Pc en nettoyage

Question

Bonjour,
Je fais le grand nettoyage du pc de ma copine et j'aimerai un peu votre avis sur la bête en elle-même.
Après un scan hijack voila ce que ça me donne, j'y comprend pas grand chose mais je vous fais confiance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:59, on 31/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AhnRpta.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Emilie ROUGETET\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDBVt3B+BXausG5PyEc9LQr26L9AdSe89mjsIoT0U47MtK5e2GCmdvmmfcnGAn8vy08m2lSaV1OO+pQVyItg9OTNQFlxptM+7DBtJqlVGMsbxDyesshogl1ns2Wxh+haBVc2jM96ZFD8OjhjpcN3SNf5tsT8Q4HbrA
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EB1FC374-35D4-E1E1-CDAC-9A1F2027B878} - C:\DOCUME~1\EMILIE~1\APPLIC~1\BURNDE~1ef list.exe (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp\herss.exe
O4 - HKLM\..\Policies\Explorer\Run: [SystemManager] C:\WINDOWS\system32\comstl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm408YYFR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106233521554
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - https://www.warnerbros.co.uk/brands/wizarding-world

fix200 · Accepted Answer

Bonjour,


O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp\herss.exe 
2009-10-26 21:50:26 ----A---- C:\WINDOWS\AhnRpta.exe
2009-10-26 21:41:02 ----RSH---- C:\WINDOWS\system32\olhrwef.exe
2009-08-25 08:57:43 ----RSH---- C:\WINDOWS\system32
mdfgds1.dll
2009-10-26 21:41:02 ----N---- C:\WINDOWS\system32
mdfgds0.dll
2009-10-29 19:06:19 ----RSH---- C:\uqgvf.exe 
2009-10-26 21:51:30 ----RSH---- C:\hjvjte.exe
2009-10-26 21:42:22 ----RSH---- C:\yudald.bat 
"cdoosoft"=C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp\herss.exe [] 


Pourquoi lancer directement ComboFix ?! c'est une infection usb que UsbFix s'occupe facilement .Combofix est généraliste sur cette infection et laisse trop de traces.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Emilie ROUGETET^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE []

Infection MyWebSearch, que AD-R peut dégommer.

C:\WINDOWS	asks\B1BDB5EB91722B6B.job 
O2 - BHO: (no name) - {EB1FC374-35D4-E1E1-CDAC-9A1F2027B878} - C:\DOCUME~1\EMILIE~1\APPLIC~1\BURNDE~1ef list.exe (file missing) 


Des traces d'une Infection lop que Lop S&D peut dégommer.


++

blood404 · Answer

salut

lance hijakthis
coche cette ligne 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
et clique sur fix cheked

met aussi adobe reader a jour

https://get2.adobe.com/fr/reader/otherversions/

moment de grace · Answer

bonjour

il y du "monde" dans ton rapport

Téléchargez Toolbar-S&D ( Merci à Eric_71, Angel Dark, Sham_Rock et XmichouX ) sur le Bureau 

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3 

 Lancez l'installation du programme en exécutant le fichier téléchargé.
  Double-cliquez maintenant sur le raccourci de Toolbar-S&D.
  Sélectionnez la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  Choisir maintenant l'option 1 (Recherche). Patientez jusqu'à la fin de la recherche. 
 Postez le rapport généré. (C:\TB.txt) 
 
Tuto: https://sites.google.com/site/toolbarsd/aideenimages

Utilisateur anonyme · Answer

bonjour tout le monde  :-)

ça sent pas bien bon ceux là : 

C:\WINDOWS\AhnRpta.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/ <http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDBVt3B+BXausG5PyEc9LQr26L9AdSe89mjsIoT0U47MtK5e2GCmdvmmfcnGAn8vy08m2lSaV1OO+pQVyItg9OTNQF
O2 - BHO: (no name) - {EB1FC374-35D4-E1E1-CDAC-9A1F2027B878} - C:\DOCUME~1\EMILIE~1\APPLIC~1\BURNDE~1\ref list.exe (file missing)
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp\herss.exe
O8 - Extra context menu item: &Search - <http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm408YYFR>
O4 - HKLM\..\Policies\Explorer\Run: [SystemManager] C:\WINDOWS\system32\comstl.exe

Même si tu fixes cette ligne, elle revient, ceci n'est pas bien utilie mais non nocif  :
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

par contre, pas de trace d'infection par toolbar  :-)

moment de grace · Answer

"par contre, pas de trace d'infection par toolbar "
desolé, mauvaise idée de ma part
alors passons à la suite


Téléchargez et enregistrez le fichier d installation sur le bureau 

 http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement. 
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir l'option "s" et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ... 
Postez le rapport  qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 



Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Bozoff · Answer

Bon alors pour mettre tout le monde d'accord, j'ai fait un peu tous les scans possibles. Pour commencer celui de toolbar S&d même s'il apparement il aurait servi  rien:


   -----------\  ToolBar S&D 1.2.9   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :         Intel(R) Pentium(R) M processor 1.70GHz )
   BIOS : PhoenixBIOS 4.0 Release 6.0     
   USER : Emilie ROUGETET ( Administrator )
   BOOT : Normal boot
   Antivirus : AVG 7.5.552 7.5.552 (Activated)
   Firewall  : ZoneAlarm Firewall 7.0.462.000 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:46 Go (Free:32 Go)
   D:\ (Local Disk) - NTFS - Total:36 Go (Free:31 Go)
   E:\ (Local Disk) - FAT32 - Total:9 Go (Free:3 Go)
   F:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
   Option : [1] ( 31/10/2009|13:52 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\WINDOWS\System32\f3PSSavr.scr
   C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp
so8.tmp

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.google.co.uk/?gws_rd=ssl"
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
   "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
   "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
   "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com"
   "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 31/10/2009|13:58 - Option : [1]

   -----------\  Fin du rapport a 13:58:52,46

Utilisateur anonyme · Answer

•Je pense que tout le monde est d'accard par le faite de voir un peu plus claire  :-)

Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau. 
http://images.malwareremoval.com/random/RSIT.exe
	
Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
Double clique sur RSIT.exe pour lancer l'outil. 
Clique sur ' continue ' à l'écran Disclaimer. 
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence. 
Une fois le scan fini, 2 rapports vont apparaître. Poste le contenu des 2 rapports séparément. Ils se trouvent sur c :
(log.txt & info.txt) 
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

moment de grace · Answer

il allait être demandé apres ad remover..
et j'ai oublié de te saluer...

Bozoff · Answer

Et voila l'ad remover:

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Z | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 17.10.2009 à 11:48
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 14:00:58, 31/10/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™  Service Pack 3 v5.1.2600
Nom du PC: EMILY | Utilisateur actuel: Emilie ROUGETET
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

HKCU\Software\FunWebProducts 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} 
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} 
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss 
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2EFF3CF7-99C1-4C29-BC2B-68E057E22340} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} 
.
C:\WINDOWS\System32\f3PSSavr.scr 
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version [Impossible d'obtenir la version] *
.
 Nom du profil:  (Emilie ROUGETET)
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://www.google.co.uk/
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.duxet.com/
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\Emilie ROUGETET\Local Settings\Temp\Patch_MSN_Messenger.EXE
.
===================================
.
2835 Octet(s) - C:\Ad-Report-SCAN[1].log 
.
4608 Fichier(s) - C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp 
1817 Fichier(s) - C:\WINDOWS\Temp 
.
1 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à: 14:07:15 | 31/10/2009 - SCAN[1]
.
============== E.O.F ==============
.
salut moment de grace, un rapport avec un des derniers épisodes de CSI (coup de grace)?

Bozoff · Answer

alors voici les deux rapports rsit (log puis info):
Logfile of random's system information tool 1.06 (written by random/random)
Run by Emilie ROUGETET at 2009-10-31 14:11:52
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 34 GB (71%) free of 47 GB
Total RAM: 511 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:07, on 31/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AhnRpta.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Emilie ROUGETET\Bureau\RSIT.exe
C:\Documents and Settings\Emilie ROUGETET\Bureau\Emilie ROUGETET.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDBVt3B+BXausG5PyEc9LQr26L9AdSe89mjsIoT0U47MtK5e2GCmdvmmfcnGAn8vy08m2lSaV1OO+pQVyItg9OTNQFlxptM+7DBtJqlVGMsbxDyesshogl1ns2Wxh+haBVc2jM96ZFD8OjhjpcN3SNf5tsT8Q4HbrA
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EB1FC374-35D4-E1E1-CDAC-9A1F2027B878} - C:\DOCUME~1\EMILIE~1\APPLIC~1\BURNDE~1ef list.exe (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp\herss.exe
O4 - HKLM\..\Policies\Explorer\Run: [SystemManager] C:\WINDOWS\system32\comstl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm408YYFR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106233521554
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - https://www.warnerbros.co.uk/brands/wizarding-world

moment de grace · Answer

option L lancer le nettoyage
puis enchainer par un Rsit

Utilisateur anonyme · Answer

déjà option l + le rapport  :-)


ce pc est bien infecté  !!!!

Bozoff · Answer

euh, l'option L c'est avec le programme ad remover?

moment de grace · Answer

ok electricien
je te laisse finir...

Utilisateur anonyme · Answer

continue,
si tu as besoin d'aide, fais moi signe  ;-)

option L de AD remuver, oui  :-)

Bozoff · Answer

alors le rapport ad remover un fois le nettoyage terminé:
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Z | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 17.10.2009 à 11:48
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 14:21:21, 31/10/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™  Service Pack 3 v5.1.2600
Nom du PC: EMILY | Utilisateur actuel: Emilie ROUGETET
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

HKCU\Software\FunWebProducts 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} 
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} 
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss 
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2EFF3CF7-99C1-4C29-BC2B-68E057E22340} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} 
.
C:\WINDOWS\System32\f3PSSavr.scr
 
(!) -- Fichiers temporaires supprimés. 
 
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version [Impossible d'obtenir la version] *
.
 Nom du profil:  (Emilie ROUGETET)
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\Emilie ROUGETET\Local Settings\Temp\Patch_MSN_Messenger.EXE
.
===================================
.
3135 Octet(s) - C:\Ad-Report-CLEAN[1].log 
.
4203 Fichier(s) - C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp 
1274 Fichier(s) - C:\WINDOWS\Temp 
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
1 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à: 14:28:34 | 31/10/2009 - CLEAN[1]
.
============== E.O.F ==============
.
Merci  vous moment de grace et electricien69, je poste le rapport rsit tout de suite

Bozoff · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Emilie ROUGETET at 2009-10-31 14:32:08
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 34 GB (72%) free of 47 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:20, on 31/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AhnRpta.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Emilie ROUGETET\Bureau\RSIT.exe
C:\Documents and Settings\Emilie ROUGETET\Bureau\Emilie ROUGETET.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EB1FC374-35D4-E1E1-CDAC-9A1F2027B878} - C:\DOCUME~1\EMILIE~1\APPLIC~1\BURNDE~1ef list.exe (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp\herss.exe
O4 - HKLM\..\Policies\Explorer\Run: [SystemManager] C:\WINDOWS\system32\comstl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106233521554
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - https://www.warnerbros.co.uk/brands/wizarding-world

Utilisateur anonyme · Answer

Edit : 
suis les indications de Fix200  :-)

moment de grace · Answer

c'est trop gros pour moi
à toi electricien

fix200 · Answer

Re 

les outils spécifiques avant les outils généralistes.

De plus usbfix va aussi nettoyer & vacciner les clés usb, donc c'est mieux. ;)

Donc: Lop S&D, AD-R option L, puis Usbfix. si usbfix laisse des traces, les scripter avec otm.


++

Utilisateur anonyme · Answer

bonne chasse :-)

fix200 · Answer

Non le sujet est a moment de grâce. c'est lui qui va continuer.

moment de grace · Answer

oubliez moi les garcons...et gardons notre calme
electricien me va bien ainsi, j'aurais d'autres occasion d'apprendre
pensons à la victime qui attends des consignes

je laisse donc définitivement la main et conserve l'amitié de tous !

amicalement

moment de grace · Answer

bon ce topic est devenu un grand bazar...

Téléchargez Lop S&D.exe sur le Bueau 
 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 


Certaines infections bloquent les telechargements d' outils de desinfection utilisez ce lien alternatif:
http://ww38.toofiles.com/fr/oip/documents/exe/yop4.html   

* Double-cliquez dessus pour lancer l'installation 


* Puis double-cliquez sur le raccourci Lop S&D présent sur le Bureau 


* Séléctionnez la langue souhaitée, puis choisir l'option 1 (Recherche) 



* Patientez jusqu'à la fin du scan 



* Postez le rapport généré sur un forum(C:\lopR.txt) 


Tutorial (aide) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956­.htm

Bozoff · Answer

Alors, après un scan par lop s&d voici le résultat. je suis encore en attente du scan usbfix, aurais-je dû faire réparer tout de suite pour lop? 


   --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :         Intel(R) Pentium(R) M processor 1.70GHz )
   BIOS : PhoenixBIOS 4.0 Release 6.0     
   USER : Emilie ROUGETET ( Administrator )
   BOOT : Normal boot
   Antivirus : AVG 7.5.552 7.5.552 (Activated)
   Firewall  : ZoneAlarm Firewall 7.0.462.000 (Activated)
   C:\ (Local Disk) - NTFS - Total:46 Go (Free:33 Go)
   D:\ (Local Disk) - NTFS - Total:36 Go (Free:31 Go)
   E:\ (Local Disk) - FAT32 - Total:9 Go (Free:3 Go)
   F:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 01/11/2009|11:09 )
 
   --------------------\  Listing des dossiers dans APPLIC~1

   [31/10/2009|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [20/01/2005|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [09/08/2006|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
   [12/10/2007|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [27/01/2007|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [13/02/2007|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
   [23/10/2009|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
   [19/04/2006|16:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
   [26/10/2007|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
   [14/03/2005|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [23/10/2009|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts
   [18/01/2007|23:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
   [20/06/2006|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Exetender
   [02/04/2008|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\file joy proc deaf
   [13/02/2007|15:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
   [19/04/2006|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
   [29/10/2006|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Iso Proc Grim Vc
   [12/02/2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
   [02/04/2008|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
   [11/01/2009|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [20/01/2005|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
   [29/07/2009|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
   [06/12/2006|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism
   [12/12/2005|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [19/01/2005|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
   [13/06/2009|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [31/10/2006|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [31/05/2006|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

   [09/08/2006|09:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
   [21/01/2005|20:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
   [19/01/2005|21:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [20/01/2005|16:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [20/01/2005|17:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
   [21/01/2005|07:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
   [20/01/2005|22:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
   [21/01/2005|08:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

   [29/08/2008|10:54] C:\DOCUME~1\EMILIE~1\APPLIC~1\Adobe
   [18/11/2005|23:30] C:\DOCUME~1\EMILIE~1\APPLIC~1\Ahead
   [01/11/2009|10:46] C:\DOCUME~1\EMILIE~1\APPLIC~1\AVG7
   [31/10/2009|23:41] C:\DOCUME~1\EMILIE~1\APPLIC~1\Azureus
   [27/04/2006|21:51] C:\DOCUME~1\EMILIE~1\APPLIC~1\Brother
   [26/10/2007|17:53] C:\DOCUME~1\EMILIE~1\APPLIC~1\Corel
   [02/10/2005|10:33] C:\DOCUME~1\EMILIE~1\APPLIC~1\Datalayer
   [24/11/2007|22:51] C:\DOCUME~1\EMILIE~1\APPLIC~1\dvdcss
   [18/01/2007|23:16] C:\DOCUME~1\EMILIE~1\APPLIC~1\ESTsoft
   [14/02/2008|15:29] C:\DOCUME~1\EMILIE~1\APPLIC~1\Google
   [19/01/2005|21:38] C:\DOCUME~1\EMILIE~1\APPLIC~1\Identities
   [12/02/2008|19:56] C:\DOCUME~1\EMILIE~1\APPLIC~1\Lavasoft
   [14/03/2008|09:45] C:\DOCUME~1\EMILIE~1\APPLIC~1\Leadertech
   [31/10/2009|11:07] C:\DOCUME~1\EMILIE~1\APPLIC~1\Macromedia
   [26/10/2009|22:05] C:\DOCUME~1\EMILIE~1\APPLIC~1\Microsoft
   [16/08/2005|14:24] C:\DOCUME~1\EMILIE~1\APPLIC~1\MSNInstaller
   [10/12/2007|19:53] C:\DOCUME~1\EMILIE~1\APPLIC~1\SecuROM
   [20/01/2005|22:04] C:\DOCUME~1\EMILIE~1\APPLIC~1\Sun
   [08/02/2007|17:39] C:\DOCUME~1\EMILIE~1\APPLIC~1	eamspeak2
   [02/02/2007|19:26] C:\DOCUME~1\EMILIE~1\APPLIC~1\VLC

   [13/02/2007|15:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
   [13/02/2007|15:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
   [20/01/2005|19:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

   [13/02/2007|15:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [21/02/2006|22:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
   [03/03/2005|17:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [23/10/2009 22:52][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [01/11/2009 11:00][--ah-----] C:\WINDOWS	asks\B1BDB5EB91722B6B.job
   [23/01/2007 02:11][--a------] C:\WINDOWS	asks\Critical Battery Alarm Program.job
   [05/08/2004 13:00][-r-h-----] C:\WINDOWS	asks\desktop.ini
   [01/11/2009 10:44][--ah-----] C:\WINDOWS	asks\SA.DAT

   ( B1BDB5EB91722B6B.job )=( c:\docume~1\emilie~1\applic~1\driveb~1\aboutlongextra.exe )

   --------------------\  Listing des dossiers dans C:\Program Files

   [31/10/2009|13:55] C:\Program Files\Adobe
   [31/10/2009|14:28] C:\Program Files\Ad-Remover
   [03/01/2008|19:32] C:\Program Files\Ahead
   [24/08/2008|11:33] C:\Program Files\Apple Software Update
   [20/01/2005|15:15] C:\Program Files\ATI Technologies
   [19/01/2005|21:47] C:\Program Files\Broadcom
   [18/01/2007|20:25] C:\Program Files\Common Files
   [26/10/2007|18:09] C:\Program Files\Corel
   [31/10/2009|15:10] C:\Program Files\DivX
   [18/01/2007|23:16] C:\Program Files\ESTsoft
   [31/10/2009|15:10] C:\Program Files\Fichiers communs
   [13/02/2007|15:07] C:\Program Files\Grisoft
   [26/10/2009|22:27] C:\Program Files\InstallShield Installation Information
   [19/01/2005|21:44] C:\Program Files\Intel
   [27/10/2009|23:53] C:\Program Files\Internet Explorer
   [02/04/2008|17:23] C:\Program Files\Java
   [12/02/2008|20:11] C:\Program Files\Lavasoft
   [26/10/2009|22:52] C:\Program Files\Microsoft
   [19/01/2005|21:39] C:\Program Files\microsoft frontpage
   [26/10/2009|22:15] C:\Program Files\Microsoft Office
   [24/10/2009|00:10] C:\Program Files\Microsoft Silverlight
   [13/06/2009|18:33] C:\Program Files\Microsoft WSE
   [08/10/2008|22:17] C:\Program Files\Movie Maker
   [30/08/2009|23:31] C:\Program Files\MSBuild
   [19/01/2005|21:36] C:\Program Files\MSN Gaming Zone
   [08/10/2008|22:12] C:\Program Files\NetMeeting
   [18/01/2007|20:16] C:\Program Files\OfficeUpdate11
   [19/01/2005|21:36] C:\Program Files\Online Services
   [24/10/2009|00:05] C:\Program Files\Outlook Express
   [30/08/2009|23:31] C:\Program Files\Reference Assemblies
   [19/01/2005|21:37] C:\Program Files\Services en ligne
   [03/02/2007|13:16] C:\Program Files\Spybot - Search & Destroy
   [20/01/2005|15:34] C:\Program Files\Synaptics
   [19/01/2007|00:32] C:\Program Files\Uninstall Information
   [02/02/2007|19:22] C:\Program Files\VideoLAN
   [23/10/2009|10:31] C:\Program Files\Vuze
   [26/10/2009|22:52] C:\Program Files\Windows Live
   [26/10/2009|22:51] C:\Program Files\Windows Live SkyDrive
   [21/01/2007|02:02] C:\Program Files\Windows Media Connect
   [25/10/2007|17:41] C:\Program Files\Windows Media Connect 2
   [08/10/2008|22:12] C:\Program Files\Windows Media Player
   [08/10/2008|22:12] C:\Program Files\Windows NT
   [20/01/2005|16:01] C:\Program Files\X10 Hardware
   [19/01/2005|21:39] C:\Program Files\xerox
   [18/01/2007|23:18] C:\Program Files\Zone Labs

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [31/10/2009|13:56] C:\Program Files\Fichiers communs\Adobe
   [04/01/2008|11:11] C:\Program Files\Fichiers communs\Ahead
   [18/01/2007|20:16] C:\Program Files\Fichiers communs\AOL
   [20/01/2005|17:06] C:\Program Files\Fichiers communs\Designer
   [31/10/2009|15:10] C:\Program Files\Fichiers communs\DivX Shared
   [26/10/2007|17:28] C:\Program Files\Fichiers communs\InstallShield
   [20/01/2005|21:59] C:\Program Files\Fichiers communs\Java
   [26/10/2009|22:51] C:\Program Files\Fichiers communs\Microsoft Shared
   [19/01/2005|21:37] C:\Program Files\Fichiers communs\MSSoap
   [21/01/2005|08:00] C:\Program Files\Fichiers communs\Nullsoft
   [27/01/2009|08:45] C:\Program Files\Fichiers communs\ODBC
   [23/10/2009|22:40] C:\Program Files\Fichiers communs\Real
   [19/01/2005|21:37] C:\Program Files\Fichiers communs\Services
   [19/01/2005|22:32] C:\Program Files\Fichiers communs\SpeechEngines
   [08/10/2008|22:12] C:\Program Files\Fichiers communs\System
   [11/01/2009|19:46] C:\Program Files\Fichiers communs\Windows Live

   --------------------\  Process

   ( 49 Processes )

   iexplore.exe ~ [PID:3848]
   iexplore.exe ~ [PID:840]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
   C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp
scB.tmp
   C:\DOCUME~1\EMILIE~1\Cookies\emilie_rougetet@advertstream[1].txt
   C:\WINDOWS\Tasks\B1BDB5EB91722B6B.job
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts MODIFIE

   127.0.0.1 bin.errorprotector.com ## added by CiD
   127.0.0.1 br.errorsafe.com ## added by CiD
   127.0.0.1 br.winantivirus.com ## added by CiD
   127.0.0.1 br.winfixer.com ## added by CiD
   127.0.0.1 cdn.drivecleaner.com ## added by CiD
   127.0.0.1 cdn.errorsafe.com ## added by CiD
   127.0.0.1 cdn.winsoftware.com ## added by CiD
   127.0.0.1 de.errorsafe.com ## added by CiD
   127.0.0.1 de.winantivirus.com ## added by CiD
   127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
   127.0.0.1 download.cdn.errorsafe.com ## added by CiD
   127.0.0.1 download.cdn.winsoftware.com ## added by CiD
   127.0.0.1 download.errorsafe.com ## added by CiD
   127.0.0.1 download.systemdoctor.com ## added by CiD
   127.0.0.1 download.winantispyware.com ## added by CiD
   127.0.0.1 download.windrivecleaner.com ## added by CiD
   127.0.0.1 download.winfixer.com ## added by CiD
   127.0.0.1 drivecleaner.com ## added by CiD
   127.0.0.1 dynamique.drivecleaner.com ## added by CiD
   127.0.0.1 errorprotector.com ## added by CiD
   127.0.0.1 errorsafe.com ## added by CiD
   127.0.0.1 es.winantivirus.com ## added by CiD
   127.0.0.1 fr.winantivirus.com ## added by CiD
   127.0.0.1 fr.winfixer.com ## added by CiD
   127.0.0.1 go.drivecleaner.com ## added by CiD
   127.0.0.1 go.errorsafe.com ## added by CiD
   127.0.0.1 go.winantispyware.com ## added by CiD
   127.0.0.1 go.winantivirus.com ## added by CiD
   127.0.0.1 hk.winantivirus.com ## added by CiD
   127.0.0.1 instlog.errorsafe.com ## added by CiD
   127.0.0.1 instlog.winantivirus.com ## added by CiD
   127.0.0.1 instlog.winfixer.com ## added by CiD
   127.0.0.1 jsp.drivecleaner.com ## added by CiD
   127.0.0.1 kb.errorsafe.com ## added by CiD
   127.0.0.1 kb.winantivirus.com ## added by CiD
   127.0.0.1 nl.errorsafe.com ## added by CiD
   127.0.0.1 se.errorsafe.com ## added by CiD
   127.0.0.1 secure.drivecleaner.com ## added by CiD
   127.0.0.1 secure.errorsafe.com ## added by CiD
   127.0.0.1 secure.winantispam.com ## added by CiD
   127.0.0.1 secure.winantispy.com ## added by CiD
   127.0.0.1 secure.winantivirus.com ## added by CiD
   127.0.0.1 support.winantivirus.com ## added by CiD
   127.0.0.1 trial.updates.winsoftware.com ## added by CiD
   127.0.0.1 ulog.winantivirus.com ## added by CiD
   127.0.0.1 utils.errorsafe.com ## added by CiD
   127.0.0.1 utils.winantivirus.com ## added by CiD
   127.0.0.1 utils.winfixer.com ## added by CiD
   127.0.0.1 winantispyware.com ## added by CiD
   127.0.0.1 winantivirus.com ## added by CiD
   127.0.0.1 winfixer.com ## added by CiD
   127.0.0.1 winfixer2006.com ## added by CiD
   127.0.0.1 winsoftware.com ## added by CiD
   127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
   127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
   127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
   127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
   127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
   127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
   127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
   127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
   127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
   127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
   127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
   127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
   127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
   127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
   127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
   127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
   127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

   -> 72 [ 70 ## added by CiD ]

   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-11-01 11:11:18
   Windows 5.1.2600 Service Pack 3 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 4
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:4214][D:181]-> C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp
   [F:289][D:0]-> C:\DOCUME~1\EMILIE~1\Cookies
   [F:17345][D:36]-> C:\DOCUME~1\EMILIE~1\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 01/11/2009|11:14 - Option : [1]

   --------------------\  Fin du rapport a 11:14:46

Bozoff · Answer

et voici le rapport usb fix. merci fix200


############################## | UsbFix V6.046 |

User : Emilie ROUGETET (Administrateurs) # EMILY
Update on 29/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 11:10:09 | 01/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

        Intel(R) Pentium(R) M processor 1.70GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG 7.5.552 7.5.552 [ Enabled | (!) Outdated ]
FW : ZoneAlarm Firewall[ Enabled ]7.0.462.000

C:\ -> Disque fixe local # 46,29 Go (33,2 Go free) # NTFS
D:\ -> Disque fixe local # 37 Go (31,89 Go free) # NTFS
E:\ -> Disque fixe local # 9,76 Go (3,4 Go free) # FAT32
F:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AhnRpta.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

C:\WINDOWS\AhnRpta.exe 
C:\WINDOWS\system32
mdfgds0.dll 
C:\WINDOWS\system32
mdfgds1.dll 
C:\WINDOWS\system32\olhrwef.exe 
C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp\cvasds0.dll 
C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp\cvasds1.dll 
C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp\herss.exe 
C:\autorun.inf  
C:\autorun.inf -> fichier appelé : "C:\gcq6.exe" ( Présent ! )  
C:\hjvjte.exe  
C:\sm.exe  
C:\yudald.bat  
D:\autorun.inf  
D:\autorun.inf -> fichier appelé : "D:\gcq6.exe" ( Présent ! )  
D:\hjvjte.exe  
D:\sm.exe  
D:\yudald.bat  
E:\autorun.inf  
E:\autorun.inf -> fichier appelé : "E:\gcq6.exe" ( Présent ! )  
E:\hjvjte.exe  
E:\sm.exe  
E:\yudald.bat  

################## | Registre # Clés Run infectieuses |

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"  
[HKLM\SYSTEM\CurrentControlSet\Services\AVPsys]  
[HKLM\SYSTEM\ControlSet001\Services\AVPsys]  
[HKLM\SYSTEM\ControlSet003\Services\AVPsys]  

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{722eadcd-e6ed-11dd-aaa2-000e35c8a471}
Shell\AutoRun\command =G:\uqgvf.exe 
Shell\open\Command =G:\uqgvf.exe 

HKCU\..\..\Explorer\MountPoints2\{9cb75c51-5a96-11de-a7cc-000e35c8a471}
Shell\AutoRun\command =G:\sm.exe 
Shell\open\Command =G:\sm.exe 

HKCU\..\..\Explorer\MountPoints2\{be8df745-bfdc-11de-b2a3-000e35c8a471}
Shell\AutoRun\command =G:\sm.exe 
Shell\open\Command =G:\sm.exe 

HKCU\..\..\Explorer\MountPoints2\{f920ba10-9d1a-11dc-a717-000b6b6c7b82}
Shell\AutoRun\command =G:\CD-LOGIS2007-2004-2.exe 

################## | Suspect | https://www.virustotal.com/gui/ |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.046 ! |

moment de grace · Answer

bonjour et merci nathandre
1 novembre oblige, mon temps est compté...

(sourire)

Bozoff · Answer

voila j'ai tout fait, c'est bon??? 


   --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :         Intel(R) Pentium(R) M processor 1.70GHz )
   BIOS : PhoenixBIOS 4.0 Release 6.0     
   USER : Emilie ROUGETET ( Administrator )
   BOOT : Normal boot
   Antivirus : AVG 7.5.552 7.5.552 (Activated)
   Firewall  : ZoneAlarm Firewall 7.0.462.000 (Activated)
   C:\ (Local Disk) - NTFS - Total:46 Go (Free:30 Go)
   D:\ (Local Disk) - NTFS - Total:36 Go (Free:31 Go)
   E:\ (Local Disk) - FAT32 - Total:9 Go (Free:3 Go)
   F:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [2] ( 02/11/2009|13:14 )


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp
scB.tmp
   Supprime! - C:\WINDOWS\Tasks\B1BDB5EB91722B6B.job 
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf
   -
   [ Fichier Hosts ] .. Restaure!
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1

   [31/10/2009|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [20/01/2005|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [09/08/2006|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
   [12/10/2007|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [27/01/2007|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [13/02/2007|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
   [23/10/2009|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
   [19/04/2006|16:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
   [26/10/2007|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
   [14/03/2005|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [23/10/2009|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts
   [18/01/2007|23:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
   [20/06/2006|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Exetender
   [13/02/2007|15:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
   [19/04/2006|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
   [29/10/2006|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Iso Proc Grim Vc
   [12/02/2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
   [02/04/2008|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
   [11/01/2009|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [20/01/2005|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
   [29/07/2009|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
   [06/12/2006|15:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism
   [12/12/2005|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [19/01/2005|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
   [13/06/2009|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [31/10/2006|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [31/05/2006|15:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

   [09/08/2006|09:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
   [21/01/2005|20:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
   [19/01/2005|21:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [20/01/2005|16:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [20/01/2005|17:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
   [21/01/2005|07:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
   [20/01/2005|22:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
   [21/01/2005|08:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

   [29/08/2008|10:54] C:\DOCUME~1\EMILIE~1\APPLIC~1\Adobe
   [18/11/2005|23:30] C:\DOCUME~1\EMILIE~1\APPLIC~1\Ahead
   [02/11/2009|09:31] C:\DOCUME~1\EMILIE~1\APPLIC~1\AVG7
   [02/11/2009|13:14] C:\DOCUME~1\EMILIE~1\APPLIC~1\Azureus
   [27/04/2006|21:51] C:\DOCUME~1\EMILIE~1\APPLIC~1\Brother
   [26/10/2007|17:53] C:\DOCUME~1\EMILIE~1\APPLIC~1\Corel
   [02/10/2005|10:33] C:\DOCUME~1\EMILIE~1\APPLIC~1\Datalayer
   [24/11/2007|22:51] C:\DOCUME~1\EMILIE~1\APPLIC~1\dvdcss
   [18/01/2007|23:16] C:\DOCUME~1\EMILIE~1\APPLIC~1\ESTsoft
   [14/02/2008|15:29] C:\DOCUME~1\EMILIE~1\APPLIC~1\Google
   [19/01/2005|21:38] C:\DOCUME~1\EMILIE~1\APPLIC~1\Identities
   [12/02/2008|19:56] C:\DOCUME~1\EMILIE~1\APPLIC~1\Lavasoft
   [14/03/2008|09:45] C:\DOCUME~1\EMILIE~1\APPLIC~1\Leadertech
   [31/10/2009|11:07] C:\DOCUME~1\EMILIE~1\APPLIC~1\Macromedia
   [26/10/2009|22:05] C:\DOCUME~1\EMILIE~1\APPLIC~1\Microsoft
   [16/08/2005|14:24] C:\DOCUME~1\EMILIE~1\APPLIC~1\MSNInstaller
   [10/12/2007|19:53] C:\DOCUME~1\EMILIE~1\APPLIC~1\SecuROM
   [20/01/2005|22:04] C:\DOCUME~1\EMILIE~1\APPLIC~1\Sun
   [08/02/2007|17:39] C:\DOCUME~1\EMILIE~1\APPLIC~1	eamspeak2
   [02/02/2007|19:26] C:\DOCUME~1\EMILIE~1\APPLIC~1\VLC

   [13/02/2007|15:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
   [13/02/2007|15:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
   [20/01/2005|19:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

   [13/02/2007|15:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [21/02/2006|22:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
   [03/03/2005|17:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [23/10/2009 22:52][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [23/01/2007 02:11][--a------] C:\WINDOWS	asks\Critical Battery Alarm Program.job
   [05/08/2004 13:00][-r-h-----] C:\WINDOWS	asks\desktop.ini
   [02/11/2009 09:29][--ah-----] C:\WINDOWS	asks\SA.DAT

   --------------------\  Listing des dossiers dans C:\Program Files

   [31/10/2009|13:55] C:\Program Files\Adobe
   [31/10/2009|14:28] C:\Program Files\Ad-Remover
   [03/01/2008|19:32] C:\Program Files\Ahead
   [24/08/2008|11:33] C:\Program Files\Apple Software Update
   [20/01/2005|15:15] C:\Program Files\ATI Technologies
   [19/01/2005|21:47] C:\Program Files\Broadcom
   [18/01/2007|20:25] C:\Program Files\Common Files
   [26/10/2007|18:09] C:\Program Files\Corel
   [31/10/2009|15:10] C:\Program Files\DivX
   [18/01/2007|23:16] C:\Program Files\ESTsoft
   [31/10/2009|15:10] C:\Program Files\Fichiers communs
   [13/02/2007|15:07] C:\Program Files\Grisoft
   [26/10/2009|22:27] C:\Program Files\InstallShield Installation Information
   [19/01/2005|21:44] C:\Program Files\Intel
   [27/10/2009|23:53] C:\Program Files\Internet Explorer
   [02/04/2008|17:23] C:\Program Files\Java
   [12/02/2008|20:11] C:\Program Files\Lavasoft
   [26/10/2009|22:52] C:\Program Files\Microsoft
   [19/01/2005|21:39] C:\Program Files\microsoft frontpage
   [26/10/2009|22:15] C:\Program Files\Microsoft Office
   [24/10/2009|00:10] C:\Program Files\Microsoft Silverlight
   [13/06/2009|18:33] C:\Program Files\Microsoft WSE
   [08/10/2008|22:17] C:\Program Files\Movie Maker
   [30/08/2009|23:31] C:\Program Files\MSBuild
   [19/01/2005|21:36] C:\Program Files\MSN Gaming Zone
   [08/10/2008|22:12] C:\Program Files\NetMeeting
   [18/01/2007|20:16] C:\Program Files\OfficeUpdate11
   [19/01/2005|21:36] C:\Program Files\Online Services
   [24/10/2009|00:05] C:\Program Files\Outlook Express
   [30/08/2009|23:31] C:\Program Files\Reference Assemblies
   [19/01/2005|21:37] C:\Program Files\Services en ligne
   [03/02/2007|13:16] C:\Program Files\Spybot - Search & Destroy
   [20/01/2005|15:34] C:\Program Files\Synaptics
   [19/01/2007|00:32] C:\Program Files\Uninstall Information
   [02/02/2007|19:22] C:\Program Files\VideoLAN
   [23/10/2009|10:31] C:\Program Files\Vuze
   [26/10/2009|22:52] C:\Program Files\Windows Live
   [26/10/2009|22:51] C:\Program Files\Windows Live SkyDrive
   [21/01/2007|02:02] C:\Program Files\Windows Media Connect
   [25/10/2007|17:41] C:\Program Files\Windows Media Connect 2
   [08/10/2008|22:12] C:\Program Files\Windows Media Player
   [08/10/2008|22:12] C:\Program Files\Windows NT
   [20/01/2005|16:01] C:\Program Files\X10 Hardware
   [19/01/2005|21:39] C:\Program Files\xerox
   [18/01/2007|23:18] C:\Program Files\Zone Labs

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [31/10/2009|13:56] C:\Program Files\Fichiers communs\Adobe
   [04/01/2008|11:11] C:\Program Files\Fichiers communs\Ahead
   [18/01/2007|20:16] C:\Program Files\Fichiers communs\AOL
   [20/01/2005|17:06] C:\Program Files\Fichiers communs\Designer
   [31/10/2009|15:10] C:\Program Files\Fichiers communs\DivX Shared
   [26/10/2007|17:28] C:\Program Files\Fichiers communs\InstallShield
   [20/01/2005|21:59] C:\Program Files\Fichiers communs\Java
   [26/10/2009|22:51] C:\Program Files\Fichiers communs\Microsoft Shared
   [19/01/2005|21:37] C:\Program Files\Fichiers communs\MSSoap
   [21/01/2005|08:00] C:\Program Files\Fichiers communs\Nullsoft
   [27/01/2009|08:45] C:\Program Files\Fichiers communs\ODBC
   [23/10/2009|22:40] C:\Program Files\Fichiers communs\Real
   [19/01/2005|21:37] C:\Program Files\Fichiers communs\Services
   [19/01/2005|22:32] C:\Program Files\Fichiers communs\SpeechEngines
   [08/10/2008|22:12] C:\Program Files\Fichiers communs\System
   [11/01/2009|19:46] C:\Program Files\Fichiers communs\Windows Live

   --------------------\  Process

   ( 45 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-11-02 13:16:26
   Windows 5.1.2600 Service Pack 3 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 4
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:4217][D:182]-> C:\DOCUME~1\EMILIE~1\LOCALS~1\Temp
   [F:51][D:0]-> C:\DOCUME~1\EMILIE~1\Cookies
   [F:738][D:14]-> C:\DOCUME~1\EMILIE~1\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 01/11/2009|11:14 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 02/11/2009|13:17 - Option : [2]

   --------------------\  Fin du rapport a 13:17:57

moment de grace · Answer

tres bien

il manque cette opération là

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir 

# Double clic sur le raccourci UsbFix présent sur ton bureau 

# Sélectionne l'option 2 ( Suppression ) 

# Ton bureau disparaitra et le pc redémarrera . 

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil. 

# Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau . 

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt ) 

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Utilisateur anonyme · Answer

Bonjour, c'est parfait, les fichiers host ont été restauré, c'est l'essentiel

Pc en nettoyage

30 réponses

Votre réponse

Newsletters