(R) Pentium(R) D CPU 3.40GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1335 [VPS 090509-0] 4.8.1335 [ (!) Disabled | Updated ]
AV : Norton 360 2007 [ Enabled | Updated ]
FW : Norton 360[ Enabled ]2007

C:\ -> Disque fixe local # 29,99 Go (628,35 Mo free) [HDD] # NTFS
D:\ -> Disque fixe local # 334,8 Go (286,91 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
H:\ -> Disque amovible # 3,82 Go (586,69 Mo free) [THIBAUT] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
D:\Documents and Settings\avast\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
D:\Documents and Settings\CDBurnerXP\NMSAccessU.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\DOCUME~1\avast\ashDisp.exe
D:\Documents and Settings\amélioration windows\VisualToolTip\VisualToolTip.exe
D:\Documents and Settings\iTunesHelper.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\amélioration windows\StartClock\StartClock.exe
D:\Documents and Settings\amélioration windows\win flip\WinFlip.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

C:\autorun.inf  
D:\autorun.inf  
H:\.ecycled\info.exe  
H:\RECYCLED\INFO.exe  

################## | Registre # Clés Run infectieuses |

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	askmgr.exe]  
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"  

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{779a3688-831e-11dc-8bd1-00038a000015}
Shell\iledefrance\command =G:\start.exe 

################## | ! Fin du rapport # UsbFix V6.037 ! |

j ai placé la clé que je pense suspecte j espere ne pas avoir à branché toute les clés


question à part 



ne suffit t il pas de supprimé la clé registre?

Xplode · Answer

Non, il ne suffit pas de supprimer la clé registre car les fichiers infectieux déjà présents sur tes médias amovibles ne seront eux pas supprimés et contamineront les autres machines.

------- SUPPRESSION --------

[x] Relance USBfix mais cette fois ci choisis l'option 2

/!\ N'oublie pas de laisser tes médias amovibles branchés sur ton PC /!\

[x] Patiente pendant que l'outil travaille.

[x] Ton PC redémarrera, puis USBfix analysera tes médias amovibles.

[x] Poste le rapport situé sous C:\USBfix.txt

Thiem · Answer

c etait bien cette clé??



############################## | UsbFix V6.037 |

User : Dan (Administrateurs) # DANIEL
Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 21:00:11 | 27/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

              Intel(R) Pentium(R) D CPU 3.40GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1335 [VPS 090509-0] 4.8.1335 [ (!) Disabled | Updated ]
AV : Norton 360 2007 [ Enabled | Updated ]
FW : Norton 360[ Enabled ]2007

C:\ -> Disque fixe local # 29,99 Go (597,93 Mo free) [HDD] # NTFS
D:\ -> Disque fixe local # 334,8 Go (286,89 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
H:\ -> Disque amovible # 3,82 Go (586,69 Mo free) [THIBAUT] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
D:\Documents and Settings\avast\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
D:\Documents and Settings\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\autorun.inf 
Supprimé ! D:\autorun.inf 
Supprimé ! H:\.ecycled\info.exe 

################## | Registre # Clés Run infectieuses |

Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	askmgr.exe]  
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"  
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"  
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"  
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"  
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"  
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoViewContextMenu"  
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoWinKeys"  

################## | Registre # Mountpoints2 |


################## | Listing des fichiers présent |

[04/08/2006 13:42|-rahsc---|215] C:\BOOT.BAK 
[21/06/2009 09:57|--ahsc---|296] C:\BOOT.INI 
[05/08/2004 14:00|-rahsc---|4952] C:\Bootfont.bin 
[24/08/2007 22:14|--a--c---|616808] C:\ccL70U.dll 
[24/08/2007 22:07|--a--c---|369512] C:\ccScanw.dll 
[24/08/2007 22:07|--a--c---|120680] C:\ccVrTrst.dll 
[05/08/2004 14:00|-rahs----|263488] C:\cmldr 
[01/06/2008 11:02|--a--c---|74] C:\CMLoader.log 
[10/05/2009 10:06|--a--c---|24766] C:\ComboFix.txt 
[20/07/2008 14:17|--a--c---|75497] C:\Contr_le du volume-Benjamin Schirmer.gg 
[21/05/2007 20:44|--a--c---|99] C:\CtDrvIns.log 
[28/02/2008 21:54|--a--c---|1291616] C:\dec_abi.dll 
[28/02/2008 21:54|--a--c---|632184] C:\DefUtDCD.dll 
[04/08/2006 13:21|--a--c---|6195] C:\DWNLOG.TXT 
[20/07/2008 19:30|--a--c---|38721] C:\D_tecteur de r_seau sans fil-Google.gg 
[28/02/2008 21:54|--a--c---|43176] C:\ecmldr32.dll 
[20/07/2008 13:22|--a--c---|59003] C:\GADGET_NAME-Google Inc..gg 
[28/02/2008 21:55|--a--c---|26782] C:\help.hta 
[20/07/2008 13:34|--a--c---|68892] C:\Horloge mondiale jour et nuit-Google.gg 
[15/06/2009 18:19|--a--c---|655840] C:\ImgCache.pvd 
[15/06/2009 18:19|--a--c---|16] C:\ImgCache.pvi 
[04/08/2006 13:43|-rahsc---|0] C:\IO.SYS 
[04/08/2006 13:44|--ah-c---|845] C:\IPH.PH 
[17/09/2008 20:22|--a--c---|46774] C:\MDACSET.log 
[28/02/2008 21:55|--a--c---|1869] C:\Microsoft.VC80.CRT.manifest 
[04/08/2006 13:43|-rahsc---|0] C:\MSDOS.SYS 
[28/02/2008 21:54|--a--c---|321152] C:\msl.dll 
[28/02/2008 21:55|--a--c---|548864] C:\msvcp80.dll 
[28/02/2008 21:55|--a--c---|626688] C:\msvcr80.dll 
[28/02/2008 21:59|--a--c---|592240] C:\Nss.exe 
[05/08/2004 14:00|--a------|47564] C:\NTDETECT.COM 
[22/10/2008 18:06|--a------|252240] C:\NTLDR 
[?|?|?] C:\pagefile.sys 
[28/02/2008 21:54|--a--c---|39808] C:\patch25d.dll 
[29/06/2009 19:22|--a--c---|13030] C:\PDOXUSRS.NET 
[20/07/2008 13:22|--a--c---|11454] C:\PLUGIN_TITLE-Google.gg 
[20/07/2008 19:30|--a--c---|77316] C:adio.blog.gadget-Matthieu Delanoe.gg 
[25/07/2008 12:05|--a--c---|68469] C:\Recherche Wikipedia-Google.gg 
[04/08/2006 11:07|--a--c---|1256] C:\SAUDIT.TXT 
[28/02/2008 21:55|--a--c---|913240] C:\SAUpdt.dll 
[28/02/2008 21:55|--a--c---|266584] C:\ScanCore.dll 
[28/02/2008 21:59|--a--c---|109424] C:\ScanRes.dll 
[24/04/2008 22:00|--a--c---|45424] C:\SKURes.dll 
[11/02/2008 21:10|--ah-c---|232] C:\sqmdata00.sqm 
[12/02/2008 10:47|--ah-c---|232] C:\sqmdata01.sqm 
[12/02/2008 10:48|--ah-c---|232] C:\sqmdata02.sqm 
[12/02/2008 10:52|--ah-c---|232] C:\sqmdata03.sqm 
[12/02/2008 10:56|--ah-c---|232] C:\sqmdata04.sqm 
[12/02/2008 11:00|--ah-c---|232] C:\sqmdata05.sqm 
[12/02/2008 13:45|--ah-c---|232] C:\sqmdata06.sqm 
[17/07/2008 16:14|--ah-c---|232] C:\sqmdata07.sqm 
[10/12/2008 20:57|--a--c---|236] C:\sqmdata08.sqm 
[10/12/2008 23:28|--a--c---|200] C:\sqmdata09.sqm 
[11/12/2008 21:01|--a--c---|236] C:\sqmdata10.sqm 
[15/12/2008 23:30|--a--c---|248] C:\sqmdata11.sqm 
[11/02/2008 21:10|--ah-c---|244] C:\sqmnoopt00.sqm 
[12/02/2008 10:47|--ah-c---|244] C:\sqmnoopt01.sqm 
[12/02/2008 10:48|--ah-c---|244] C:\sqmnoopt02.sqm 
[12/02/2008 10:52|--ah-c---|244] C:\sqmnoopt03.sqm 
[12/02/2008 10:56|--ah-c---|244] C:\sqmnoopt04.sqm 
[12/02/2008 11:00|--ah-c---|244] C:\sqmnoopt05.sqm 
[12/02/2008 13:45|--ah-c---|244] C:\sqmnoopt06.sqm 
[17/07/2008 16:14|--ah-c---|244] C:\sqmnoopt07.sqm 
[10/12/2008 20:57|--a--c---|200] C:\sqmnoopt08.sqm 
[10/12/2008 23:28|--a--c---|200] C:\sqmnoopt09.sqm 
[11/12/2008 21:01|--a--c---|200] C:\sqmnoopt10.sqm 
[15/12/2008 23:30|--a--c---|212] C:\sqmnoopt11.sqm 
[13/05/2009 13:16|--a--c---|1878] C:\TB.txt 
[20/07/2008 13:33|--a--c---|31609] C:\Tetris-Benjamin Schirmer.gg 
[13/09/2008 17:35|--a--c---|152095] C:\Tout sur le sport-Apexoft.gg 
[28/10/2008 13:26|--a--c---|510] C:\updatedatfix.log 
[11/06/2008 12:27|--a--c---|302553] C:\vrq.log 
[11/06/2008 12:15|--a--c---|230] C:\vrqtoolSREnable.reg 
[17/09/2008 11:57|--a--c---|340] C:\VundoFix.txt 
[15/04/2009 16:48|--a------|18487] D:\License_en_US.rtf 
[27/04/2009 20:28|--a------|499712] D:\msvcp71.dll 
[27/04/2009 20:28|--a------|348160] D:\msvcr71.dll 
[27/04/2009 20:28|--a------|322560] D:\msvcrt.dll 
[02/06/2008 00:04|-r-h-----|120] D:\NG Recovery Point Storage.ini 
[13/02/2008 10:58|--a------|262144] D:
tuser.dat 
[06/05/2009 20:25|--ah-----|1024] D:
tuser.dat.LOG 
[27/04/2009 20:28|--a------|2128400] D:\QtCoreVBox4.dll 
[27/04/2009 20:28|--a------|7465488] D:\QtGuiVBox4.dll 
[27/04/2009 20:28|--a------|608784] D:\QtNetworkVBox4.dll 
[27/04/2009 20:28|--a------|249856] D:\SDL.dll 
[27/04/2009 20:28|--a------|348160] D:\SDL_ttf.dll 
[13/06/2008 15:21|--ah-----|268] D:\sqmdata00.sqm 
[13/06/2008 15:56|--ah-----|268] D:\sqmdata01.sqm 
[13/06/2008 17:25|--ah-----|268] D:\sqmdata02.sqm 
[29/07/2008 14:49|--ah-----|268] D:\sqmdata03.sqm 
[25/10/2008 07:10|--ah-----|268] D:\sqmdata04.sqm 
[08/11/2008 08:27|--ah-----|268] D:\sqmdata05.sqm 
[11/06/2008 13:38|--ah-----|268] D:\sqmdata06.sqm 
[11/06/2008 14:59|--ah-----|268] D:\sqmdata07.sqm 
[11/06/2008 15:31|--ah-----|136] D:\sqmdata08.sqm 
[11/06/2008 16:18|--ah-----|268] D:\sqmdata09.sqm 
[11/06/2008 18:20|--ah-----|268] D:\sqmdata10.sqm 
[12/06/2008 10:15|--ah-----|268] D:\sqmdata11.sqm 
[12/06/2008 13:41|--ah-----|268] D:\sqmdata12.sqm 
[12/06/2008 16:10|--ah-----|268] D:\sqmdata13.sqm 
[12/06/2008 17:43|--ah-----|268] D:\sqmdata14.sqm 
[13/06/2008 11:05|--ah-----|268] D:\sqmdata15.sqm 
[13/06/2008 12:05|--ah-----|268] D:\sqmdata16.sqm 
[13/06/2008 12:42|--ah-----|268] D:\sqmdata17.sqm 
[13/06/2008 13:33|--ah-----|268] D:\sqmdata18.sqm 
[13/06/2008 14:17|--ah-----|268] D:\sqmdata19.sqm 
[13/06/2008 15:21|--ah-----|244] D:\sqmnoopt00.sqm 
[13/06/2008 15:56|--ah-----|244] D:\sqmnoopt01.sqm 
[13/06/2008 17:25|--ah-----|244] D:\sqmnoopt02.sqm 
[29/07/2008 14:49|--ah-----|244] D:\sqmnoopt03.sqm 
[25/10/2008 07:10|--ah-----|244] D:\sqmnoopt04.sqm 
[08/11/2008 08:27|--ah-----|244] D:\sqmnoopt05.sqm 
[11/06/2008 13:38|--ah-----|244] D:\sqmnoopt06.sqm 
[11/06/2008 14:59|--ah-----|244] D:\sqmnoopt07.sqm 
[11/06/2008 15:31|--ah-----|136] D:\sqmnoopt08.sqm 
[11/06/2008 16:18|--ah-----|244] D:\sqmnoopt09.sqm 
[11/06/2008 18:20|--ah-----|244] D:\sqmnoopt10.sqm 
[12/06/2008 10:15|--ah-----|244] D:\sqmnoopt11.sqm 
[12/06/2008 13:41|--ah-----|244] D:\sqmnoopt12.sqm 
[12/06/2008 16:10|--ah-----|244] D:\sqmnoopt13.sqm 
[12/06/2008 17:43|--ah-----|244] D:\sqmnoopt14.sqm 
[13/06/2008 11:05|--ah-----|244] D:\sqmnoopt15.sqm 
[13/06/2008 12:05|--ah-----|244] D:\sqmnoopt16.sqm 
[13/06/2008 12:42|--ah-----|244] D:\sqmnoopt17.sqm 
[13/06/2008 13:33|--ah-----|244] D:\sqmnoopt18.sqm 
[13/06/2008 14:17|--ah-----|244] D:\sqmnoopt19.sqm 
[21/06/2009 09:49|--a------|634] D:\TCleaner.txt 
[27/09/2009 21:05|--a------|11191] D:\UsbFix.txt 
[27/04/2009 20:41|--a------|686608] D:\VBoxC.dll 
[27/04/2009 20:41|--a------|117264] D:\VBoxDbg.dll 
[27/04/2009 20:41|--a------|1579536] D:\VBoxDD.dll 
[27/04/2009 20:41|--a------|190992] D:\VBoxDD2.dll 
[27/04/2009 20:39|--a------|8960] D:\VBoxDD2GC.gc 
[27/04/2009 20:39|--a------|8960] D:\VBoxDD2R0.r0 
[27/04/2009 20:39|--a------|67776] D:\VBoxDDGC.gc 
[27/04/2009 20:39|--a------|67328] D:\VBoxDDR0.r0 
[27/04/2009 20:39|--a------|154128] D:\VBoxDDU.dll 
[27/04/2009 20:21|--a------|28755968] D:\VBoxGuestAdditions.iso 
[27/04/2009 20:39|--a------|42512] D:\VBoxGuestPropSvc.dll 
[27/04/2009 20:41|--a------|51728] D:\VBoxHeadless.exe 
[27/04/2009 20:41|--a------|494096] D:\VBoxManage.exe 
[27/04/2009 20:39|--a------|59920] D:\VBoxNetDHCP.exe 
[27/04/2009 20:32|--a------|121360] D:\VBoxOGLhostcrutil.dll 
[27/04/2009 20:39|--a------|84496] D:\VBoxOGLhosterrorspu.dll 
[27/04/2009 20:39|--a------|84496] D:\VBoxOGLrenderspu.dll 
[27/04/2009 20:39|--a------|29200] D:\VBoxREM.dll 
[27/04/2009 20:39|--a------|549904] D:\VBoxREM32.dll 
[27/04/2009 20:39|--a------|768016] D:\VBoxREM64.dll 
[27/04/2009 20:32|--a------|752144] D:\VBoxRT.dll 
[27/04/2009 20:41|--a------|1186320] D:\VBoxSDL.exe 
[27/04/2009 20:41|--a------|1137168] D:\VBoxSettings.dll 
[27/04/2009 20:39|--a------|17424] D:\VBoxSharedClipboard.dll 
[27/04/2009 20:41|--a------|580112] D:\VBoxSharedCrOpenGL.dll 
[27/04/2009 20:39|--a------|27152] D:\VBoxSharedFolders.dll 
[27/04/2009 20:41|--a------|1894928] D:\VBoxSVC.exe 
[27/04/2009 20:39|--a------|899600] D:\VBoxVMM.dll 
[27/04/2009 20:39|--a------|596496] D:\VBoxVRDP.dll 
[06/06/2009 11:28|--a------|425] D:\VBoxVRDP.lnk 
[27/04/2009 20:41|--a------|4282896] D:\vboxwebsrv.exe 
[27/04/2009 20:39|--a------|3071467] D:\VirtualBox.chm 
[27/04/2009 20:41|--a------|3381776] D:\VirtualBox.exe 
[27/04/2009 20:39|--a------|274304] D:\VMMGC.gc 
[27/04/2009 20:39|--a------|360768] D:\VMMR0.r0 
[27/04/2009 20:32|--a------|10768] D:\VRDPAuth.dll 
[23/08/2009 15:28|--a------|296] H:\WMPInfo.xml 
[07/06/2009 00:47|--a------|832000] H:\Technologie (emballage, imprime si je te dit pas ou que j'oublie de te dire de ne pas imprimer).ppt 

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.  
# D:\autorun.inf -> Folder created by UsbFix.  
# H:\autorun.inf -> Folder created by UsbFix.

Xplode · Answer

Refais un scan MBAM en laissant branchés tes supports amovibles.

Thiem · Answer

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2040
Windows 5.1.2600 Service Pack 3

29/09/2009 20:33:50
mbam-log-2009-09-29 (20-33-50).txt

Type de recherche: Examen complet (C:\|D:\|H:\|)
Eléments examinés: 422936
Temps écoulé: 2 hour(s), 13 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Xplode · Answer

Ok, fais ceci maintenant :

ESET Nod32 Scan en ligne ----->

[x] Rends toi sur ce site : https://www.eset.com/

/!\ Il faut que tu utilises internet explorer pour faire l'analyse en ligne /!\

[x] Coche " Oui, j'accepte.... " puis cliques sur " Start ".

[x] Attend un peu le chargement de la page, puis clique sur le bandeau jaune en haut de
l'écran " Ce site nécessite.... OnlineScanner.cab... "

-> Clique sur " Installer le contrôle ActiveX "
-> Confirme ensuite en cliquant sur " Installer " dans la petite fenêtre qui s'ouvre.

[x] Clique sur paramètre avancé, puis coche " Rechercher les applications potentiellement dangereuses " , vérifie que les deux premieres cases sont elles aussi cochées.

[x] Le scanner se mettra à jour, celà peut prendre un certain temps

[x] L'analyse va ensuite s'effectuer.

[x] Copie/Colle le rapport dans ton prochain message. ( C:\ESET\...\log.txt )

Thiem · Answer

j ai perdu le .txt mais y a 7 infections dont un cheval deux troie deux truc ask toolbar et des truc dans win 32

Xplode · Answer

Le rapport est dans C:\ESET\...\log.txt

Thiem · Answer

perdu

Xplode · Answer

Refais un scan RSIT et poste le rapport

Thiem · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dan at 2009-09-30 17:48:57
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 975 MB (3%) free of 31 GB
Total RAM: 2046 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:07, on 30/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
D:\Documents and Settings\avast\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
D:\Documents and Settings\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\DOCUME~1\avast\ashDisp.exe
D:\Documents and Settings\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Documents and Settings\amélioration windows\StartClock\StartClock.exe
D:\Documents and Settings\amélioration windows\win flip\WinFlip.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Dan\Mes documents\Downloads\RSIT.exe
C:\Program Files	rend micro\Dan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avast!] D:\DOCUME~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [VisualTooltip] D:\Documents and Settings\amélioration windows\VisualToolTip\VisualToolTip.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Documents and Settings\iTunesHelper.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\RunOnce: []  (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: []  (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Françoise')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1009\..\RunOnce: []  (User 'Françoise')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1010\..\RunOnce: []  (User 'Thibaut')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Marion')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1012\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1012\..\RunOnce: []  (User '?')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1013\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1013\..\RunOnce: []  (User '?')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')
O4 - Startup: StartClock.lnk = ?
O4 - Startup: WinFlip.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: apache - Apache Software Foundation - C:\Program Files\ImmobilierLoyerocherdigital\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Documents and Settings\avast\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Documents and Settings\avast\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Documents and Settings\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Documents and Settings\avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98c6b311d32da) (gupdate1c98c6b311d32da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Documents and Settings\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

Xplode · Answer

SuperAntiSpyware ---->

[x] Télécharge SuperAntiSpyware à cette adresse : http://dl.commentcamarche.net/www.commentcamarche.net/download/files/SUPERAntiSpyware4.28.1010.exe

[x] Suis la procédure d'installation

[x] Séléctionne " French " dans la fenêtre " language " qui s'ouvrira

[x] Clique sur " Oui " dans la fenêtre qui te demanderas si tu veux mettre à jour SuperAntiSpyware

[x] Dans la fenêtre de configuration qui s'ouvrira avec la MaJ , laisse les options par défaut et clique sur suivant.

[x] Au menu principal, séléctionne " Scanner votre ordinateur "

[x] A droite de la fenêtre, coche " Executer scan complet " puis clique sur " Suivant "

[x] Patiente pendant le scan

[x] Si des éléments sont détectés, vérifie qu'ils sont tous cochés plus clique sur suivant

[x] Il te sera peut être proposé de redémarrer, fais le.

[x] Relance SaS, puis clique sur " Préférences "

[x] Va dans l'onglet " Statistiques/Journaux de bord "

[x] Clique sur le rapport puis sur " Voir le journal de bord " 

[x] Copie/Colle son contenu ( CTRL+A pour tout séléctionner, CTRL+C pour copier, CTRL+V pour coller ) dans ton prochain message.

Thiem · Answer

quesqu il reste comme virus

Xplode · Answer

Infection USB qui est magiquement réapparue, et quelques trucs qui me semblent louches dans les entrées de démarrage.

Le log de nod32 m'aurait arrangé ...

Thiem · Answer

j ai refait un eset nod32 qui n a rien trouvé

Xplode · Answer

Ok, fais maintenant SuperAntiSpyware

Thiem · Answer

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 09/30/2009 at 07:37 PM

Application Version : 4.28.1010

Core Rules Database Version : 4136
Trace Rules Database Version: 2068

Scan type       : Complete Scan
Total Scan Time : 01:33:54

Memory items scanned      : 826
Memory threats detected   : 0
Registry items scanned    : 8828
Registry threats detected : 0
File items scanned        : 33596
File threats detected     : 7

Adware.Tracking Cookie
	D:\Documents and Settings\Dan\Cookies\dan@bs.serving-sys[1].txt
	D:\Documents and Settings\Dan\Cookies\dan@weborama[1].txt
	D:\Documents and Settings\Dan\Cookies\dan@serving-sys[1].txt
	D:\Documents and Settings\Dan\Cookies\dan@atdmt[2].txt
	D:\Documents and Settings\Dan\Cookies\dan@virginmobile.solution.weborama[2].txt
	D:\Documents and Settings\Dan\Cookies\dan@msnportal.112.2o7[1].txt
	D:\Documents and Settings\Dan\Cookies\dan@maxis.112.2o7[1].txt

Xplode · Answer

Combofix ----->

[x] Télécharge ComboFIX ( de sUBs ) à cette adresse : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[x] Suis scrupuleusement les indications de ce tutoriel : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

[x] Copie/Colle le rapport qui se trouve sous C:\Combofix.txt dans ton prochain message.

Thiem · Answer

ComboFix 09-09-29.04 - Dan 30/09/2009 22:32.5.2 - NTFSx86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.2046.1079 [GMT 2:00]
Lancé depuis: d:\documents and settings\Dan\Mes documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090509-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\20bc49.msi
c:\windows\Installer\52d4d.msi
c:\windows\Installer\5c9bc.msi
c:\windows\Installer\85326.msi
c:\windows\Installer\WinRMSrv.msi
c:\windows\Installer\WMEncoder.msi
d:\docume~1\Dan\LOCALS~1\Temp\VolumeControlDLL[0].dll
d:\documents and settings\Dan\Local Settings	emp\VolumeControlDLL[0].dll
d:\documents and settings\Dofus\uninstall.exe
d:\documents and settings\Registry Mechanic\Update.exe

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-08-28 au 2009-09-30  ))))))))))))))))))))))))))))))))))))
.

2009-09-30 16:00 . 2009-09-30 16:00	--------	d-----w-	d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-30 15:59 . 2009-09-30 15:59	--------	d-----w-	d:\documents and settings\Dan\Application Data\SUPERAntiSpyware.com
2009-09-30 15:59 . 2009-09-30 15:59	--------	d-----w-	c:\program files\Fichiers communs\Wise Installation Wizard
2009-09-30 12:13 . 2009-09-30 12:13	--------	d-----w-	c:\program files\ESET
2009-09-29 10:47 . 2009-09-29 10:48	--------	d-----w-	d:\documents and settings\All Users\Application Data\SimCity Societies
2009-09-27 18:45 . 2009-09-27 19:05	--------	dc----w-	C:\UsbFix
2009-09-27 18:12 . 2009-09-27 18:12	145480	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-24 19:13 . 2009-09-24 19:14	--------	d-----w-	d:\documents and settings\Dan\Application Data\Nero
2009-09-24 18:51 . 2009-09-24 18:57	--------	d-----w-	d:\documents and settings\All Users\Application Data\Nero
2009-09-24 18:51 . 2009-09-24 19:10	--------	d-----w-	c:\program files\Fichiers communs\Nero
2009-09-24 17:08 . 2009-09-24 17:11	--------	d-----w-	d:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-09-23 12:01 . 2007-04-09 11:23	28040	----a-w-	c:\windows\system32\mdimon.dll
2009-09-23 11:57 . 2009-09-27 16:40	--------	d-----w-	c:\program files\Microsoft Works
2009-09-21 18:17 . 2009-09-21 18:17	--------	d-----w-	d:\documents and settings\Dan\Application Data\Megaupload
2009-09-20 15:37 . 2009-09-20 15:37	--------	d-----w-	d:\documents and settings\LocalService\Bureau
2009-09-20 15:29 . 2009-07-03 14:49	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
2009-09-20 15:27 . 2009-09-20 15:27	--------	dc-h--w-	d:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-20 15:27 . 2009-09-20 15:28	--------	d-----w-	d:\documents and settings\All Users\Application Data\Lavasoft
2009-09-20 15:27 . 2009-09-20 15:27	--------	d-----w-	c:\program files\Lavasoft
2009-09-20 15:18 . 2009-09-20 15:32	--------	d-----w-	c:\program files\TweakNow RegCleaner
2009-09-20 15:18 . 2009-09-20 15:18	--------	d-----w-	d:\documents and settings\Dan\Application Data\TweakNow RegCleaner
2009-09-12 13:35 . 2009-09-18 17:56	--------	d-----w-	d:\documents and settings\Dan\Application Data\codeblocks
2009-09-12 07:22 . 2009-06-21 21:47	153088	------w-	c:\windows\system32\dllcache	riedit.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 20:45 . 2008-10-24 09:15	--------	d---a-w-	d:\documents and settings\All Users\Application Data\TEMP
2009-09-30 20:41 . 2006-08-04 11:47	--------	d-----w-	c:\program files\Fichiers communs\Symantec Shared
2009-09-30 15:49 . 2008-06-12 11:17	--------	d-----w-	c:\program files\Trend Micro
2009-09-30 12:03 . 2009-02-11 17:05	--------	d-----w-	d:\documents and settings\All Users\Application Data\Google Updater
2009-09-29 15:34 . 2008-06-13 12:29	--------	d-----w-	d:\documents and settings\All Users\Application Data\Symantec
2009-09-24 17:11 . 2008-06-01 10:47	145480	----a-w-	d:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-23 11:55 . 2008-12-17 21:00	--------	d-----w-	c:\program files\Microsoft.NET
2009-09-22 10:52 . 2006-08-04 11:33	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-09-18 17:31 . 2009-03-28 12:03	--------	d-----w-	d:\documents and settings\Dan\Application Data\dvdcss
2009-09-13 08:15 . 2008-12-20 12:43	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-10 12:54 . 2009-04-25 18:21	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-04-25 18:21	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-07 17:26 . 2006-09-02 16:33	--------	d-----w-	c:\program files\EA GAMES
2009-09-03 15:18 . 2009-06-13 14:12	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-09-03 11:49 . 2009-08-25 12:19	--------	d-----w-	c:\program files\Yuuguu
2009-08-31 18:12 . 2009-03-21 20:24	--------	d-----w-	d:\documents and settings\Dan\Application Data\gtk-2.0
2009-08-28 06:40 . 2009-06-14 18:05	--------	d-----w-	c:\program files\ImmobilierLoyer
2009-08-26 18:57 . 2008-10-22 16:14	--------	d-----w-	d:\documents and settings\Dan\Application Data\Audacity
2009-08-26 16:43 . 2008-12-21 06:43	101184	----a-w-	d:\documents and settings\Marion\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 12:05 . 2009-08-25 12:05	--------	d-----w-	c:\program files\MSBuild
2009-08-25 12:04 . 2009-08-25 12:04	--------	d-----w-	c:\program files\Reference Assemblies
2009-08-24 16:49 . 2006-10-23 10:36	545	----a-w-	c:\windows\eReg.dat
2009-08-05 09:00 . 2004-08-16 15:40	205312	----a-w-	c:\windows\system32\mswebdvd.dll
2009-07-17 19:03 . 2004-08-16 15:39	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-16 15:41	286208	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-03 16:57 . 2004-08-16 15:41	915456	----a-w-	c:\windows\system32\wininet.dll
2008-09-24 17:44 . 2008-09-24 17:44	20480	----a-w-	c:\program files\Fichiers communs	hibaut.PTX
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2004-11-18 258048]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SUPERAntiSpyware"="D:\SUPERAntiSpyware.exe" [2009-09-04 1994480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-20 29744]
"avast!"="d:\docume~1\avast\ashDisp.exe" [2009-02-05 81000]
"VisualTooltip"="d:\documents and settings\amélioration windows\VisualToolTip\VisualToolTip.exe" [2007-04-25 956928]
"iTunesHelper"="d:\documents and settings\iTunesHelper.exe" [2009-06-05 292136]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\TWEAKUI.CPL [2001-03-18 110640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

d:\documents and settings\Dan\Menu D‚marrer\Programmes\D‚marrage\
StartClock.lnk - d:\documents and settings\am‚lioration windows\StartClock\StartClock.exe [2009-3-14 93696]
WinFlip.lnk - d:\documents and settings\am‚lioration windows\win flip\WinFlip.exe [2008-5-21 483328]

d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\!SASWinLogon]
2009-09-03 13:21	548352	----a-w-	D:\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\OPXPGina]
2006-01-30 06:53	49152	----a-w-	c:\apps\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=
"c:\WINDOWS\system32\rtcshare.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\Real\RealPlayer\realplay.exe"=
"c:\Program Files\QuickTime\QuickTimePlayer.exe"=
"d:\Documents and Settings\iTunes.exe"=
"c:\Program Files\Microsoft Games\Age of Empires III\age3.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3015:TCP"= 3015:TCP:@xpsp2res.dll,-22004
"1722:TCP"= 1722:TCP:@xpsp2res.dll,-22004
"13105:TCP"= 13105:TCP:@xpsp2res.dll,-22004
"25068:TCP"= 25068:TCP:@xpsp2res.dll,-22004
"5307:TCP"= 5307:TCP:@xpsp2res.dll,-22004

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/09/2009 17:29 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/01/2009 21:15 114768]
R1 SASDIFSV;SASDIFSV;D:\sasdifsv.sys [04/09/2009 14:50 9968]
R1 SASKUTIL;SASKUTIL;D:\SASKUTIL.SYS [04/09/2009 14:49 74480]
R1 SSHDRV52;SSHDRV52;c:\windows\system32\drivers\SSHDRV52.sys [17/06/2009 12:01 29184]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [06/06/2009 11:28 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [06/06/2009 11:28 41424]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [27/11/2008 19:49 10240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/01/2009 21:15 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [22/02/2009 18:58 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 16:49 1029456]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\CCSVCHST.EXE [18/02/2008 13:37 149352]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 20:36 102448]
R3 SASENUM;SASENUM;D:\SASENUM.SYS [04/09/2009 14:50 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [27/03/2009 14:23 23064]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [06/06/2009 11:28 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [27/04/2009 20:39 87696]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [04/06/2009 21:54 17792]
S0 xcgqsins;xcgqsins;c:\windows\system32\drivers\lvqibymz.dat --> c:\windows\system32\drivers\lvqibymz.dat [?]
S2 gupdate1c98c6b311d32da;Google Update Service (gupdate1c98c6b311d32da);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 19:07 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/01/2008 20:32 23888]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [20/07/2008 13:22 29744]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 17:53 167808]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [06/06/2009 11:28 31952]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{779a3688-831e-11dc-8bd1-00038a000015}]
\Shell\iledefrance\command - G:\start.exe
.
Contenu du dossier 'Tâches planifiées'

2009-09-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2009-09-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-10 19:06]

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 17:06]

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 17:06]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = 
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - d:\office11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - d:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\0phx6kom.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.neufportail.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592
pCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7
pGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology
pViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\documents and settings\Mozilla Plugins
pitunes.dll
FF - plugin: d:\documents and settings
pvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Super Blank_is1 - d:\bureau\SuperBlank\unins000.exe
AddRemove-{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1 - d:\bureau\Opti Drive Control\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 22:43
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xcgqsins]
"ImagePath"="system32\drivers\lvqibymz.dat"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* *¹*“%\OpenWithList]
@Class="Shell"
"a"="NOTEPAD.EXE"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* *¹*“%\OpenWithProgids]
" ¹¦_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%+*Æ*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%+*Æ*\OpenWithList]
@Class="Shell"
"a"="wmplayer.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%+*Æ*\OpenWithProgids]
"¦+Æ_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2755F05C-BC07-E7B3-49C5-76D06475FABA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abkkphlmiohjlfldpfejgefelcamahjage"=hex:6b,61,6c,6a,65,69,70,63,6d,6f,6d,70,
   66,70,69,6f,6d,61,69,61,68,68,00,00
"paelckkolijdanmmmgjpiolhfcpldobm"=hex:6b,61,6c,6a,65,69,70,63,6d,6f,6d,70,66,
   70,69,6f,6d,61,69,61,68,68,00,00

[HKEY_LOCAL_MACHINE\software\Classes\.*c%+*Æ*]
@="¦+Æ_auto_file"

[HKEY_LOCAL_MACHINE\software\Classes\c%+*Æ*_*a*u*t*o*_*f*i*l*e*\shell]
@="open"

[HKEY_LOCAL_MACHINE\software\Classes\c%+*Æ*_*a*u*t*o*_*f*i*l*e*\shell\open]
@="&Ouvrir"

[HKEY_LOCAL_MACHINE\software\Classes\c%+*Æ*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="c:\Program Files\Windows Media Player\wmplayer.exe /Open \"%L\""

[HKEY_LOCAL_MACHINE\software\Classes\c%+*Æ*_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Lecture"

[HKEY_LOCAL_MACHINE\software\Classes\c%+*Æ*_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@="c:\Program Files\Windows Media Player\wmplayer.exe /Play \"%L\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1648)
D:\SASWINLO.dll
c:\apps\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'explorer.exe'(2972)
d:\documents and settings\amélioration windows\VisualToolTip\VisualTooltip.dll
d:\documents and settings\amélioration windows\win flip\WFHook.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
D:\SASSEH.DLL
d:\office11\msohev.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
d:\documents and settings\avast\aswUpdSv.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\gearsec.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
d:\documents and settings\CDBurnerXP\NMSAccessU.exe
c:\windows\system32
vsvc32.exe
c:\apps\Softex\OmniPass\OmniServ.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32undll32.exe
c:\windows\system32\LVCOMSX.EXE
c:\program files\iPod\bin\iPodService.exe
d:\documents and settings\amélioration windows\win flip\WinFlip.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Heure de fin: 2009-09-30 22:51 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-09-30 20:51
ComboFix2.txt  2009-05-10 08:06

Avant-CF: 864 567 296 octets libres
Après-CF: 821 145 600 octets libres

335	--- E O F ---	2009-09-30 12:19

Thiem · Answer

j ai eu un plantage de l os du style 

l os a planté écrit sur un fond bleu et le pc qui ne fait plus de bruit mais il est repartie

Xplode · Answer

Ok, 

AV: avast! antivirus 4.8.1335 [VPS 090509-0]
AV: Norton 360 *On-access scanning enabled*


2 antivirus -> Conflit , désinstalle en un.

Thiem · Answer

lequel le plus efficace ou celui que j ai payé

Xplode · Answer

Je te conseille de désinstaller les deux et d'installer antivir à la place.

Thiem · Answer

antivir est plus efficace que avast?

Thiem · Answer

je verai pour suprimer norton et avast mais dit moi j ai plus rien sur mon pc

Xplode · Answer

Antivir est plus efficace qu'avast en effet.

Thiem · Answer

et j ai plus de virus???

Xplode · Answer

Si, il y a encore quelques merdouilles.

Désinstalle Avast et Norton 360 puis installe antivir à la place :

Tu peux le télécharger à cette adresse : http://www.commentcamarche.net/telecharger/telecharger-55-antivir

Un tutoriel est disponible ici : https://www.malekal.com/avira-free-security-antivirus-gratuit/ 

-----------------

Fais ensuite un scan avec antivir et poste le rapport dans le prochain message.

Thiem · Answer

ok

Thiem · Answer

un cheval de troie me cours apres!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

je me balladais dans mon gestionaire de proceesus et j ai trouvé sa 

wuauclt.exe

et ccm dit ça

"Le processus wuauclt.exe (wuauclt signifiant Windows Update client for WindowsME) est un processus générique de Windows Millenium servant à mettre à jour Windows Millenium via Internet.
Le fichier correspondant à ce processus est normalement située dans le répertoire "%SystemRoot%\System32\wuauclt.exe" (%SystemRoot% étant généralement C:\WINDOWS par défaut).
Il s'agit d'un processus pouvant être arrêté. Il peut toutefois s'agir du cheval de Troie Troj/Cult-B. Sa présence est trahie par l'entrée suivante dans la base de registre"

JE N AI PAS WINDOWS MILLÉNIUM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

A L AIDE

Xplode · Answer

Pas de panique, wuauclt.exe est un processus légitime. Il sert à surveiller les mises à jours windows update.
Je l'ai aussi ;)

Thiem · Answer

il y a plus de mise à jour de millénium surtout quant o a xp et surtout quand il prend 100 000 ko et que c est le processus le plus lourd

Thiem · Answer

mon lecteur cd s ouvre et se ferme intempestivement maintenant c est pas normal

Xplode · Answer

En effet c'est pas normal, refais moi un rapport d'RSIT

Thiem · Answer

en fait ca fait sa en permance il se ferme s ouvre se ferme rendant une semaine s arrete puis mise à jour de windows et sa recommence

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dan at 2009-10-04 11:27:55
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 791 MB (3%) free of 31 GB
Total RAM: 2046 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:08, on 04/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
D:\Documents and Settings\avast\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
D:\Documents and Settings\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\DOCUME~1\avast\ashDisp.exe
D:\Documents and Settings\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Documents and Settings\amélioration windows\StartClock\StartClock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Documents and Settings\amélioration windows\win flip\WinFlip.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
D:\Documents and Settings\Dan\Mes documents\Downloads\RSIT (1).exe
C:\Program Files	rend micro\Dan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avast!] D:\DOCUME~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [VisualTooltip] D:\Documents and Settings\amélioration windows\VisualToolTip\VisualToolTip.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Documents and Settings\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Françoise')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1009\..\RunOnce: []  (User 'Françoise')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1010\..\RunOnce: []  (User 'Thibaut')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Marion')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1012\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1012\..\RunOnce: []  (User '?')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1013\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1836123935-2857530727-1326383774-1013\..\RunOnce: []  (User '?')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: StartClock.lnk = ?
O4 - Startup: WinFlip.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - D:\SASWINLO.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: apache - Apache Software Foundation - C:\Program Files\ImmobilierLoyerocherdigital\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Documents and Settings\avast\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Documents and Settings\avast\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Documents and Settings\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Documents and Settings\avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98c6b311d32da) (gupdate1c98c6b311d32da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Documents and Settings\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

Xplode · Answer

-+-+-+-> OTMoveIt <-+-+-+- [x] Télécharge OTMoveIt (de Old_Timer) à cette adresse : https://www.luanagames.com/index.fr.html sur ton Bureau. [x] Double-clique sur OTMoveIt.exe. [x] Assure toi que la case Unregister Dll's and Ocx's soit bien cochée. [x] Copie le texte en gras ci dessous et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved :processes explorer.exe WinFlip.exe StartClock.exe :files D:\Documents and Settings\amélioration windows\StartClock\StartClock.exe D:\Documents and Settings\amélioration windows\win flip\WinFlip.exe :commands [emptytemp] [purity] [start explorer] [x] Clique sur MoveIt! pour lancer la suppression. [x] Si OTMoveIt propose de redémarrer ton PC, accepte. [x] Lorsque un résultat apparaît dans le cadre Results, clique sur Exit. [x] Dans ta future réponse, envoie le rapport de OTMoveIt situé sous C:\_OTMoveIt\MovedFiles ====================================================================== -+-+-+-+-> ComboFix <-+-+-+- [x] Télécharge ComboFIX ( de sUBs ) à cette adresse : http://download.bleepingcomputer.com/sUBs/ComboFix.exe [x] /!\ Fermez toutes les fenêtres de programme ouvertes /!\ [x] /!\ Désactivez toutes les protections résidentes ( Antivirus, Pare-Feu, AntiSpyware ) /!\ /!!!!\ Renomme combofix.exe en CCM.exe /!!!!\ [x] Double clique sur " CCM.exe " [x] Suis les indications qui sont données à l'écran, à un moment tu auras un message te demandant d'installer la console de récupération, fais le [x] Combofix va maintenant déconnecter ton PC d'internet [x] Pendant le scan, ne touche à rien ( souris, clavier ) [x] A la fin du scan, le rapport s'ouvrira automatiquement, copie/colle le dans ton prochain message. [o] Nb : Si jamais il ne s'ouvrait pas, il se trouve sous C:\Combofix.txt

Thiem · Answer

win flip et start clock ne sont pas des virus se sont des applications pour modifier windows

win flip simule les fenetre 3d de aero et start clock affiche l heure à la place de "demarer"

Xplode · Answer

Ok, passe à la suite alors

Thiem · Answer

ComboFix 09-10-01.05 - Dan 04/10/2009 11:49.6.2 - NTFSx86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.2046.1147 [GMT 2:00]
Lancé depuis: d:\documents and settings\Dan\Mes documents\Downloads\ccm.exe
AV: avast! antivirus 4.8.1335 [VPS 090509-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\docume~1\Dan\LOCALS~1\Temp\VolumeControlDLL[1].dll
d:\documents and settings\Dan\Application Data\Microsoft\Clip Organizer\mstore10.mgc
d:\documents and settings\Dan\Application Data\Microsoft\Clip Organizer\Offic10.MGC
d:\documents and settings\Dan\Local Settings	emp\VolumeControlDLL[1].dll

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-09-04 au 2009-10-04  ))))))))))))))))))))))))))))))))))))
.

2009-10-03 10:34 . 2009-10-03 10:34	--------	d-----w-	d:\documents and settings\Dan\Application Data\Creative
2009-09-30 16:00 . 2009-09-30 16:00	--------	d-----w-	d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-30 15:59 . 2009-09-30 15:59	--------	d-----w-	d:\documents and settings\Dan\Application Data\SUPERAntiSpyware.com
2009-09-30 15:59 . 2009-09-30 15:59	--------	d-----w-	c:\program files\Fichiers communs\Wise Installation Wizard
2009-09-30 12:13 . 2009-09-30 12:13	--------	d-----w-	c:\program files\ESET
2009-09-29 10:47 . 2009-09-29 10:48	--------	d-----w-	d:\documents and settings\All Users\Application Data\SimCity Societies
2009-09-27 18:45 . 2009-09-27 19:05	--------	dc----w-	C:\UsbFix
2009-09-27 18:12 . 2009-09-27 18:12	145480	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-24 19:13 . 2009-09-24 19:14	--------	d-----w-	d:\documents and settings\Dan\Application Data\Nero
2009-09-24 18:51 . 2009-09-24 18:57	--------	d-----w-	d:\documents and settings\All Users\Application Data\Nero
2009-09-24 18:51 . 2009-09-24 19:10	--------	d-----w-	c:\program files\Fichiers communs\Nero
2009-09-24 17:08 . 2009-09-24 17:11	--------	d-----w-	d:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-09-23 12:01 . 2007-04-09 11:23	28040	----a-w-	c:\windows\system32\mdimon.dll
2009-09-23 11:57 . 2009-09-27 16:40	--------	d-----w-	c:\program files\Microsoft Works
2009-09-21 18:17 . 2009-09-21 18:17	--------	d-----w-	d:\documents and settings\Dan\Application Data\Megaupload
2009-09-20 15:37 . 2009-09-20 15:37	--------	d-----w-	d:\documents and settings\LocalService\Bureau
2009-09-20 15:29 . 2009-07-03 14:49	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
2009-09-20 15:27 . 2009-09-20 15:27	--------	dc-h--w-	d:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-20 15:27 . 2009-09-20 15:28	--------	d-----w-	d:\documents and settings\All Users\Application Data\Lavasoft
2009-09-20 15:27 . 2009-09-20 15:27	--------	d-----w-	c:\program files\Lavasoft
2009-09-20 15:18 . 2009-09-20 15:32	--------	d-----w-	c:\program files\TweakNow RegCleaner
2009-09-20 15:18 . 2009-09-20 15:18	--------	d-----w-	d:\documents and settings\Dan\Application Data\TweakNow RegCleaner
2009-09-12 13:35 . 2009-09-18 17:56	--------	d-----w-	d:\documents and settings\Dan\Application Data\codeblocks
2009-09-12 07:22 . 2009-06-21 21:47	153088	------w-	c:\windows\system32\dllcache	riedit.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 10:07 . 2008-10-24 09:15	--------	d---a-w-	d:\documents and settings\All Users\Application Data\TEMP
2009-10-04 10:02 . 2006-08-04 11:47	--------	d-----w-	c:\program files\Fichiers communs\Symantec Shared
2009-10-04 09:27 . 2008-06-12 11:17	--------	d-----w-	c:\program files\Trend Micro
2009-10-03 18:45 . 2009-02-11 17:05	--------	d-----w-	d:\documents and settings\All Users\Application Data\Google Updater
2009-10-02 18:47 . 2008-10-22 16:14	--------	d-----w-	d:\documents and settings\Dan\Application Data\Audacity
2009-09-29 15:34 . 2008-06-13 12:29	--------	d-----w-	d:\documents and settings\All Users\Application Data\Symantec
2009-09-24 17:11 . 2008-06-01 10:47	145480	----a-w-	d:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-23 11:55 . 2008-12-17 21:00	--------	d-----w-	c:\program files\Microsoft.NET
2009-09-22 10:52 . 2006-08-04 11:33	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-09-18 17:31 . 2009-03-28 12:03	--------	d-----w-	d:\documents and settings\Dan\Application Data\dvdcss
2009-09-13 08:15 . 2008-12-20 12:43	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-10 12:54 . 2009-04-25 18:21	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-04-25 18:21	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-07 17:26 . 2006-09-02 16:33	--------	d-----w-	c:\program files\EA GAMES
2009-09-03 15:18 . 2009-06-13 14:12	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-09-03 11:49 . 2009-08-25 12:19	--------	d-----w-	c:\program files\Yuuguu
2009-08-31 18:12 . 2009-03-21 20:24	--------	d-----w-	d:\documents and settings\Dan\Application Data\gtk-2.0
2009-08-28 06:40 . 2009-06-14 18:05	--------	d-----w-	c:\program files\ImmobilierLoyer
2009-08-26 16:43 . 2008-12-21 06:43	101184	----a-w-	d:\documents and settings\Marion\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 12:05 . 2009-08-25 12:05	--------	d-----w-	c:\program files\MSBuild
2009-08-25 12:04 . 2009-08-25 12:04	--------	d-----w-	c:\program files\Reference Assemblies
2009-08-24 16:49 . 2006-10-23 10:36	545	----a-w-	c:\windows\eReg.dat
2009-08-05 09:00 . 2004-08-16 15:40	205312	----a-w-	c:\windows\system32\mswebdvd.dll
2009-07-17 19:03 . 2004-08-16 15:39	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-16 15:41	286208	----a-w-	c:\windows\system32\wmpdxm.dll
2008-09-24 17:44 . 2008-09-24 17:44	20480	----a-w-	c:\program files\Fichiers communs	hibaut.PTX
.

(((((((((((((((((((((((((((((   SnapShot@2009-09-30_20.44.32   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-02 16:27 . 2009-10-02 16:27	16384              c:\windows\TEMP\Perflib_Perfdata_6fc.dat
+ 2009-10-04 10:02 . 2009-10-04 10:02	16384              c:\windows\TEMP\Perflib_Perfdata_62c.dat
- 2006-08-04 11:58 . 2009-09-30 20:18	32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-04 11:58 . 2009-10-04 10:03	32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-04 11:58 . 2009-10-04 10:03	32768              c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2006-08-04 11:58 . 2009-09-30 20:18	32768              c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-05-19 17:03 . 2009-10-04 10:03	16384              c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-05-19 17:03 . 2009-09-30 20:18	16384              c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-01 16:43 . 2009-10-04 10:03	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-08-04 11:58 . 2009-09-30 20:18	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2004-11-18 258048]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SUPERAntiSpyware"="D:\SUPERAntiSpyware.exe" [2009-09-04 1994480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-20 29744]
"avast!"="d:\docume~1\avast\ashDisp.exe" [2009-02-05 81000]
"VisualTooltip"="d:\documents and settings\amélioration windows\VisualToolTip\VisualToolTip.exe" [2007-04-25 956928]
"iTunesHelper"="d:\documents and settings\iTunesHelper.exe" [2009-06-05 292136]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\TWEAKUI.CPL [2001-03-18 110640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

d:\documents and settings\Dan\Menu D‚marrer\Programmes\D‚marrage\
StartClock.lnk - d:\documents and settings\am‚lioration windows\StartClock\StartClock.exe [2009-3-14 93696]
WinFlip.lnk - d:\documents and settings\am‚lioration windows\win flip\WinFlip.exe [2008-5-21 483328]

d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\!SASWinLogon]
2009-09-03 13:21	548352	----a-w-	D:\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\OPXPGina]
2006-01-30 06:53	49152	----a-w-	c:\apps\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=
"c:\WINDOWS\system32\rtcshare.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\Real\RealPlayer\realplay.exe"=
"c:\Program Files\QuickTime\QuickTimePlayer.exe"=
"d:\Documents and Settings\iTunes.exe"=
"c:\Program Files\Microsoft Games\Age of Empires III\age3.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3015:TCP"= 3015:TCP:@xpsp2res.dll,-22004
"1722:TCP"= 1722:TCP:@xpsp2res.dll,-22004
"13105:TCP"= 13105:TCP:@xpsp2res.dll,-22004
"25068:TCP"= 25068:TCP:@xpsp2res.dll,-22004
"5307:TCP"= 5307:TCP:@xpsp2res.dll,-22004

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/09/2009 17:29 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/01/2009 21:15 114768]
R1 SASDIFSV;SASDIFSV;D:\sasdifsv.sys [04/09/2009 14:50 9968]
R1 SASKUTIL;SASKUTIL;D:\SASKUTIL.SYS [04/09/2009 14:49 74480]
R1 SSHDRV52;SSHDRV52;c:\windows\system32\drivers\SSHDRV52.sys [17/06/2009 12:01 29184]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [06/06/2009 11:28 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [06/06/2009 11:28 41424]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [27/11/2008 19:49 10240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/01/2009 21:15 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [22/02/2009 18:58 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 16:49 1029456]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Fichiers communs\Symantec Shared\CCSVCHST.EXE [18/02/2008 13:37 149352]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 20:36 102448]
R3 SASENUM;SASENUM;D:\SASENUM.SYS [04/09/2009 14:50 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [27/03/2009 14:23 23064]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [06/06/2009 11:28 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [27/04/2009 20:39 87696]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [04/06/2009 21:54 17792]
S0 xcgqsins;xcgqsins;c:\windows\system32\drivers\lvqibymz.dat --> c:\windows\system32\drivers\lvqibymz.dat [?]
S2 gupdate1c98c6b311d32da;Google Update Service (gupdate1c98c6b311d32da);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 19:07 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/01/2008 20:32 23888]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [20/07/2008 13:22 29744]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 17:53 167808]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [06/06/2009 11:28 31952]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{779a3688-831e-11dc-8bd1-00038a000015}]
\Shell\iledefrance\command - G:\start.exe
.
Contenu du dossier 'Tâches planifiées'

2009-09-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2009-10-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-10 19:06]

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 17:06]

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 17:06]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = 
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - d:\office11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - d:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\0phx6kom.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.neufportail.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592
pCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7
pGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology
pViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\documents and settings\Mozilla Plugins
pitunes.dll
FF - plugin: d:\documents and settings
pvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 12:05
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xcgqsins]
"ImagePath"="system32\drivers\lvqibymz.dat"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* *¹*“%\OpenWithList]
@Class="Shell"
"a"="NOTEPAD.EXE"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* *¹*“%\OpenWithProgids]
" ¹¦_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%+*Æ*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%+*Æ*\OpenWithList]
@Class="Shell"
"a"="wmplayer.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%+*Æ*\OpenWithProgids]
"¦+Æ_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-1836123935-2857530727-1326383774-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2755F05C-BC07-E7B3-49C5-76D06475FABA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abkkphlmiohjlfldpfejgefelcamahjage"=hex:6b,61,6c,6a,65,69,70,63,6d,6f,6d,70,
   66,70,69,6f,6d,61,69,61,68,68,00,00
"paelckkolijdanmmmgjpiolhfcpldobm"=hex:6b,61,6c,6a,65,69,70,63,6d,6f,6d,70,66,
   70,69,6f,6d,61,69,61,68,68,00,00

[HKEY_LOCAL_MACHINE\software\Classes\.*c%+*Æ*]
@="¦+Æ_auto_file"

[HKEY_LOCAL_MACHINE\software\Classes\c%+*Æ*_*a*u*t*o*_*f*i*l*e*\shell]
@="open"

[HKEY_LOCAL_MACHINE\software\Classes\c%+*Æ*_*a*u*t*o*_*f*i*l*e*\shell\open]
@="&Ouvrir"

[HKEY_LOCAL_MACHINE\software\Classes\c%+*Æ*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="c:\Program Files\Windows Media Player\wmplayer.exe /Open \"%L\""

[HKEY_LOCAL_MACHINE\software\Classes\c%+*Æ*_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Lecture"

[HKEY_LOCAL_MACHINE\software\Classes\c%+*Æ*_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@="c:\Program Files\Windows Media Player\wmplayer.exe /Play \"%L\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1652)
D:\SASWINLO.dll
c:\apps\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'explorer.exe'(4308)
d:\documents and settings\amélioration windows\VisualToolTip\VisualTooltip.dll
d:\documents and settings\amélioration windows\win flip\WFHook.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
D:\SASSEH.DLL
d:\office11\msohev.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
d:\documents and settings\avast\aswUpdSv.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\gearsec.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
d:\documents and settings\CDBurnerXP\NMSAccessU.exe
c:\windows\system32
vsvc32.exe
c:\apps\Softex\OmniPass\OmniServ.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32undll32.exe
c:\windows\system32\LVCOMSX.EXE
d:\documents and settings\amélioration windows\StartClock\StartClock.exe
d:\documents and settings\amélioration windows\win flip\WinFlip.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Heure de fin: 2009-10-04 12:14 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-10-04 10:14
ComboFix2.txt  2009-09-30 20:51
ComboFix3.txt  2009-05-10 08:06

Avant-CF: 765 210 624 octets libres
Après-CF: 723 488 768 octets libres

339	--- E O F ---	2009-09-30 12:19

Xplode · Answer

-+-+-+-> Lop S&D <-+-+-+-


[x] Télécharge Lop S&D (par Eric_71 & Angeldark) à cette adresse : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[x] /!\ Désactive les protections résidentes : Antivirus, antispywares, controleurs d'intégrité, etc... pour que l'outil puisse s'exécuter correctement. 

[x] Double clique sur " LopSD.exe " ( Vista : Clique droit -> Executer en tant qu'administrateur )

[x] Choisis l'option F pour français

[x] Ensuite, Choisis l'option 1 ( Recherche )

[x] Laisse l'outil travailler

[x] Copie/Colle le contenu du rapport qui s'ouvrira et poste le dans ton prochain message.

Thiem · Answer

--------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) D CPU 3.40GHz )
   BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
   USER : Dan ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton 360 2007 (Activated)
   Firewall  : Norton 360 2007 (Activated)
   C:\ (Local Disk) - NTFS - Total:29 Go (Free:0 Go)
   D:\ (Local Disk) - NTFS - Total:334 Go (Free:289 Go)
   E:\ (CD or DVD) - UDF - Total:1 Go (Free:0 Go)
   F:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 04/10/2009|12:46 )
 
   --------------------\  Listing des dossiers dans APPLIC~1


   [01/04/2009|18:48] D:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
   [06/05/2009|20:42] D:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
   [20/09/2009|17:27] D:\DOCUME~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
   [14/03/2009|19:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [15/07/2008|10:15] D:\DOCUME~1\ALLUSE~1\APPLIC~1\agi
   [15/05/2009|21:40] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
   [13/06/2008|17:37] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [13/06/2008|17:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [06/05/2009|22:34] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Cyberlink
   [10/05/2009|13:49] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [03/10/2009|20:45] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
   [02/02/2009|20:37] D:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
   [27/11/2008|19:49] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar
   [20/09/2009|17:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
   [25/04/2009|20:21] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [25/09/2009|12:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [24/09/2009|20:57] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
   [01/06/2008|20:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
   [18/06/2009|20:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Screaming Bee
   [29/09/2009|12:48] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SimCity Societies
   [14/06/2008|23:07] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
   [06/05/2009|22:35] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [30/09/2009|18:00] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
   [29/09/2009|17:34] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [17/12/2008|22:07] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Team MediaPortal
   [04/10/2009|12:07] D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [21/05/2008|07:37] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage













   [24/10/2008|18:50] D:\DOCUME~1\Dan\APPLIC~1\Adobe
   [21/05/2008|07:37] D:\DOCUME~1\Dan\APPLIC~1\AdobeUM
   [27/11/2008|19:50] D:\DOCUME~1\Dan\APPLIC~1\agi
   [05/06/2009|20:40] D:\DOCUME~1\Dan\APPLIC~1\ALLCapture
   [03/07/2009|18:33] D:\DOCUME~1\Dan\APPLIC~1\Apple Computer
   [02/10/2009|20:47] D:\DOCUME~1\Dan\APPLIC~1\Audacity
   [25/02/2009|21:29] D:\DOCUME~1\Dan\APPLIC~1\Avimpgwmv
   [15/12/2008|22:56] D:\DOCUME~1\Dan\APPLIC~1\Blender Foundation
   [22/03/2009|19:35] D:\DOCUME~1\Dan\APPLIC~1\Blumentals
   [06/06/2009|20:45] D:\DOCUME~1\Dan\APPLIC~1\Canneverbe_Limited
   [18/09/2009|19:56] D:\DOCUME~1\Dan\APPLIC~1\codeblocks
   [03/10/2009|12:34] D:\DOCUME~1\Dan\APPLIC~1\Creative
   [02/06/2008|12:07] D:\DOCUME~1\Dan\APPLIC~1\CyberLink
   [10/12/2008|19:24] D:\DOCUME~1\Dan\APPLIC~1\Dexpot
   [18/09/2009|19:31] D:\DOCUME~1\Dan\APPLIC~1\dvdcss
   [14/05/2009|14:04] D:\DOCUME~1\Dan\APPLIC~1\ESTsoft
   [26/02/2009|23:31] D:\DOCUME~1\Dan\APPLIC~1\GeoVid
   [06/05/2009|20:34] D:\DOCUME~1\Dan\APPLIC~1\GlarySoft
   [07/07/2009|18:59] D:\DOCUME~1\Dan\APPLIC~1\Google
   [31/08/2009|20:12] D:\DOCUME~1\Dan\APPLIC~1\gtk-2.0
   [26/06/2008|14:29] D:\DOCUME~1\Dan\APPLIC~1\Help
   [14/06/2008|22:53] D:\DOCUME~1\Dan\APPLIC~1\HP
   [13/05/2009|20:38] D:\DOCUME~1\Dan\APPLIC~1\Identities
   [14/06/2009|19:52] D:\DOCUME~1\Dan\APPLIC~1\ImmoAssist
   [20/09/2009|21:30] D:\DOCUME~1\Dan\APPLIC~1\Macromedia
   [25/04/2009|20:21] D:\DOCUME~1\Dan\APPLIC~1\Malwarebytes
   [21/09/2009|20:17] D:\DOCUME~1\Dan\APPLIC~1\Megaupload
   [18/09/2009|19:21] D:\DOCUME~1\Dan\APPLIC~1\Microsoft
   [13/06/2009|16:13] D:\DOCUME~1\Dan\APPLIC~1\Mozilla
   [24/09/2009|21:14] D:\DOCUME~1\Dan\APPLIC~1\Nero
   [13/12/2008|12:29] D:\DOCUME~1\Dan\APPLIC~1\OtakuSoftware
   [01/04/2009|20:13] D:\DOCUME~1\Dan\APPLIC~1\Real
   [01/06/2008|10:58] D:\DOCUME~1\Dan\APPLIC~1\Samsung
   [18/06/2009|20:11] D:\DOCUME~1\Dan\APPLIC~1\Screaming Bee
   [14/09/2007|19:51] D:\DOCUME~1\Dan\APPLIC~1\SecuROM
   [11/06/2008|10:06] D:\DOCUME~1\Dan\APPLIC~1\Sun
   [30/09/2009|17:59] D:\DOCUME~1\Dan\APPLIC~1\SUPERAntiSpyware.com
   [13/06/2008|17:06] D:\DOCUME~1\Dan\APPLIC~1\Symantec
   [13/06/2009|16:13] D:\DOCUME~1\Dan\APPLIC~1\Thunderbird
   [20/09/2009|17:18] D:\DOCUME~1\Dan\APPLIC~1\TweakNow RegCleaner
   [14/09/2008|11:53] D:\DOCUME~1\Dan\APPLIC~1\VadeRetro
   [10/09/2008|18:14] D:\DOCUME~1\Dan\APPLIC~1\Viewpoint
   [14/03/2009|15:52] D:\DOCUME~1\Dan\APPLIC~1\ViStart
   [27/03/2009|22:41] D:\DOCUME~1\Dan\APPLIC~1\vlc


   [14/06/2008|21:25] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
   [20/05/2008|19:26] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft








   [06/06/2008|14:38] D:\DOCUME~1\FM\APPLIC~1\Google
   [06/06/2008|14:44] D:\DOCUME~1\FM\APPLIC~1\Macromedia
   [06/06/2008|15:27] D:\DOCUME~1\FM\APPLIC~1\Microsoft

   [06/05/2009|20:41] D:\DOCUME~1\FRANOI~1\APPLIC~1\Adobe
   [06/01/2009|17:02] D:\DOCUME~1\FRANOI~1\APPLIC~1\agi
   [14/06/2008|21:25] D:\DOCUME~1\FRANOI~1\APPLIC~1\Apple Computer
   [05/11/2008|17:21] D:\DOCUME~1\FRANOI~1\APPLIC~1\Google
   [05/11/2008|17:27] D:\DOCUME~1\FRANOI~1\APPLIC~1\Macromedia
   [06/01/2009|18:48] D:\DOCUME~1\FRANOI~1\APPLIC~1\Microsoft
   [22/10/2008|12:37] D:\DOCUME~1\FRANOI~1\APPLIC~1\Symantec











   [27/11/2008|19:50] D:\DOCUME~1\LOCALS~1\APPLIC~1\agi
   [25/09/2009|12:41] D:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft




   [14/06/2008|21:25] D:\DOCUME~1\Marion\APPLIC~1\Apple Computer
   [21/12/2008|08:41] D:\DOCUME~1\Marion\APPLIC~1\Microsoft
   [15/09/2008|12:39] D:\DOCUME~1\Marion\APPLIC~1\Symantec





   [03/12/2008|22:02] D:\DOCUME~1\NETWOR~1\APPLIC~1\agi
   [17/12/2008|23:01] D:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft



















 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [20/09/2009 17:29][--a------] C:\WINDOWS	asks\Ad-Aware Update (Weekly).job
   [04/10/2009 12:08][--a------] C:\WINDOWS	asks\GoogleUpdateTaskMachineUA.job
   [04/10/2009 12:04][--a------] C:\WINDOWS	asks\GoogleUpdateTaskMachineCore.job
   [04/10/2009 12:02][--a------] C:\WINDOWS	asks\Google Software Updater.job
   [30/09/2009 21:02][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [04/10/2009 12:02][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [06/05/2009|20:40] C:\Program Files\Adobe
   [27/11/2008|19:49] C:\Program Files\AGI
   [04/08/2006|13:44] C:\Program Files\AOL Compagnon
   [06/05/2009|20:40] C:\Program Files\Apple Software Update
   [17/12/2008|22:04] C:\Program Files\Bonjour
   [29/06/2009|19:11] C:\Program Files\Common Files
   [23/07/2007|16:42] C:\Program Files\Creative
   [07/09/2009|19:26] C:\Program Files\EA GAMES
   [23/10/2006|12:36] C:\Program Files\EA SPORTS
   [30/09/2009|14:13] C:\Program Files\ESET
   [14/05/2009|14:03] C:\Program Files\ESTsoft
   [04/10/2009|11:53] C:\Program Files\Fichiers communs
   [20/07/2008|19:11] C:\Program Files\Free Audio Pack
   [08/06/2009|17:30] C:\Program Files\GIMP-2.0
   [04/08/2006|13:47] C:\Program Files\GMixon
   [07/07/2009|18:57] C:\Program Files\Google
   [04/08/2006|13:45] C:\Program Files\Goto Software
   [27/09/2008|11:22] C:\Program Files\greenstreet
   [28/10/2008|13:26] C:\Program Files\HP
   [14/06/2009|20:54] C:\Program Files\ImmoAssist
   [28/08/2009|08:40] C:\Program Files\ImmobilierLoyer
   [22/09/2009|12:52] C:\Program Files\InstallShield Installation Information
   [25/08/2009|13:54] C:\Program Files\Internet Explorer
   [15/06/2009|18:05] C:\Program Files\iPod
   [26/11/2008|15:14] C:\Program Files\Java
   [01/03/2007|20:13] C:\Program Files\JavaSoft
   [20/09/2009|17:27] C:\Program Files\Lavasoft
   [04/08/2006|13:44] C:\Program Files\Learn2.com
   [03/01/2008|00:40] C:\Program Files\Logitech
   [23/07/2007|17:10] C:\Program Files\ma-config.com
   [20/12/2008|14:42] C:\Program Files\Microsoft
   [03/07/2007|11:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [16/08/2004|18:11] C:\Program Files\microsoft frontpage
   [17/06/2008|11:39] C:\Program Files\Microsoft Games
   [23/09/2009|13:50] C:\Program Files\microsoft office
   [13/09/2009|10:15] C:\Program Files\Microsoft Silverlight
   [13/06/2009|18:20] C:\Program Files\Microsoft Small Business
   [14/06/2009|12:11] C:\Program Files\Microsoft SQL Server
   [28/09/2007|19:58] C:\Program Files\Microsoft SQL Server Compact Edition
   [20/12/2008|14:37] C:\Program Files\Microsoft Sync Framework
   [04/08/2006|13:56] C:\Program Files\Microsoft Visual Studio
   [27/09/2009|18:40] C:\Program Files\Microsoft Works
   [23/09/2009|13:55] C:\Program Files\Microsoft.NET
   [04/08/2006|13:33] C:\Program Files\Motorola
   [19/12/2008|21:17] C:\Program Files\Movie Maker
   [03/09/2009|17:18] C:\Program Files\Mozilla Thunderbird
   [25/08/2009|14:05] C:\Program Files\MSBuild
   [16/03/2009|22:09] C:\Program Files\MSECache
   [03/09/2006|11:55] C:\Program Files\MSN
   [16/08/2004|18:03] C:\Program Files\MSN Gaming Zone
   [17/12/2008|22:49] C:\Program Files\MSXML 6.0
   [06/12/2008|23:31] C:\Program Files\NetMeeting
   [16/04/2007|18:21] C:\Program Files\Neuf
   [04/08/2006|13:45] C:\Program Files\Norman
   [21/04/2009|10:42] C:\Program Files\Norton 360
   [16/08/2004|18:03] C:\Program Files\Online Services
   [25/08/2009|13:54] C:\Program Files\Outlook Express
   [15/06/2009|18:00] C:\Program Files\QuickTime
   [04/08/2006|13:44] C:\Program Files\Real
   [06/05/2009|20:41] C:\Program Files\Realtek
   [25/08/2009|14:04] C:\Program Files\Reference Assemblies
   [06/05/2009|20:41] C:\Program Files\Registry Mechanic
   [04/01/2008|17:09] C:\Program Files\Samsung
   [16/08/2004|18:07] C:\Program Files\Services en ligne
   [04/08/2006|13:51] C:\Program Files\ShowTime
   [25/05/2009|12:55] C:\Program Files\Sierra On-Line
   [04/08/2006|13:53] C:\Program Files\SmartSound Software
   [04/08/2006|13:46] C:\Program Files\Sonic
   [09/01/2009|13:15] C:\Program Files\Symantec
   [17/12/2008|22:07] C:\Program Files\Team MediaPortal
   [04/10/2009|11:27] C:\Program Files\Trend Micro
   [20/09/2009|17:32] C:\Program Files\TweakNow RegCleaner
   [04/08/2006|13:54] C:\Program Files\Ulead Systems
   [16/08/2004|18:19] C:\Program Files\Uninstall Information
   [04/08/2006|13:44] C:\Program Files\Viewpoint
   [28/09/2007|19:58] C:\Program Files\Windows Desktop Search
   [22/02/2009|18:58] C:\Program Files\Windows Live
   [20/12/2008|14:29] C:\Program Files\Windows Live SkyDrive
   [04/08/2006|13:53] C:\Program Files\Windows Media Components
   [17/06/2007|08:42] C:\Program Files\Windows Media Connect 2
   [25/08/2009|17:47] C:\Program Files\Windows Media Player
   [22/10/2008|18:10] C:\Program Files\Windows NT
   [13/06/2008|14:30] C:\Program Files\Windows Sidebar
   [16/08/2004|18:07] C:\Program Files\WindowsUpdate
   [16/08/2004|18:11] C:\Program Files\xerox
   [03/09/2009|13:49] C:\Program Files\Yuuguu

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [14/03/2009|19:41] C:\Program Files\Fichiers communs\Adobe
   [24/10/2008|18:50] C:\Program Files\Fichiers communs\Adobe AIR
   [04/08/2006|13:44] C:\Program Files\Fichiers communs\AOL
   [04/08/2006|13:44] C:\Program Files\Fichiers communs\aolshare
   [15/06/2009|18:05] C:\Program Files\Fichiers communs\Apple
   [04/08/2006|13:56] C:\Program Files\Fichiers communs\Designer
   [08/12/2008|21:17] C:\Program Files\Fichiers communs\DeskShare Shared
   [24/09/2008|19:23] C:\Program Files\Fichiers communs\greenstreet
   [10/09/2006|17:35] C:\Program Files\Fichiers communs\Hewlett-Packard
   [14/06/2008|23:06] C:\Program Files\Fichiers communs\HP
   [04/08/2006|13:54] C:\Program Files\Fichiers communs\InstallShield
   [04/08/2006|13:40] C:\Program Files\Fichiers communs\Java
   [03/01/2008|00:42] C:\Program Files\Fichiers communs\Logitech
   [27/09/2009|18:40] C:\Program Files\Fichiers communs\Microsoft Shared
   [16/08/2004|18:06] C:\Program Files\Fichiers communs\MSSoap
   [24/09/2009|21:10] C:\Program Files\Fichiers communs\Nero
   [04/08/2006|13:44] C:\Program Files\Fichiers communs\Nullsoft
   [07/05/2009|19:07] C:\Program Files\Fichiers communs\ODBC
   [01/04/2009|20:11] C:\Program Files\Fichiers communs\Real
   [16/08/2004|18:06] C:\Program Files\Fichiers communs\Services
   [14/06/2008|23:07] C:\Program Files\Fichiers communs\Sonic Shared
   [16/08/2004|17:56] C:\Program Files\Fichiers communs\SpeechEngines
   [04/08/2006|13:46] C:\Program Files\Fichiers communs\SureThing Shared
   [20/01/2007|13:29] C:\Program Files\Fichiers communs\SWF Studio
   [04/10/2009|12:02] C:\Program Files\Fichiers communs\Symantec Shared
   [23/09/2009|13:56] C:\Program Files\Fichiers communs\System
   [04/08/2006|13:46] C:\Program Files\Fichiers communs\TiVo Shared
   [04/08/2006|13:54] C:\Program Files\Fichiers communs\Ulead Systems
   [27/11/2008|23:05] C:\Program Files\Fichiers communs\Windows Live
   [06/05/2009|20:40] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [30/09/2009|17:59] C:\Program Files\Fichiers communs\Wise Installation Wizard
   [01/04/2009|20:12] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 63 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-10-04 12:49:51
   Windows 5.1.2600 Service Pack 3 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   folder error: D:\DOCUME~1\Dan\LOCALS~1\APPLIC~1
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:12][D:3]-> D:\DOCUME~1\Dan\LOCALS~1\Temp
   [F:37][D:0]-> D:\DOCUME~1\Dan\Cookies
   [F:13][D:4]-> D:\DOCUME~1\Dan\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 04/10/2009|12:51 - Option : [1]

   --------------------\  Fin du rapport a 12:51:06

Thiem · Answer

--------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) D CPU 3.40GHz )
   BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
   USER : Dan ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton 360 2007 (Activated)
   Firewall  : Norton 360 2007 (Activated)
   C:\ (Local Disk) - NTFS - Total:29 Go (Free:0 Go)
   D:\ (Local Disk) - NTFS - Total:334 Go (Free:289 Go)
   E:\ (CD or DVD) - UDF - Total:1 Go (Free:0 Go)
   F:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 04/10/2009|12:46 )
 
   --------------------\  Listing des dossiers dans APPLIC~1


   [01/04/2009|18:48] D:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
   [06/05/2009|20:42] D:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
   [20/09/2009|17:27] D:\DOCUME~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
   [14/03/2009|19:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [15/07/2008|10:15] D:\DOCUME~1\ALLUSE~1\APPLIC~1\agi
   [15/05/2009|21:40] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
   [13/06/2008|17:37] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [13/06/2008|17:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [06/05/2009|22:34] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Cyberlink
   [10/05/2009|13:49] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [03/10/2009|20:45] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
   [02/02/2009|20:37] D:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
   [27/11/2008|19:49] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar
   [20/09/2009|17:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
   [25/04/2009|20:21] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [25/09/2009|12:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [24/09/2009|20:57] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
   [01/06/2008|20:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
   [18/06/2009|20:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Screaming Bee
   [29/09/2009|12:48] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SimCity Societies
   [14/06/2008|23:07] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
   [06/05/2009|22:35] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [30/09/2009|18:00] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
   [29/09/2009|17:34] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [17/12/2008|22:07] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Team MediaPortal
   [04/10/2009|12:07] D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [21/05/2008|07:37] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage













   [24/10/2008|18:50] D:\DOCUME~1\Dan\APPLIC~1\Adobe
   [21/05/2008|07:37] D:\DOCUME~1\Dan\APPLIC~1\AdobeUM
   [27/11/2008|19:50] D:\DOCUME~1\Dan\APPLIC~1\agi
   [05/06/2009|20:40] D:\DOCUME~1\Dan\APPLIC~1\ALLCapture
   [03/07/2009|18:33] D:\DOCUME~1\Dan\APPLIC~1\Apple Computer
   [02/10/2009|20:47] D:\DOCUME~1\Dan\APPLIC~1\Audacity
   [25/02/2009|21:29] D:\DOCUME~1\Dan\APPLIC~1\Avimpgwmv
   [15/12/2008|22:56] D:\DOCUME~1\Dan\APPLIC~1\Blender Foundation
   [22/03/2009|19:35] D:\DOCUME~1\Dan\APPLIC~1\Blumentals
   [06/06/2009|20:45] D:\DOCUME~1\Dan\APPLIC~1\Canneverbe_Limited
   [18/09/2009|19:56] D:\DOCUME~1\Dan\APPLIC~1\codeblocks
   [03/10/2009|12:34] D:\DOCUME~1\Dan\APPLIC~1\Creative
   [02/06/2008|12:07] D:\DOCUME~1\Dan\APPLIC~1\CyberLink
   [10/12/2008|19:24] D:\DOCUME~1\Dan\APPLIC~1\Dexpot
   [18/09/2009|19:31] D:\DOCUME~1\Dan\APPLIC~1\dvdcss
   [14/05/2009|14:04] D:\DOCUME~1\Dan\APPLIC~1\ESTsoft
   [26/02/2009|23:31] D:\DOCUME~1\Dan\APPLIC~1\GeoVid
   [06/05/2009|20:34] D:\DOCUME~1\Dan\APPLIC~1\GlarySoft
   [07/07/2009|18:59] D:\DOCUME~1\Dan\APPLIC~1\Google
   [31/08/2009|20:12] D:\DOCUME~1\Dan\APPLIC~1\gtk-2.0
   [26/06/2008|14:29] D:\DOCUME~1\Dan\APPLIC~1\Help
   [14/06/2008|22:53] D:\DOCUME~1\Dan\APPLIC~1\HP
   [13/05/2009|20:38] D:\DOCUME~1\Dan\APPLIC~1\Identities
   [14/06/2009|19:52] D:\DOCUME~1\Dan\APPLIC~1\ImmoAssist
   [20/09/2009|21:30] D:\DOCUME~1\Dan\APPLIC~1\Macromedia
   [25/04/2009|20:21] D:\DOCUME~1\Dan\APPLIC~1\Malwarebytes
   [21/09/2009|20:17] D:\DOCUME~1\Dan\APPLIC~1\Megaupload
   [18/09/2009|19:21] D:\DOCUME~1\Dan\APPLIC~1\Microsoft
   [13/06/2009|16:13] D:\DOCUME~1\Dan\APPLIC~1\Mozilla
   [24/09/2009|21:14] D:\DOCUME~1\Dan\APPLIC~1\Nero
   [13/12/2008|12:29] D:\DOCUME~1\Dan\APPLIC~1\OtakuSoftware
   [01/04/2009|20:13] D:\DOCUME~1\Dan\APPLIC~1\Real
   [01/06/2008|10:58] D:\DOCUME~1\Dan\APPLIC~1\Samsung
   [18/06/2009|20:11] D:\DOCUME~1\Dan\APPLIC~1\Screaming Bee
   [14/09/2007|19:51] D:\DOCUME~1\Dan\APPLIC~1\SecuROM
   [11/06/2008|10:06] D:\DOCUME~1\Dan\APPLIC~1\Sun
   [30/09/2009|17:59] D:\DOCUME~1\Dan\APPLIC~1\SUPERAntiSpyware.com
   [13/06/2008|17:06] D:\DOCUME~1\Dan\APPLIC~1\Symantec
   [13/06/2009|16:13] D:\DOCUME~1\Dan\APPLIC~1\Thunderbird
   [20/09/2009|17:18] D:\DOCUME~1\Dan\APPLIC~1\TweakNow RegCleaner
   [14/09/2008|11:53] D:\DOCUME~1\Dan\APPLIC~1\VadeRetro
   [10/09/2008|18:14] D:\DOCUME~1\Dan\APPLIC~1\Viewpoint
   [14/03/2009|15:52] D:\DOCUME~1\Dan\APPLIC~1\ViStart
   [27/03/2009|22:41] D:\DOCUME~1\Dan\APPLIC~1\vlc


   [14/06/2008|21:25] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
   [20/05/2008|19:26] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft








   [06/06/2008|14:38] D:\DOCUME~1\FM\APPLIC~1\Google
   [06/06/2008|14:44] D:\DOCUME~1\FM\APPLIC~1\Macromedia
   [06/06/2008|15:27] D:\DOCUME~1\FM\APPLIC~1\Microsoft

   [06/05/2009|20:41] D:\DOCUME~1\FRANOI~1\APPLIC~1\Adobe
   [06/01/2009|17:02] D:\DOCUME~1\FRANOI~1\APPLIC~1\agi
   [14/06/2008|21:25] D:\DOCUME~1\FRANOI~1\APPLIC~1\Apple Computer
   [05/11/2008|17:21] D:\DOCUME~1\FRANOI~1\APPLIC~1\Google
   [05/11/2008|17:27] D:\DOCUME~1\FRANOI~1\APPLIC~1\Macromedia
   [06/01/2009|18:48] D:\DOCUME~1\FRANOI~1\APPLIC~1\Microsoft
   [22/10/2008|12:37] D:\DOCUME~1\FRANOI~1\APPLIC~1\Symantec











   [27/11/2008|19:50] D:\DOCUME~1\LOCALS~1\APPLIC~1\agi
   [25/09/2009|12:41] D:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft




   [14/06/2008|21:25] D:\DOCUME~1\Marion\APPLIC~1\Apple Computer
   [21/12/2008|08:41] D:\DOCUME~1\Marion\APPLIC~1\Microsoft
   [15/09/2008|12:39] D:\DOCUME~1\Marion\APPLIC~1\Symantec





   [03/12/2008|22:02] D:\DOCUME~1\NETWOR~1\APPLIC~1\agi
   [17/12/2008|23:01] D:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft



















 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [20/09/2009 17:29][--a------] C:\WINDOWS	asks\Ad-Aware Update (Weekly).job
   [04/10/2009 12:08][--a------] C:\WINDOWS	asks\GoogleUpdateTaskMachineUA.job
   [04/10/2009 12:04][--a------] C:\WINDOWS	asks\GoogleUpdateTaskMachineCore.job
   [04/10/2009 12:02][--a------] C:\WINDOWS	asks\Google Software Updater.job
   [30/09/2009 21:02][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [04/10/2009 12:02][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [06/05/2009|20:40] C:\Program Files\Adobe
   [27/11/2008|19:49] C:\Program Files\AGI
   [04/08/2006|13:44] C:\Program Files\AOL Compagnon
   [06/05/2009|20:40] C:\Program Files\Apple Software Update
   [17/12/2008|22:04] C:\Program Files\Bonjour
   [29/06/2009|19:11] C:\Program Files\Common Files
   [23/07/2007|16:42] C:\Program Files\Creative
   [07/09/2009|19:26] C:\Program Files\EA GAMES
   [23/10/2006|12:36] C:\Program Files\EA SPORTS
   [30/09/2009|14:13] C:\Program Files\ESET
   [14/05/2009|14:03] C:\Program Files\ESTsoft
   [04/10/2009|11:53] C:\Program Files\Fichiers communs
   [20/07/2008|19:11] C:\Program Files\Free Audio Pack
   [08/06/2009|17:30] C:\Program Files\GIMP-2.0
   [04/08/2006|13:47] C:\Program Files\GMixon
   [07/07/2009|18:57] C:\Program Files\Google
   [04/08/2006|13:45] C:\Program Files\Goto Software
   [27/09/2008|11:22] C:\Program Files\greenstreet
   [28/10/2008|13:26] C:\Program Files\HP
   [14/06/2009|20:54] C:\Program Files\ImmoAssist
   [28/08/2009|08:40] C:\Program Files\ImmobilierLoyer
   [22/09/2009|12:52] C:\Program Files\InstallShield Installation Information
   [25/08/2009|13:54] C:\Program Files\Internet Explorer
   [15/06/2009|18:05] C:\Program Files\iPod
   [26/11/2008|15:14] C:\Program Files\Java
   [01/03/2007|20:13] C:\Program Files\JavaSoft
   [20/09/2009|17:27] C:\Program Files\Lavasoft
   [04/08/2006|13:44] C:\Program Files\Learn2.com
   [03/01/2008|00:40] C:\Program Files\Logitech
   [23/07/2007|17:10] C:\Program Files\ma-config.com
   [20/12/2008|14:42] C:\Program Files\Microsoft
   [03/07/2007|11:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [16/08/2004|18:11] C:\Program Files\microsoft frontpage
   [17/06/2008|11:39] C:\Program Files\Microsoft Games
   [23/09/2009|13:50] C:\Program Files\microsoft office
   [13/09/2009|10:15] C:\Program Files\Microsoft Silverlight
   [13/06/2009|18:20] C:\Program Files\Microsoft Small Business
   [14/06/2009|12:11] C:\Program Files\Microsoft SQL Server
   [28/09/2007|19:58] C:\Program Files\Microsoft SQL Server Compact Edition
   [20/12/2008|14:37] C:\Program Files\Microsoft Sync Framework
   [04/08/2006|13:56] C:\Program Files\Microsoft Visual Studio
   [27/09/2009|18:40] C:\Program Files\Microsoft Works
   [23/09/2009|13:55] C:\Program Files\Microsoft.NET
   [04/08/2006|13:33] C:\Program Files\Motorola
   [19/12/2008|21:17] C:\Program Files\Movie Maker
   [03/09/2009|17:18] C:\Program Files\Mozilla Thunderbird
   [25/08/2009|14:05] C:\Program Files\MSBuild
   [16/03/2009|22:09] C:\Program Files\MSECache
   [03/09/2006|11:55] C:\Program Files\MSN
   [16/08/2004|18:03] C:\Program Files\MSN Gaming Zone
   [17/12/2008|22:49] C:\Program Files\MSXML 6.0
   [06/12/2008|23:31] C:\Program Files\NetMeeting
   [16/04/2007|18:21] C:\Program Files\Neuf
   [04/08/2006|13:45] C:\Program Files\Norman
   [21/04/2009|10:42] C:\Program Files\Norton 360
   [16/08/2004|18:03] C:\Program Files\Online Services
   [25/08/2009|13:54] C:\Program Files\Outlook Express
   [15/06/2009|18:00] C:\Program Files\QuickTime
   [04/08/2006|13:44] C:\Program Files\Real
   [06/05/2009|20:41] C:\Program Files\Realtek
   [25/08/2009|14:04] C:\Program Files\Reference Assemblies
   [06/05/2009|20:41] C:\Program Files\Registry Mechanic
   [04/01/2008|17:09] C:\Program Files\Samsung
   [16/08/2004|18:07] C:\Program Files\Services en ligne
   [04/08/2006|13:51] C:\Program Files\ShowTime
   [25/05/2009|12:55] C:\Program Files\Sierra On-Line
   [04/08/2006|13:53] C:\Program Files\SmartSound Software
   [04/08/2006|13:46] C:\Program Files\Sonic
   [09/01/2009|13:15] C:\Program Files\Symantec
   [17/12/2008|22:07] C:\Program Files\Team MediaPortal
   [04/10/2009|11:27] C:\Program Files\Trend Micro
   [20/09/2009|17:32] C:\Program Files\TweakNow RegCleaner
   [04/08/2006|13:54] C:\Program Files\Ulead Systems
   [16/08/2004|18:19] C:\Program Files\Uninstall Information
   [04/08/2006|13:44] C:\Program Files\Viewpoint
   [28/09/2007|19:58] C:\Program Files\Windows Desktop Search
   [22/02/2009|18:58] C:\Program Files\Windows Live
   [20/12/2008|14:29] C:\Program Files\Windows Live SkyDrive
   [04/08/2006|13:53] C:\Program Files\Windows Media Components
   [17/06/2007|08:42] C:\Program Files\Windows Media Connect 2
   [25/08/2009|17:47] C:\Program Files\Windows Media Player
   [22/10/2008|18:10] C:\Program Files\Windows NT
   [13/06/2008|14:30] C:\Program Files\Windows Sidebar
   [16/08/2004|18:07] C:\Program Files\WindowsUpdate
   [16/08/2004|18:11] C:\Program Files\xerox
   [03/09/2009|13:49] C:\Program Files\Yuuguu

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [14/03/2009|19:41] C:\Program Files\Fichiers communs\Adobe
   [24/10/2008|18:50] C:\Program Files\Fichiers communs\Adobe AIR
   [04/08/2006|13:44] C:\Program Files\Fichiers communs\AOL
   [04/08/2006|13:44] C:\Program Files\Fichiers communs\aolshare
   [15/06/2009|18:05] C:\Program Files\Fichiers communs\Apple
   [04/08/2006|13:56] C:\Program Files\Fichiers communs\Designer
   [08/12/2008|21:17] C:\Program Files\Fichiers communs\DeskShare Shared
   [24/09/2008|19:23] C:\Program Files\Fichiers communs\greenstreet
   [10/09/2006|17:35] C:\Program Files\Fichiers communs\Hewlett-Packard
   [14/06/2008|23:06] C:\Program Files\Fichiers communs\HP
   [04/08/2006|13:54] C:\Program Files\Fichiers communs\InstallShield
   [04/08/2006|13:40] C:\Program Files\Fichiers communs\Java
   [03/01/2008|00:42] C:\Program Files\Fichiers communs\Logitech
   [27/09/2009|18:40] C:\Program Files\Fichiers communs\Microsoft Shared
   [16/08/2004|18:06] C:\Program Files\Fichiers communs\MSSoap
   [24/09/2009|21:10] C:\Program Files\Fichiers communs\Nero
   [04/08/2006|13:44] C:\Program Files\Fichiers communs\Nullsoft
   [07/05/2009|19:07] C:\Program Files\Fichiers communs\ODBC
   [01/04/2009|20:11] C:\Program Files\Fichiers communs\Real
   [16/08/2004|18:06] C:\Program Files\Fichiers communs\Services
   [14/06/2008|23:07] C:\Program Files\Fichiers communs\Sonic Shared
   [16/08/2004|17:56] C:\Program Files\Fichiers communs\SpeechEngines
   [04/08/2006|13:46] C:\Program Files\Fichiers communs\SureThing Shared
   [20/01/2007|13:29] C:\Program Files\Fichiers communs\SWF Studio
   [04/10/2009|12:02] C:\Program Files\Fichiers communs\Symantec Shared
   [23/09/2009|13:56] C:\Program Files\Fichiers communs\System
   [04/08/2006|13:46] C:\Program Files\Fichiers communs\TiVo Shared
   [04/08/2006|13:54] C:\Program Files\Fichiers communs\Ulead Systems
   [27/11/2008|23:05] C:\Program Files\Fichiers communs\Windows Live
   [06/05/2009|20:40] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [30/09/2009|17:59] C:\Program Files\Fichiers communs\Wise Installation Wizard
   [01/04/2009|20:12] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 63 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-10-04 12:49:51
   Windows 5.1.2600 Service Pack 3 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   folder error: D:\DOCUME~1\Dan\LOCALS~1\APPLIC~1
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:12][D:3]-> D:\DOCUME~1\Dan\LOCALS~1\Temp
   [F:37][D:0]-> D:\DOCUME~1\Dan\Cookies
   [F:13][D:4]-> D:\DOCUME~1\Dan\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 04/10/2009|12:51 - Option : [1]

   --------------------\  Fin du rapport a 12:51:06

Xplode · Answer

Le rapport est ok.

-+-+-+-> ESET Nod32 Scan en Ligne <-+-+-+-


[x] Rends toi sur ce site : https://www.eset.com/

/!\ Il faut que tu utilises internet explorer pour faire l'analyse en ligne /!\

[x] Coche " Oui, j'accepte.... " puis cliques sur " Start ".

[x] Attend un peu le chargement de la page, puis clique sur le bandeau jaune en haut de
l'écran " Ce site nécessite.... OnlineScanner.cab... "

-> Clique sur " Installer le contrôle ActiveX "
-> Confirme ensuite en cliquant sur " Installer " dans la petite fenêtre qui s'ouvre.

[x] Clique sur paramètre avancé, puis coche " Rechercher les applications potentiellement dangereuses " , vérifie que les deux premieres cases sont elles aussi cochées.

[x] Le scanner se mettra à jour, celà peut prendre un certain temps

[x] L'analyse va ensuite s'effectuer.

[x] Copie/Colle le rapport dans ton prochain message. ( C:\ESET\...\log.txt )

Thiem · Answer

j ai des bugs avec mes pages webs maintenant parfois elles s affichent dans un coin de l ecran le reste est blanc

Thiem · Answer

eset à rien trouvé

je precise que quand le lecteur cd s ouvre l application imapi.exe se lance

Virus

54 réponses

Votre réponse

Discussions similaires

Newsletters