Sujet Précédent Sujet Suivant

Virus qui part pas

Fermé
angelique47 - 6 oct. 2009 à 20:18
 angelique47 - 8 oct. 2009 à 22:16
Bonjour,
j'ai ce virus aussi et mon antivirus avast le supprime pas
voila mon log
merci j'ai besoin de vous

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:41, on 06/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Angélique\Program Files\DNA\btdna.exe
C:\Users\Angélique\AppData\Local\cweuiec.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Angélique\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Real Grey] "C:\ProgramData\castfindfind.ml5ds"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_15\TrayServer.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Angélique\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Real Grey] "C:\ProgramData\castfindfind.r3zsf"
O4 - HKCU\..\Run: [Curb tool help dart] "C:\ProgramData\Fast cool bleh.xmyr0"
O4 - HKCU\..\Run: [cweuiec] "c:\users\angélique\appdata\local\cweuiec.exe" cweuiec
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Angélique\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
A voir également:

33 réponses

  • 1
  • 2
Réponse 1 / 33
Futurx27 Messages postés 307 Date d'inscription mercredi 3 décembre 2008 Statut Membre Dernière intervention 26 décembre 2011 13
6 oct. 2009 à 20:23
Une solution le formatage
1
Réponse 2 / 33
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
8 oct. 2009 à 18:46
Télécharge SF.exe de C_XX .

*Double clique sur SF.exe ("éxécuter en tant qu'administrateur pour vista) .

*Une fenetre Cmd va s'ouvrir .

*Tape cweuiec dans cette fenetre et "entrée" .

*Patiente pendant la recherche .

*Une fenetre avec un log .txt va s'afficher .

*Copie/colle ce rapport dans ta prochaine réponse .
1
Réponse 3 / 33
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
6 oct. 2009 à 20:23
Bonsoir ;

Particularitées si vous avez Windows Vista :

1) Désactivez l'UAC durant toute l'utilisation de Navilog1
2) Toujours lancer Navilog1 via clic-droit "exécuter en tant qu'administrateur"
******

Télécharge Navilog1 (par IL-MAFIOSO) sur ton bureau

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, double-clique sur le raccourci Navilog1 présent sur le bureau.

Laisse-toi guider. Appuie sur une touche quand on te le demande.
Au menu principal, choisis 1 et valide.

< Ne fais pas le choix 2 >

Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.
Laisse l'outil le faire automatiquement, sinon redémarre ton PC normalement s'il te le demande.

Patiente jusqu'au message "Scan terminé le......"
Appuie sur une touche comme demandé ; le bloc-notes va s'ouvrir.
Copie-colle l'intégralité dans ta réponse. Referme le bloc-notes.

PS : le rapport est, aussi, sauvegardé à la racine du disque dur C:\cleannavi.txt
0
Réponse 4 / 33
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
6 oct. 2009 à 20:31
bonjour, je retire mon intervention continu avec jfkprésident
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 33
angelique47
6 oct. 2009 à 20:51
a Jacques

Quand je lance ad-remover il me mets "le resident teatimer.exe de spybot-search^&destroy est actif dans ces conditions le programme ne peut pas continuer a s'executer... veuillez en parler a la personne qui vous aide
0
Réponse 6 / 33
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
6 oct. 2009 à 20:55
??
0
Réponse 7 / 33
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
6 oct. 2009 à 20:57
Merci Jacques et bonne continuation ....
0
Réponse 8 / 33
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
6 oct. 2009 à 21:00
jfkpresident bonjour, désolé je viens de voir après avoir répondu que tu était déjà sur le coup je te pris reste je me retire et mon intervention aussi donc angelique47 tu continues avec jfkpresident merci @+
0
Réponse 9 / 33
angelique47
6 oct. 2009 à 21:21
sa reste bloquer a "veuillez patienter, le scan peut durer une dizaine de miute" mais sa fais 20 min que je les fais c normal que sa bouge pas
0
Réponse 10 / 33
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
6 oct. 2009 à 21:26
laisses tomber et fais ce que te demandait jfkpresident dans le premier message
0
Réponse 11 / 33
angelique47
6 oct. 2009 à 21:28
beh c pour jfkpresident que je dis sa
0
Réponse 12 / 33
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
6 oct. 2009 à 21:35 
Sa reste bloquer a "veuillez patienter, le scan peut durer une dizaine de miute" mais sa fais 20 min que je les fais c normal que sa bouge pas


Tu as désactivé l'UAC de vista ? TU l'as lancé "en tant qu'admin" ?
0
Réponse 13 / 33
angelique47
6 oct. 2009 à 21:43
c bon sa a marcher donc sur le bloc-note il est noter

Fix Navipromo version 4.0.2 commencé le 06/10/2009 21:10:30,69

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 27.08.2009 à 11h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz )
BIOS : Ver 1.00PARTTBL
USER : Angélique ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:94 Go (Free:40 Go)
D:\ (Local Disk) - NTFS - Total:46 Go (Free:46 Go)
E:\ (CD or DVD)


Recherche executée en mode normal
0
Réponse 14 / 33
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
6 oct. 2009 à 23:16
ça ne fonctionne pas ....

télécharge lopS&D

*double-cliquez dessus pour installer le programme.
* Un raccourci sera créé sur votre bureau , double-cliquez dessus pour lancer l'outil.
*choisis la langue .
*choisis l'option 1 (recherche) .
*copie/colle le rapport sur le forum.
0
Réponse 15 / 33
angelique47
7 oct. 2009 à 21:22
bonjour
comme vous m'avez demander voila ce qu'il y avait ecrit sur le bloc note
merci pour votre aide

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz )
BIOS : Ver 1.00PARTTBL
USER : Angélique ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:94 Go (Free:40 Go)
D:\ (Local Disk) - NTFS - Total:46 Go (Free:46 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 07/10/2009|21:17 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[18/10/2008|23:02] C:\Users\ANGLIQ~1\AppData\Local\Adobe
[03/11/2008|21:13] C:\Users\ANGLIQ~1\AppData\Local\Ahead
[05/10/2008|11:38] C:\Users\ANGLIQ~1\AppData\Local\Apple
[22/10/2008|18:07] C:\Users\ANGLIQ~1\AppData\Local\Apple Computer
[24/09/2008|16:30] C:\Users\ANGLIQ~1\AppData\Local\Application Data
[30/09/2009|16:38] C:\Users\ANGLIQ~1\AppData\Local\Ares
[24/09/2008|16:31] C:\Users\ANGLIQ~1\AppData\Local\ATI
[08/07/2009|23:18] C:\Users\ANGLIQ~1\AppData\Local\auggeyi.exe
[07/10/2009|21:17] C:\Users\ANGLIQ~1\AppData\Local\cweuiec.dat
[02/06/2009|16:32] C:\Users\ANGLIQ~1\AppData\Local\cweuiec.exe
[01/10/2009|17:01] C:\Users\ANGLIQ~1\AppData\Local\cweuiec_nav.dat
[09/07/2009|08:09] C:\Users\ANGLIQ~1\AppData\Local\cweuiec_navps.dat
[14/09/2009|20:35] C:\Users\ANGLIQ~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07/10/2009|21:12] C:\Users\ANGLIQ~1\AppData\Local\dhnbpvq.bat
[07/01/2009|17:44] C:\Users\ANGLIQ~1\AppData\Local\DNA
[02/10/2009|06:29] C:\Users\ANGLIQ~1\AppData\Local\eMule
[20/07/2009|11:12] C:\Users\ANGLIQ~1\AppData\Local\GDIPFONTCACHEV1.DAT
[24/09/2008|16:38] C:\Users\ANGLIQ~1\AppData\Local\Google
[24/09/2008|16:30] C:\Users\ANGLIQ~1\AppData\Local\Historique
[07/10/2009|21:10] C:\Users\ANGLIQ~1\AppData\Local\IconCache.db
[06/10/2009|21:32] C:\Users\ANGLIQ~1\AppData\Local\Microsoft
[15/11/2008|15:14] C:\Users\ANGLIQ~1\AppData\Local\Microsoft Games
[29/10/2008|11:55] C:\Users\ANGLIQ~1\AppData\Local\Microsoft Help
[24/09/2008|21:25] C:\Users\ANGLIQ~1\AppData\Local\Mozilla
[24/09/2008|17:47] C:\Users\ANGLIQ~1\AppData\Local\PowerCinema
[24/09/2008|17:47] C:\Users\ANGLIQ~1\AppData\Local\PowerDV
[24/09/2008|16:30] C:\Users\ANGLIQ~1\AppData\Local\Seven Zip
[07/10/2009|21:17] C:\Users\ANGLIQ~1\AppData\Local\Temp
[24/09/2008|16:30] C:\Users\ANGLIQ~1\AppData\Local\Temporary Internet Files
[15/06/2009|17:37] C:\Users\ANGLIQ~1\AppData\Local\usgym.exe
[26/09/2008|20:25] C:\Users\ANGLIQ~1\AppData\Local\VirtualStore
[30/09/2009|18:59] C:\Users\ANGLIQ~1\AppData\Local\wekosww.exe

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[30/09/2009 17:56][--a------] C:\Windows\tasks\Ad-Aware Update (Weekly).job
[07/10/2009 21:16][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{17ED5E45-67CD-4C27-959B-D326B1A987F8}.job
[07/10/2009 21:11][--ah-----] C:\Windows\tasks\SA.DAT
[07/10/2009 21:10][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[05/10/2008|11:41] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[12/07/2008|05:26] C:\ProgramData\Adobe
[06/08/2009|20:41] C:\ProgramData\Ahead
[05/10/2008|11:38] C:\ProgramData\Apple
[05/10/2008|11:40] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[03/04/2009|09:49] C:\ProgramData\army move settings
[16/12/2008|22:51] C:\ProgramData\AVS4YOU
[24/09/2008|16:22] C:\ProgramData\Bureau
[18/02/2009|21:10] C:\ProgramData\castfindfind.8yh7n2
[29/09/2008|20:21] C:\ProgramData\castfindfind.dujed66
[29/09/2008|21:26] C:\ProgramData\castfindfind.iawrune
[24/09/2008|20:01] C:\ProgramData\castfindfind.l0rq3q
[29/09/2008|22:10] C:\ProgramData\castfindfind.mirjl
[29/09/2008|22:32] C:\ProgramData\castfindfind.ml5ds
[29/09/2008|20:43] C:\ProgramData\castfindfind.octnecq
[29/09/2008|19:59] C:\ProgramData\castfindfind.pol8y
[06/03/2009|14:28] C:\ProgramData\castfindfind.r3zsf
[24/09/2008|20:01] C:\ProgramData\castfindfind.rfve23a
[06/03/2009|14:28] C:\ProgramData\castfindfind.tehh57c
[29/09/2008|21:05] C:\ProgramData\castfindfind.w42ydj
[29/09/2008|21:48] C:\ProgramData\castfindfind.xrzx9i
[12/07/2008|05:36] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[02/10/2009|06:29] C:\ProgramData\eMule
[24/09/2008|20:02] C:\ProgramData\ENJOY Plus!
[06/03/2009|14:28] C:\ProgramData\Fast cool bleh.xmyr0
[24/09/2008|16:22] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[24/09/2008|16:29] C:\ProgramData\fsc-reg
[24/02/2009|16:07] C:\ProgramData\GARMIN
[14/12/2008|22:14] C:\ProgramData\Google
[05/07/2009|21:02] C:\ProgramData\HiYo
[24/09/2008|20:02] C:\ProgramData\Hold Stop Htm.6pyga
[14/01/2009|18:03] C:\ProgramData\HP
[20/07/2009|03:24] C:\ProgramData\HP Product Assistant
[14/01/2009|18:05] C:\ProgramData\HPSSUPPLY
[07/07/2009|10:23] C:\ProgramData\hpzinstall.log
[07/10/2009|21:10] C:\ProgramData\Lavasoft
[07/07/2009|10:20] C:\ProgramData\MAGIX
[24/09/2008|16:22] C:\ProgramData\Menu D‚marrer
[30/10/2008|17:09] C:\ProgramData\Messenger Plus!
[19/07/2009|23:47] C:\ProgramData\Microsoft
[19/07/2009|23:47] C:\ProgramData\Microsoft Help
[24/09/2008|16:22] C:\ProgramData\ModŠles
[02/04/2009|17:49] C:\ProgramData\Move Bore Curb Tool
[06/08/2009|20:41] C:\ProgramData\Nero
[18/10/2008|23:02] C:\ProgramData\NOS
[07/07/2009|09:32] C:\ProgramData\ntuser.pol
[03/04/2009|10:56] C:\ProgramData\Photo-Bon3Free
[30/09/2009|17:46] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|15:02] C:\ProgramData\Start Menu
[28/04/2009|21:28] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[06/03/2009|15:02] C:\ProgramData\WLInstaller
[27/11/2008|21:41] C:\ProgramData\xqkcebzs.dik

--------------------\\ Listing des dossiers dans C:\Program Files

[27/02/2009|16:26] C:\Program Files\Adobe
[24/09/2008|17:40] C:\Program Files\Alwil Software
[05/10/2008|11:38] C:\Program Files\Apple Software Update
[13/05/2009|22:02] C:\Program Files\AVS4YOU
[07/01/2009|17:44] C:\Program Files\BitTorrent
[05/10/2008|11:40] C:\Program Files\Bonjour
[30/09/2009|17:41] C:\Program Files\CCleaner
[03/04/2009|09:35] C:\Program Files\Circle Developement
[30/09/2009|17:44] C:\Program Files\Common Files
[12/07/2008|05:36] C:\Program Files\CyberLink
[30/09/2008|20:00] C:\Program Files\Dealio
[23/02/2009|17:49] C:\Program Files\DIFX
[11/10/2008|19:34] C:\Program Files\directx
[07/10/2009|21:12] C:\Program Files\DNA
[10/01/2009|15:59] C:\Program Files\ENJOY Plus!
[24/09/2008|16:22] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[13/05/2009|22:01] C:\Program Files\FMS
[24/09/2008|16:29] C:\Program Files\Fujitsu Siemens Computers
[03/04/2009|13:09] C:\Program Files\GIMP-2.0
[14/12/2008|22:13] C:\Program Files\GlobFX Technologies
[15/12/2008|14:36] C:\Program Files\Google
[14/01/2009|18:02] C:\Program Files\Hewlett-Packard
[05/07/2009|21:02] C:\Program Files\HiYo
[14/01/2009|18:05] C:\Program Files\HP
[08/12/2008|22:03] C:\Program Files\InstallShield Installation Information
[26/08/2009|14:04] C:\Program Files\Internet Explorer
[05/10/2008|11:40] C:\Program Files\iPod
[05/10/2008|11:41] C:\Program Files\iTunes
[31/07/2009|21:18] C:\Program Files\Java
[11/10/2008|20:17] C:\Program Files\JoWooD
[07/10/2009|21:10] C:\Program Files\Lavasoft
[16/12/2008|22:35] C:\Program Files\LitexMedia
[06/07/2009|12:40] C:\Program Files\Messenger Plus! Live
[06/03/2009|14:20] C:\Program Files\Microsoft
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[19/07/2009|23:47] C:\Program Files\Microsoft Office
[06/03/2009|14:20] C:\Program Files\Microsoft Office Outlook Connector
[10/09/2009|18:22] C:\Program Files\Microsoft Silverlight
[19/07/2009|23:47] C:\Program Files\Microsoft Works
[21/01/2008|04:35] C:\Program Files\Movie Maker
[07/10/2009|21:14] C:\Program Files\Mozilla Firefox
[19/07/2009|23:45] C:\Program Files\MSBuild
[24/09/2008|17:35] C:\Program Files\MSXML 4.0
[06/10/2009|21:35] C:\Program Files\Navilog1
[06/08/2009|20:41] C:\Program Files\Nero
[12/07/2008|05:32] C:\Program Files\NeroInstall.bak
[07/10/2008|16:38] C:\Program Files\Norman
[18/10/2008|23:02] C:\Program Files\NOS
[14/02/2009|17:59] C:\Program Files\OrangeHSS
[16/09/2009|17:55] C:\Program Files\PDFCreator
[16/09/2009|17:54] C:\Program Files\pdfforge Toolbar
[10/12/2008|23:23] C:\Program Files\PhotoScape
[05/10/2008|11:39] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[09/12/2008|20:56] C:\Program Files\Registry Mechanic
[30/09/2008|20:01] C:\Program Files\Search Settings
[30/09/2009|17:40] C:\Program Files\Spybot - Search & Destroy
[26/09/2008|22:12] C:\Program Files\Sun
[11/10/2008|19:33] C:\Program Files\ubi.com
[08/12/2008|22:03] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[22/10/2008|21:26] C:\Program Files\VideoLAN
[21/01/2008|04:35] C:\Program Files\Windows Calendar
[21/01/2008|04:35] C:\Program Files\Windows Collaboration
[21/01/2008|04:35] C:\Program Files\Windows Defender
[21/01/2008|04:35] C:\Program Files\Windows Journal
[06/03/2009|15:03] C:\Program Files\Windows Live
[06/08/2009|18:38] C:\Program Files\Windows Live Safety Center
[18/12/2008|21:02] C:\Program Files\Windows Live SkyDrive
[10/09/2009|14:10] C:\Program Files\Windows Mail
[13/08/2009|09:28] C:\Program Files\Windows Media Player
[24/09/2008|16:22] C:\Program Files\Windows NT
[21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:35] C:\Program Files\Windows Sidebar
[28/10/2008|15:07] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[12/07/2008|05:26] C:\Program Files\Common Files\Adobe
[06/08/2009|20:41] C:\Program Files\Common Files\Ahead
[05/10/2008|11:39] C:\Program Files\Common Files\Apple
[13/05/2009|22:01] C:\Program Files\Common Files\AVSMedia
[14/02/2009|17:37] C:\Program Files\Common Files\France Telecom
[24/09/2008|16:29] C:\Program Files\Common Files\Fujitsu Siemens Computers
[14/01/2009|18:02] C:\Program Files\Common Files\Hewlett-Packard
[14/01/2009|18:04] C:\Program Files\Common Files\HP
[08/12/2008|22:03] C:\Program Files\Common Files\InstallShield
[08/12/2008|22:23] C:\Program Files\Common Files\MAGIX Shared
[19/07/2009|23:47] C:\Program Files\Common Files\microsoft shared
[19/07/2009|23:37] C:\Program Files\Common Files\Nero
[11/10/2008|19:33] C:\Program Files\Common Files\PocketSoft
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[06/03/2009|14:20] C:\Program Files\Common Files\System
[18/12/2008|01:29] C:\Program Files\Common Files\Windows Live
[24/09/2008|17:54] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 84 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

C:\ProgramData\castfindfind.mirjl
C:\ProgramData\castfindfind.ml5ds
C:\ProgramData\castfindfind.pol8y
C:\ProgramData\castfindfind.r3zsf
C:\ProgramData\Fast cool bleh.xmyr0
C:\ProgramData\Hold Stop Htm.6pyga
C:\ProgramData\castfindfind.8yh7n2
C:\ProgramData\castfindfind.l0rq3q
C:\ProgramData\castfindfind.w42ydj
C:\ProgramData\castfindfind.xrzx9i
C:\ProgramData\castfindfind.dujed66
C:\ProgramData\castfindfind.iawrune
C:\ProgramData\castfindfind.octnecq
C:\ProgramData\castfindfind.rfve23a
C:\ProgramData\castfindfind.tehh57c

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Move Bore Curb Tool
C:\ProgramData\Move Bore Curb Tool\Long Save.dat
C:\Program Files\Circle Developement
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@advertstream[1].txt
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@d2.advertserve[1].txt
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@advertising[1].txt
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@bigpoint[2].txt
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@fr.deepolis.bigpoint[1].txt
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@adopt.euroclick[1].txt
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@32vegas[2].txt
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@serve.32vegas[2].txt
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@www.32vegas[1].txt
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@2xmoinscher[2].txt
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@cc.2xmoinscher[1].txt
C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@888[1].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Real Grey"="\"C:\\ProgramData\\castfindfind.r3zsf\""
"Curb tool help dart"="\"C:\\ProgramData\\Fast cool bleh.xmyr0\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Real Grey"="\"C:\\ProgramData\\castfindfind.ml5ds\""

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 21:18:21
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 398

--------------------\\ Recherche d'autres infections


C:\Users\ANGLIQ~1\AppData\Local\cweuiec.dat
C:\Users\ANGLIQ~1\AppData\Local\cweuiec.exe
C:\Users\ANGLIQ~1\AppData\Local\cweuiec_nav.dat
C:\Users\ANGLIQ~1\AppData\Local\cweuiec_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\ANGLIQ~1\Downloads\John_Powell-Ice_Age_Dawn_Of_The_Dinosaurs-OST-2009-UMT\20-john_powell-big_smelly_crack-umt.mp3


[F:128][D:19]-> C:\Users\ANGLIQ~1\AppData\Local\Temp
[F:882][D:1]-> C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2567][D:20]-> C:\Users\ANGLIQ~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:20][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 07/10/2009|21:21 - Option : [1]

--------------------\\ Fin du rapport a 21:21:01
[ UAC => 1 ]
0
Réponse 16 / 33
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
7 oct. 2009 à 21:24
relance LopS&D et choisis l'option 2 .
ensuite colle le rapport généré .

Ensuite essaie de relancer navilog STP .
0
Réponse 17 / 33
angelique47
7 oct. 2009 à 21:48
ALORS tout d'abord voila le rappor de
lopS&D


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz )
BIOS : Ver 1.00PARTTBL
USER : Angélique ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:94 Go (Free:40 Go)
D:\ (Local Disk) - NTFS - Total:46 Go (Free:46 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 07/10/2009|21:44 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\Move Bore Curb Tool\Long Save.dat
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@advertstream[1].txt
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@d2.advertserve[1].txt
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@advertising[1].txt
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@bigpoint[2].txt
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@fr.deepolis.bigpoint[1].txt
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@adopt.euroclick[1].txt
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@32vegas[2].txt
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@serve.32vegas[2].txt
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@www.32vegas[1].txt
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@2xmoinscher[2].txt
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@cc.2xmoinscher[1].txt
Supprime! - C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies\angélique@888[1].txt
Supprime! - C:\ProgramData\castfindfind.mirjl
Supprime! - C:\ProgramData\castfindfind.ml5ds
Supprime! - C:\ProgramData\castfindfind.pol8y
Supprime! - C:\ProgramData\castfindfind.r3zsf
Supprime! - C:\ProgramData\Fast cool bleh.xmyr0
Supprime! - C:\ProgramData\Hold Stop Htm.6pyga
Supprime! - C:\ProgramData\castfindfind.8yh7n2
Supprime! - C:\ProgramData\castfindfind.l0rq3q
Supprime! - C:\ProgramData\castfindfind.w42ydj
Supprime! - C:\ProgramData\castfindfind.xrzx9i
Supprime! - C:\ProgramData\castfindfind.dujed66
Supprime! - C:\ProgramData\castfindfind.iawrune
Supprime! - C:\ProgramData\castfindfind.octnecq
Supprime! - C:\ProgramData\castfindfind.rfve23a
Supprime! - C:\ProgramData\castfindfind.tehh57c
Supprime! - C:\ProgramData\Move Bore Curb Tool
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[18/10/2008|23:02] C:\Users\ANGLIQ~1\AppData\Local\Adobe
[03/11/2008|21:13] C:\Users\ANGLIQ~1\AppData\Local\Ahead
[05/10/2008|11:38] C:\Users\ANGLIQ~1\AppData\Local\Apple
[22/10/2008|18:07] C:\Users\ANGLIQ~1\AppData\Local\Apple Computer
[24/09/2008|16:30] C:\Users\ANGLIQ~1\AppData\Local\Application Data
[30/09/2009|16:38] C:\Users\ANGLIQ~1\AppData\Local\Ares
[24/09/2008|16:31] C:\Users\ANGLIQ~1\AppData\Local\ATI
[08/07/2009|23:18] C:\Users\ANGLIQ~1\AppData\Local\auggeyi.exe
[07/10/2009|21:44] C:\Users\ANGLIQ~1\AppData\Local\cweuiec.dat
[02/06/2009|16:32] C:\Users\ANGLIQ~1\AppData\Local\cweuiec.exe
[01/10/2009|17:01] C:\Users\ANGLIQ~1\AppData\Local\cweuiec_nav.dat
[09/07/2009|08:09] C:\Users\ANGLIQ~1\AppData\Local\cweuiec_navps.dat
[14/09/2009|20:35] C:\Users\ANGLIQ~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07/10/2009|21:12] C:\Users\ANGLIQ~1\AppData\Local\dhnbpvq.bat
[07/01/2009|17:44] C:\Users\ANGLIQ~1\AppData\Local\DNA
[02/10/2009|06:29] C:\Users\ANGLIQ~1\AppData\Local\eMule
[20/07/2009|11:12] C:\Users\ANGLIQ~1\AppData\Local\GDIPFONTCACHEV1.DAT
[24/09/2008|16:38] C:\Users\ANGLIQ~1\AppData\Local\Google
[24/09/2008|16:30] C:\Users\ANGLIQ~1\AppData\Local\Historique
[07/10/2009|21:10] C:\Users\ANGLIQ~1\AppData\Local\IconCache.db
[06/10/2009|21:32] C:\Users\ANGLIQ~1\AppData\Local\Microsoft
[15/11/2008|15:14] C:\Users\ANGLIQ~1\AppData\Local\Microsoft Games
[29/10/2008|11:55] C:\Users\ANGLIQ~1\AppData\Local\Microsoft Help
[24/09/2008|21:25] C:\Users\ANGLIQ~1\AppData\Local\Mozilla
[24/09/2008|17:47] C:\Users\ANGLIQ~1\AppData\Local\PowerCinema
[24/09/2008|17:47] C:\Users\ANGLIQ~1\AppData\Local\PowerDV
[24/09/2008|16:30] C:\Users\ANGLIQ~1\AppData\Local\Seven Zip
[07/10/2009|21:44] C:\Users\ANGLIQ~1\AppData\Local\Temp
[24/09/2008|16:30] C:\Users\ANGLIQ~1\AppData\Local\Temporary Internet Files
[15/06/2009|17:37] C:\Users\ANGLIQ~1\AppData\Local\usgym.exe
[26/09/2008|20:25] C:\Users\ANGLIQ~1\AppData\Local\VirtualStore
[30/09/2009|18:59] C:\Users\ANGLIQ~1\AppData\Local\wekosww.exe

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[30/09/2009 17:56][--a------] C:\Windows\tasks\Ad-Aware Update (Weekly).job
[07/10/2009 21:16][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{17ED5E45-67CD-4C27-959B-D326B1A987F8}.job
[07/10/2009 21:11][--ah-----] C:\Windows\tasks\SA.DAT
[07/10/2009 21:10][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[05/10/2008|11:41] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[12/07/2008|05:26] C:\ProgramData\Adobe
[06/08/2009|20:41] C:\ProgramData\Ahead
[05/10/2008|11:38] C:\ProgramData\Apple
[05/10/2008|11:40] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[03/04/2009|09:49] C:\ProgramData\army move settings
[16/12/2008|22:51] C:\ProgramData\AVS4YOU
[24/09/2008|16:22] C:\ProgramData\Bureau
[12/07/2008|05:36] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[02/10/2009|06:29] C:\ProgramData\eMule
[24/09/2008|20:02] C:\ProgramData\ENJOY Plus!
[24/09/2008|16:22] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[24/09/2008|16:29] C:\ProgramData\fsc-reg
[24/02/2009|16:07] C:\ProgramData\GARMIN
[14/12/2008|22:14] C:\ProgramData\Google
[05/07/2009|21:02] C:\ProgramData\HiYo
[14/01/2009|18:03] C:\ProgramData\HP
[20/07/2009|03:24] C:\ProgramData\HP Product Assistant
[14/01/2009|18:05] C:\ProgramData\HPSSUPPLY
[07/07/2009|10:23] C:\ProgramData\hpzinstall.log
[07/10/2009|21:10] C:\ProgramData\Lavasoft
[07/07/2009|10:20] C:\ProgramData\MAGIX
[24/09/2008|16:22] C:\ProgramData\Menu D‚marrer
[30/10/2008|17:09] C:\ProgramData\Messenger Plus!
[19/07/2009|23:47] C:\ProgramData\Microsoft
[19/07/2009|23:47] C:\ProgramData\Microsoft Help
[24/09/2008|16:22] C:\ProgramData\ModŠles
[06/08/2009|20:41] C:\ProgramData\Nero
[18/10/2008|23:02] C:\ProgramData\NOS
[07/07/2009|09:32] C:\ProgramData\ntuser.pol
[03/04/2009|10:56] C:\ProgramData\Photo-Bon3Free
[30/09/2009|17:46] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|15:02] C:\ProgramData\Start Menu
[28/04/2009|21:28] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[06/03/2009|15:02] C:\ProgramData\WLInstaller
[27/11/2008|21:41] C:\ProgramData\xqkcebzs.dik

--------------------\\ Listing des dossiers dans C:\Program Files

[27/02/2009|16:26] C:\Program Files\Adobe
[24/09/2008|17:40] C:\Program Files\Alwil Software
[05/10/2008|11:38] C:\Program Files\Apple Software Update
[13/05/2009|22:02] C:\Program Files\AVS4YOU
[07/01/2009|17:44] C:\Program Files\BitTorrent
[05/10/2008|11:40] C:\Program Files\Bonjour
[30/09/2009|17:41] C:\Program Files\CCleaner
[30/09/2009|17:44] C:\Program Files\Common Files
[12/07/2008|05:36] C:\Program Files\CyberLink
[30/09/2008|20:00] C:\Program Files\Dealio
[23/02/2009|17:49] C:\Program Files\DIFX
[11/10/2008|19:34] C:\Program Files\directx
[07/10/2009|21:12] C:\Program Files\DNA
[10/01/2009|15:59] C:\Program Files\ENJOY Plus!
[24/09/2008|16:22] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[13/05/2009|22:01] C:\Program Files\FMS
[24/09/2008|16:29] C:\Program Files\Fujitsu Siemens Computers
[03/04/2009|13:09] C:\Program Files\GIMP-2.0
[14/12/2008|22:13] C:\Program Files\GlobFX Technologies
[15/12/2008|14:36] C:\Program Files\Google
[14/01/2009|18:02] C:\Program Files\Hewlett-Packard
[05/07/2009|21:02] C:\Program Files\HiYo
[14/01/2009|18:05] C:\Program Files\HP
[08/12/2008|22:03] C:\Program Files\InstallShield Installation Information
[26/08/2009|14:04] C:\Program Files\Internet Explorer
[05/10/2008|11:40] C:\Program Files\iPod
[05/10/2008|11:41] C:\Program Files\iTunes
[31/07/2009|21:18] C:\Program Files\Java
[11/10/2008|20:17] C:\Program Files\JoWooD
[07/10/2009|21:10] C:\Program Files\Lavasoft
[16/12/2008|22:35] C:\Program Files\LitexMedia
[07/10/2009|21:30] C:\Program Files\Messenger Plus! Live
[06/03/2009|14:20] C:\Program Files\Microsoft
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[19/07/2009|23:47] C:\Program Files\Microsoft Office
[06/03/2009|14:20] C:\Program Files\Microsoft Office Outlook Connector
[10/09/2009|18:22] C:\Program Files\Microsoft Silverlight
[19/07/2009|23:47] C:\Program Files\Microsoft Works
[21/01/2008|04:35] C:\Program Files\Movie Maker
[07/10/2009|21:14] C:\Program Files\Mozilla Firefox
[19/07/2009|23:45] C:\Program Files\MSBuild
[24/09/2008|17:35] C:\Program Files\MSXML 4.0
[06/10/2009|21:35] C:\Program Files\Navilog1
[06/08/2009|20:41] C:\Program Files\Nero
[12/07/2008|05:32] C:\Program Files\NeroInstall.bak
[07/10/2008|16:38] C:\Program Files\Norman
[18/10/2008|23:02] C:\Program Files\NOS
[14/02/2009|17:59] C:\Program Files\OrangeHSS
[16/09/2009|17:55] C:\Program Files\PDFCreator
[16/09/2009|17:54] C:\Program Files\pdfforge Toolbar
[10/12/2008|23:23] C:\Program Files\PhotoScape
[05/10/2008|11:39] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[09/12/2008|20:56] C:\Program Files\Registry Mechanic
[30/09/2008|20:01] C:\Program Files\Search Settings
[30/09/2009|17:40] C:\Program Files\Spybot - Search & Destroy
[26/09/2008|22:12] C:\Program Files\Sun
[11/10/2008|19:33] C:\Program Files\ubi.com
[08/12/2008|22:03] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[22/10/2008|21:26] C:\Program Files\VideoLAN
[21/01/2008|04:35] C:\Program Files\Windows Calendar
[21/01/2008|04:35] C:\Program Files\Windows Collaboration
[21/01/2008|04:35] C:\Program Files\Windows Defender
[21/01/2008|04:35] C:\Program Files\Windows Journal
[06/03/2009|15:03] C:\Program Files\Windows Live
[06/08/2009|18:38] C:\Program Files\Windows Live Safety Center
[18/12/2008|21:02] C:\Program Files\Windows Live SkyDrive
[10/09/2009|14:10] C:\Program Files\Windows Mail
[13/08/2009|09:28] C:\Program Files\Windows Media Player
[24/09/2008|16:22] C:\Program Files\Windows NT
[21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:35] C:\Program Files\Windows Sidebar
[28/10/2008|15:07] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[12/07/2008|05:26] C:\Program Files\Common Files\Adobe
[06/08/2009|20:41] C:\Program Files\Common Files\Ahead
[05/10/2008|11:39] C:\Program Files\Common Files\Apple
[13/05/2009|22:01] C:\Program Files\Common Files\AVSMedia
[14/02/2009|17:37] C:\Program Files\Common Files\France Telecom
[24/09/2008|16:29] C:\Program Files\Common Files\Fujitsu Siemens Computers
[14/01/2009|18:02] C:\Program Files\Common Files\Hewlett-Packard
[14/01/2009|18:04] C:\Program Files\Common Files\HP
[08/12/2008|22:03] C:\Program Files\Common Files\InstallShield
[08/12/2008|22:23] C:\Program Files\Common Files\MAGIX Shared
[19/07/2009|23:47] C:\Program Files\Common Files\microsoft shared
[19/07/2009|23:37] C:\Program Files\Common Files\Nero
[11/10/2008|19:33] C:\Program Files\Common Files\PocketSoft
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[06/03/2009|14:20] C:\Program Files\Common Files\System
[18/12/2008|01:29] C:\Program Files\Common Files\Windows Live
[24/09/2008|17:54] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 81 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 21:45:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 398

--------------------\\ Recherche d'autres infections


C:\Users\ANGLIQ~1\AppData\Local\cweuiec.dat
C:\Users\ANGLIQ~1\AppData\Local\cweuiec.exe
C:\Users\ANGLIQ~1\AppData\Local\cweuiec_nav.dat
C:\Users\ANGLIQ~1\AppData\Local\cweuiec_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\ANGLIQ~1\Downloads\John_Powell-Ice_Age_Dawn_Of_The_Dinosaurs-OST-2009-UMT\20-john_powell-big_smelly_crack-umt.mp3


[F:128][D:19]-> C:\Users\ANGLIQ~1\AppData\Local\Temp
[F:872][D:1]-> C:\Users\ANGLIQ~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2664][D:20]-> C:\Users\ANGLIQ~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:20][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 07/10/2009|21:21 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 07/10/2009|21:47 - Option : [2]

--------------------\\ Fin du rapport a 21:47:31
[ UAC => 1 ]
0
Réponse 18 / 33
angelique47
7 oct. 2009 à 22:14
voila pr navilog

Fix Navipromo version 4.0.2 commencé le 07/10/2009 21:49:35,47

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 27.08.2009 à 11h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz )
BIOS : Ver 1.00PARTTBL
USER : Angélique ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:94 Go (Free:40 Go)
D:\ (Local Disk) - NTFS - Total:46 Go (Free:46 Go)
E:\ (CD or DVD)


Recherche executée en mode normal
0
Réponse 19 / 33
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
7 oct. 2009 à 22:26
Bon ,on va procéder de maniere plus radicale :

Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
est automatiquement sauvegardé et rangé à C:\Combofix.txt)

? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
avant de te reconnecter à internet.

? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
angelique47 Messages postés 4 Date d'inscription mardi 6 octobre 2009 Statut Membre Dernière intervention 8 octobre 2009
8 oct. 2009 à 09:41
bonjour
est ce que vous avez recu mon log de hier
0
Réponse 20 / 33
angelique47
7 oct. 2009 à 23:18
voila le log

ComboFix 09-10-06.04 - Angélique 07/10/2009 22:53.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2019 [GMT 2:00]
Lancé depuis: c:\users\Angélique\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-445980107-171447276-341287152-500
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\Angélique\AppData\Local\cweuiec.dat
c:\users\Angélique\AppData\Local\cweuiec.exe
c:\users\Angélique\AppData\Local\cweuiec_nav.dat
c:\users\Angélique\AppData\Local\cweuiec_navps.dat
c:\windows\Installer\16580ba.msp
c:\windows\system32\drivers\FSC__PI__AMILO Pi 2540__FUJITSU SIEMENS_F45 __Ver 1.00PARTTBL_FSC - 6040000_1.12C__ATI Mobility Radeon HD 2400 .MRK

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-07 au 2009-10-07 ))))))))))))))))))))))))))))))))))))
.

2009-10-07 21:06 . 2009-10-07 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-07 19:17 . 2009-10-07 19:47 -------- d-----w- C:\Lop SD
2009-10-06 18:33 . 2009-10-07 20:09 -------- d-----w- c:\program files\Navilog1
2009-10-04 07:40 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 20:34 . 2009-10-02 04:29 -------- d-----w- c:\programdata\eMule
2009-09-30 15:45 . 2009-10-07 19:10 -------- d-----w- c:\program files\Lavasoft
2009-09-30 15:41 . 2009-09-30 15:41 -------- d-----w- c:\program files\CCleaner
2009-09-30 15:40 . 2009-09-30 15:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-30 15:40 . 2009-09-30 15:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-16 15:54 . 2009-10-07 21:05 -------- d-----w- c:\program files\pdfforge Toolbar
2009-09-16 15:53 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-09-16 15:53 . 2009-09-16 15:55 -------- d-----w- c:\program files\PDFCreator
2009-09-16 15:53 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-09-09 12:23 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 12:23 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 12:23 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 12:23 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 12:23 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 12:23 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 12:23 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 12:23 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 12:23 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 12:23 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 12:22 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 12:22 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 12:22 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 12:22 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 12:22 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 20:17 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-07 20:17 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-07 19:30 . 2008-09-24 18:01 -------- d-----w- c:\program files\Messenger Plus! Live
2009-10-07 19:12 . 2009-01-07 15:44 -------- d-----w- c:\program files\DNA
2009-10-07 19:10 . 2008-10-03 17:53 -------- d-----w- c:\programdata\Lavasoft
2009-09-10 16:22 . 2008-12-18 19:06 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 12:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-28 12:39 . 2009-09-03 16:06 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 16:06 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-17 16:10 . 2009-07-08 21:23 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-07-08 21:23 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-08 21:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-07-08 21:23 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-07-08 21:23 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-08 21:23 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2009-07-08 21:23 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-31 19:19 . 2009-03-19 09:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 08:53 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 08:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 08:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 08:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 21:06 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 21:05 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 21:05 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 21:05 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 21:05 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Real Grey"="c:\programdata\castfindfind.r3zsf" [X]
"Curb tool help dart"="c:\programdata\Fast cool bleh.xmyr0" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-07 342848]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Real Grey"="c:\programdata\castfindfind.ml5ds" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-06-09 202032]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-10 4431872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{81023167-E15F-4F2A-A6AE-C3EC0161265A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F0945DB4-4DA1-47C1-A5D5-701D3EF4EF1D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AA481199-FEE6-4020-BFA1-B44EFE2E8284}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{3BBDF332-3BA0-46BD-B5B3-8BEEF72D86DD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{29181A4D-76F4-4267-8812-354368A2DD17}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F95FDD04-562C-4055-BEB8-68B26F251307}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{225183D1-EFB1-446E-ACF4-A3C3BEB2DFF9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{8A6989FF-F631-4B29-90B1-807FEB02E759}c:\\users\\angélique\\program files\\dna\\btdna.exe"= UDP:c:\users\angélique\program files\dna\btdna.exe:btdna.exe
"UDP Query User{FD2EEE1D-B1D8-464D-B559-5CA6C8689DC1}c:\\users\\angélique\\program files\\dna\\btdna.exe"= TCP:c:\users\angélique\program files\dna\btdna.exe:btdna.exe
"{05B1DA14-4296-4C7B-880F-0C53F32447B4}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{1002A5FC-AF64-4A4C-83D0-26196A775198}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{F93ABE4D-BDCB-4E6D-989B-06C0E65EC2F3}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{33F7C676-72A8-445C-87E9-549BA73B4A6C}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{E4CFEFC3-B565-4386-BA82-6B2F372A6649}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{C7F7B118-3C10-499C-BDB1-1A03DD9F447E}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{ACAEA7BC-A497-460E-83D4-FB9B04560EAE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{AB692C2F-B2CF-4F24-8542-21A39A0E08F6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{AA667F3C-1EFD-4BD4-9D86-4409DA5A825F}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{A00554E1-D1A6-4C6D-A46D-44306F4CBB30}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"{2D429E72-9671-47D3-A3D4-7AFA55A8E815}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{54275D35-99EA-43F0-B2A0-5FD2354D2397}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [08/07/2009 23:23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [08/07/2009 23:23 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [08/07/2009 23:23 53328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [30/09/2009 17:40 1153368]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [12/07/2008 05:21 46592]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [14/02/2009 17:39 28224]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [08/12/2008 22:23 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{17ED5E45-67CD-4C27-959B-D326B1A987F8}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://mystart.hiyo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Compare Prices with &Dealio - c:\users\Angélique\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
FF - ProfilePath - c:\users\Angélique\AppData\Roaming\Mozilla\Firefox\Profiles\eweskzgg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://lo.st/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKCU-Run-cweuiec - c:\users\angélique\appdata\local\cweuiec.exe
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe
HKLM-Run-TrayServer - c:\program files\MAGIX\Video_deluxe_15\TrayServer.exe
HKLM-Run-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-MAGIX Speed 2 F - c:\program files\MAGIX\Speed2_burnR_mxcdr\unwise.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 23:07
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\ANGLIQ~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2009-10-07 23:11
ComboFix-quarantined-files.txt 2009-10-07 21:11

Avant-CF: 42 669 187 072 octets libres
Après-CF: 42 484 461 568 octets libres

226 --- E O F --- 2009-10-05 17:58
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses