Virus

Réponse 21 / 65

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

le message n'est là que pour rassurer si ton anti virus emet une alerte...

dans cet ordre

1)● Relance UsbFix

● Dans le menu principale cette fois choisit l'option2

Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal.

Si un message te demande de redémarrer l'ordinateur fais le ...

● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse

..............................

2)
Note importante :
Pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire
sous peine de ne pas pouvoir faire fonctionner correctement l'outil.
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

Téléchargez et enregistrez le fichier d installation sur le bureau
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement.
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir l'option "s" et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ...
Postez le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Réponse 22 / 65

FLO974

############################# | UsbFix V6.065 |

User : LES LEVOYER'S (Administrateurs) # LES_LEVOYERS
Update on 18/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:19:02 | 19/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 140,07 Go (55,8 Go free) # NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 977,72 Mo (973,98 Mo free) [CORSAIR] # FAT
H:\ -> Disque fixe local # 232,83 Go (91,42 Go free) [My Passport] # FAT32
I:\ -> Disque amovible # 3,91 Go (2,77 Go free) # FAT32

############################## | Processus actifs |

C:\Windows\System32\smss.exe 420
C:\Windows\system32\csrss.exe 672
C:\Windows\system32\csrss.exe 728
C:\Windows\system32\winlogon.exe 756
C:\Windows\system32\wininit.exe 768
C:\Windows\system32\services.exe 808
C:\Windows\system32\lsass.exe 820
C:\Windows\system32\lsm.exe 832
C:\Windows\system32\svchost.exe 980
C:\Windows\system32\svchost.exe 1056
C:\Windows\System32\svchost.exe 1100
C:\Windows\system32\LogonUI.exe 1152
C:\Windows\System32\svchost.exe 1204
C:\Windows\System32\svchost.exe 1232
C:\Windows\system32\svchost.exe 1276
C:\Windows\system32\SLsvc.exe 1404
C:\Windows\system32\svchost.exe 1444
C:\Windows\system32\svchost.exe 1572
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1680
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1696
C:\Windows\System32\spoolsv.exe 2040
C:\Windows\system32\svchost.exe 196
C:\Windows\system32\userinit.exe 296
C:\Windows\system32\taskeng.exe 1984
C:\Windows\system32\Dwm.exe 1828
C:\Windows\system32\taskeng.exe 1720
C:\Windows\Explorer.EXE 1460
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe 2096
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2140
C:\Program Files\Bonjour\mDNSResponder.exe 2184
C:\Program Files\Google\Update\GoogleUpdate.exe 2224
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 2340
C:\Windows\system32\svchost.exe 2484
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2592
C:\Windows\system32\svchost.exe 2680
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 2720
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe 2764
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe 2800
C:\Windows\System32\svchost.exe 2844
C:\Program Files\Winsudate\gibsvc.exe 2872
C:\Windows\system32\SearchIndexer.exe 2916
C:\Windows\system32\DRIVERS\xaudio.exe 2976
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe 3036
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe 3144
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe 3188
C:\Windows\system32\WUDFHost.exe 3360
C:\Windows\system32\igfxext.exe 3396
C:\Windows\system32\igfxsrvc.exe 3432
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3456
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3504
C:\Windows\system32\taskeng.exe 3604
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe 3760
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe 3776
C:\Windows\system32\runonce.exe 3908
C:\Windows\system32\conime.exe 3964
C:\Windows\system32\wbem\wmiprvse.exe 4044

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-18
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2152478756-3922319563-605102323-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2427578438-1392850810-3049345200-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-3883833719-1240411385-709672823-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-92324092-2864686536-589920920-1000
Supprimé ! G:\autorun.0nf
Supprimé ! G:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213
Supprimé ! H:\autorun.inf

################## | Registre # Clés infectieuses |

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{0a21c760-839e-11dd-ad99-001bfbcd081f}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f7ebe47c-0356-11de-8730-001bfbcd081f}\Shell\Auto\Command

################## | Listing des fichiers présent |

[19/09/2006 01:43|--a------|24] C:\autoexec.bat
[11/04/2009 10:36|-rahs----|333257] C:\bootmgr
[14/08/2007 03:14|-ra-s----|8192] C:\BOOTSECT.BAK
[18/06/2008 11:35|--a------|2808] C:\Bug.txt
[19/09/2006 01:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[03/01/2005 08:37|--ah-----|17] C:\initrd.pam
[24/05/2008 18:27|-rahs----|0] C:\IO.SYS
[15/01/2007 20:13|--ah-----|68] C:\kernel.pam
[24/05/2008 18:27|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[04/03/2009 19:35|--a------|3126] C:\TB.txt
[19/12/2009 15:24|--a------|4997] C:\UsbFix.txt
[15/12/2009 21:03|--a------|149772] G:\Expos‚ sur la tunisie.odp

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# G:\autorun.inf -> Dossier créé par UsbFix.
# H:\autorun.inf -> Dossier créé par UsbFix.
# I:\autorun.inf -> Dossier créé par UsbFix.

################## | Cracks / Keygens / Serials |

################## | Upload |

Veuillez envoyer le fichier : C:\Users\LESLEV~1\Desktop\UsbFix_Upload_Me_LES_LEVOYERS.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.065 ! |

Réponse 23 / 65

FLO974

.et celui aussi

======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 18.12.2009 à 20:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 15:36:36, 19/12/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: LES_LEVOYERS | Utilisateur actuel: LES LEVOYER'S
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
Service: WinSvc

C:\Windows\System32\nvs2.inf
C:\Users\LESLEV~1\AppData\Local\Temp\AskSearch
C:\Users\LESLEV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Ask Search Assistant
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer
C:\Program Files\Ask Search Assistant
C:\Program Files\Search Settings
C:\Program Files\WebMediaPlayer
C:\Program Files\Winletmin
C:\Program Files\Winsudate
C:\Users\LES LEVOYER'S\AppData\LocalLow\Search Settings
C:\Windows\Installer\14dfc8a.msi
C:\Users\LES LEVOYER'S\AppData\Local\nnjqvmtu.dat
C:\Users\LES LEVOYER'S\AppData\Local\nnjqvmtu_nav.dat
C:\Users\LES LEVOYER'S\AppData\Local\nnjqvmtu_navps.dat
.
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsr
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKLM\software\classes\SearchSettings.BHO
HKLM\software\classes\SearchSettings.BHO.1
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\software\Dealio
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0292226F570267D459357AF78015E534
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\03285961954D5824C85975D955031EE8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AC3985F4D64C2245A96D31569D1BF40
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\855847FA0E25FBA46B8516389DFDD4B3
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\94E65EF7E080DDA4AA2F1DEDCE74AC5B
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9DC2844D0E3E8924C8973C3B3BAE1F58
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\AFEB575AA30ACB243B748619F62F0782
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F461B8DD96FF5AA41A52D14E1D7B69C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKLM\software\microsoft\windows\currentversion\uninstall\Ask.com Search Assistant
HKLM\software\microsoft\windows\currentversion\uninstall\pikemoik
HKLM\software\Search Settings
HKLM\software\Trymedia Systems
HKLM\SYSTEM\ControlSet001\Services\winsvc
HKLM\SYSTEM\ControlSet002\Services\winsvc
HKLM\SYSTEM\CurrentControlSet\Services\winsvc
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 7.0.6002.18005 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Use Search Asst: no
Search Bar: hxxp://www.google.com/ie
Use Custom Search URL: 1 (0x1)
Enable Browser Extensions: yes
Default_Search_URL: hxxp://www.google.com/ie
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.club-vaio.com
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
4466 Octet(s) - C:\Ad-Report-SCAN[1].log
.
174 Fichier(s) - C:\Users\LESLEV~1\AppData\Local\Temp
21 Fichier(s) - C:\Windows\Temp
129 Fichier(s) - C:\Windows\Prefetch
.
1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 15:44:50 | 19/12/2009 - SCAN[1]
.
============== E.O.F ==============
.

Réponse 24 / 65

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

Même outil (Ad Remover)

Option L Lancer le nettoyage

poster le rapport

FLO974

Voila le rapport !

je dois m'absenter une petite heure
en espérent que les manipes sont finies

je reviendrai voir mon post .

si c'est fini je te remercie pour le temps que m'a consacrée

Flo

Réponse 25 / 65

FLO974

====== RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 18.12.2009 à 20:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:01:08, 19/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: LES_LEVOYERS | Utilisateur actuel: LES LEVOYER'S
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: WinSvc

C:\Windows\System32\nvs2.inf
C:\Users\LESLEV~1\AppData\Local\Temp\AskSearch
C:\Users\LESLEV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Ask Search Assistant
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer
C:\Program Files\Ask Search Assistant
C:\Program Files\Search Settings
C:\Program Files\WebMediaPlayer
C:\Program Files\Winletmin
C:\Program Files\Winsudate
C:\Users\LES LEVOYER'S\AppData\LocalLow\Search Settings
C:\Windows\Installer\14dfc8a.msi
C:\Users\LES LEVOYER'S\AppData\Local\nnjqvmtu.dat
C:\Users\LES LEVOYER'S\AppData\Local\nnjqvmtu_nav.dat
C:\Users\LES LEVOYER'S\AppData\Local\nnjqvmtu_navps.dat

(!) -- Fichiers temporaires supprimés.

.
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsr
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKLM\software\classes\SearchSettings.BHO
HKLM\software\classes\SearchSettings.BHO.1
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\software\Dealio
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0292226F570267D459357AF78015E534
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\03285961954D5824C85975D955031EE8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AC3985F4D64C2245A96D31569D1BF40
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\855847FA0E25FBA46B8516389DFDD4B3
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\94E65EF7E080DDA4AA2F1DEDCE74AC5B
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9DC2844D0E3E8924C8973C3B3BAE1F58
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\AFEB575AA30ACB243B748619F62F0782
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F461B8DD96FF5AA41A52D14E1D7B69C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKLM\software\microsoft\windows\currentversion\uninstall\Ask.com Search Assistant
HKLM\software\microsoft\windows\currentversion\uninstall\pikemoik
HKLM\software\Search Settings
HKLM\software\Trymedia Systems
HKLM\SYSTEM\ControlSet002\Services\winsvc
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 7.0.6002.18005 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Custom Search URL: 1 (0x1)
Enable Browser Extensions: yes
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
4593 Octet(s) - C:\Ad-Report-CLEAN[1].log
4837 Octet(s) - C:\Ad-Report-SCAN[1].log
.
0 Fichier(s) - C:\Users\LESLEV~1\AppData\Local\Temp
1 Fichier(s) - C:\Windows\Temp
0 Fichier(s) - C:\Windows\Prefetch
.
20 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
33 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 17:09:13 | 19/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.

Réponse 26 / 65

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

beaucoup d'infections, et des restes d'anciennes...on tiens le bon bout

dans cer ordre

1)
Infection Navipromo….Pour info :

Il s'installe via certains programmes, dont ceux-ci qu'il faut éviter à tout prix:
* Funky Emoticons
* go-astro
* Games Attack
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live-Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Officiale Emule (Version d'Emule modifiée)
* Original Solitaire
* SuperSexPlayer
* Speed Downloading
* Sudoplanet
* Webmediaplayer

il faudrait télécharge navilog1 sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Certaines infections bloquent les téléchargements d' outils de désinfection utilisez ce lien alternatif:
http://ww38.toofiles.com/fr/oip/documents/exe/yop3.html

/!\ Utilisateur de VISTA: il faudrait désactiver l’UAC juste le temps de désinfection de votre pc, Vous le réactiverez plus tard :

Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

1°Double-clique sur navilog1.exe présent sur ton bureau
2°Sélectionnez la langue désirée dans le menu puis valide le choix par la touche « entrer »
3°Petit message d’avertissement, appuyez sur une touche pour passe à la suite
4°un nouveau avertissement, appuie sur une touche pour suivre
5°Vérification de l’installation de Navilog1 : si tout est bon, appuyez sur une touche pour continuer
6°Choisir option 1 : recherche/désinfection automatique
7°La recherche va se lancer automatiquement et peut durée quelques minutes, patientez
8°Une fois l’analyse terminé, fermez et enregistrez votre travail en cours, puis appuiez sur une touche pour que votre pc puisse démarrer
9°Au redémarrage du pc, Navilog va supprimer ce qu’il a trouvé, patientez quelques instants.

.........................................

Téléchargez MalwareByte's Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

. Sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller

Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

FLO974

OK ON Y VA !!

FLO974 > FLO974

voila

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3393
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

19/12/2009 20:32:53
mbam-log-2009-12-19 (20-32-53).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 279262
Temps écoulé: 1 hour(s), 12 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 58

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Users\LES LEVOYER'S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\WINSUD~1\gibcom.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\WINSUD~1\gibidl.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\WINSUD~1\gibsvc.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\WINSUD~1\gibupt.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\WINSUD~1\gibusr.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Navilog1\gnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG757DF\gibcom[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG757DF\gibidl[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CI2QEHK0\gibsvc[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCET99DM\gibupt[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCET99DM\gibusr[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\nbmw (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sws_translations.xml (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\cookies_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\register_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Réponse 27 / 65

FLO974

une question
je peux supprimer Navilog ,malwarebytes AD -R.exe mbam-log
ou je dois garder certain ?

Réponse 28 / 65

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

il me manque le rapport navilog...

Il se trouve à cette emplacement :

Vista : logo « demarrer »/ordinateur/c:/ cleannavi.txt

Réponse 29 / 65

FLO974

ok !

Fix Navipromo version 4.0.5 commencé le 19/12/2009 19:07:45,85

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : LES LEVOYER'S ( Administrator )
BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:140 Go (Free:55 Go)
D:\ (USB)
E:\ (USB)
F:\ (CD or DVD)

Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\LESLEV~1\AppData\Local\Temp effectué !

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !

*** Scan terminé 19/12/2009 19:12:31,02 ***

Réponse 30 / 65

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

pour les outils... à la fin

comment va le pc ?

relances RSIT et postes le rapport log à la fin du scan

Réponse 31 / 65

FLO974

c quoi rsit c 'est le navilog

Réponse 32 / 65

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

sur ton bureau

C:\Users\LES LEVOYER'S\Desktop\RSIT.exe

Réponse 33 / 65

FLO974

je ne l'ai pas

Réponse 34 / 65

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

• Télécharge Random's System Information Tool (RSIT) de Random/Random.

http://images.malwareremoval.com/random/RSIT.exe

• Enregistre le sur ton Bureau.

• Double clique sur RSIT.exe pour lancer l'outil.

• Clique sur "Continue" à l'écran Disclaimer.

• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)

et tu devras accepter la licence.

• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt

Réponse 35 / 65

FLO974

ok je l'ai retrouvé le premier
Logfile of random's system information tool 1.06 (written by random/random)
Run by LES LEVOYER'S at 2009-12-19 21:12:45
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 57 GB (39%) free of 143 GB
Total RAM: 2038 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:11, on 19/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SkypeMate\SkypeMate.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\LES LEVOYER'S\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\LES LEVOYER'S.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr./
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.jeux-gratuits.com/jeu/112/jeu+gratuit+skate+de+rue/"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: SkypeMate.lnk = C:\Program Files\SkypeMate\SkypeMate.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9b9b08083cb0) (gupdate1c9b9b08083cb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 36 / 65

FLO974

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{DE07AA01-D503-43FC-90CA-C85F00D4B173}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-05 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-05 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-05 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-08 4423680]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-10 835584]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-06-30 137752]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-06-30 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-06-30 133656]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-06-11 317560]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-02-25 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-11 2356088]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2008-03-25 906480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE [2008-12-05 460216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Users\LES LEVOYER'S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
SkypeMate.lnk - C:\Program Files\SkypeMate\SkypeMate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-06-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-07-24 98304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-12-19 19:17:09 ----D---- C:\Users\LES LEVOYER'S\AppData\Roaming\Malwarebytes
2009-12-19 19:17:03 ----D---- C:\ProgramData\Malwarebytes
2009-12-19 19:17:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-19 19:07:45 ----A---- C:\cleannavi.txt
2009-12-19 15:24:07 ----RASHD---- C:\autorun.inf
2009-12-19 15:18:59 ----A---- C:\UsbFix.txt
2009-12-19 14:29:39 ----D---- C:\UsbFix
2009-12-19 14:11:40 ----D---- C:\rsit
2009-12-19 09:39:20 ----D---- C:\ProgramData\Nero
2009-12-19 09:39:18 ----D---- C:\Program Files\Common Files\Nero
2009-12-12 12:46:19 ----D---- C:\Users\LES LEVOYER'S\AppData\Roaming\OpenOffice.org
2009-12-12 12:44:35 ----D---- C:\Program Files\JRE
2009-12-12 12:44:23 ----D---- C:\Program Files\OpenOffice.org 3
2009-12-12 12:43:20 ----A---- C:\Windows\system32\javaws.exe
2009-12-12 12:43:20 ----A---- C:\Windows\system32\javaw.exe
2009-12-12 12:43:20 ----A---- C:\Windows\system32\java.exe
2009-12-10 06:12:05 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 06:12:00 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 06:09:48 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 06:09:41 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 06:09:40 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 06:09:39 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 06:09:37 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 06:09:36 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 06:09:34 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 06:09:32 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 06:05:06 ----A---- C:\Windows\system32\rastls.dll
2009-11-26 07:30:58 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 06:11:29 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 06:11:29 ----A---- C:\Windows\system32\msxml3.dll

======List of files/folders modified in the last 1 months======

2009-12-19 21:12:56 ----D---- C:\Windows\Prefetch
2009-12-19 21:12:48 ----D---- C:\Windows\Temp
2009-12-19 20:40:28 ----D---- C:\Windows\system32\drivers
2009-12-19 20:40:28 ----D---- C:\Windows\Drivers
2009-12-19 20:32:52 ----RD---- C:\Program Files
2009-12-19 20:32:51 ----D---- C:\Program Files\Navilog1
2009-12-19 19:17:03 ----HD---- C:\ProgramData
2009-12-19 19:13:38 ----D---- C:\Users\LES LEVOYER'S\AppData\Roaming\OpenOffice.org2
2009-12-19 17:36:19 ----D---- C:\Windows\system32\config
2009-12-19 17:36:10 ----D---- C:\Windows\Tasks
2009-12-19 17:36:10 ----D---- C:\Windows\system32\Tasks
2009-12-19 17:36:10 ----D---- C:\Windows\system32\spool
2009-12-19 17:36:10 ----D---- C:\Windows\system32\Msdtc
2009-12-19 17:36:10 ----D---- C:\Windows\system32\CodeIntegrity
2009-12-19 17:36:10 ----D---- C:\Windows\system32\catroot2
2009-12-19 17:36:09 ----D---- C:\Program Files\Circle Developemet
2009-12-19 17:36:08 ----D---- C:\Windows\system32\wbem
2009-12-19 17:36:08 ----D---- C:\Windows\registration
2009-12-19 17:09:13 ----D---- C:\Program Files\Ad-remover
2009-12-19 17:08:10 ----SHD---- C:\Windows\Installer
2009-12-19 17:07:51 ----D---- C:\Windows\System32
2009-12-19 15:57:10 ----D---- C:\Windows\inf
2009-12-19 15:57:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-19 15:56:09 ----D---- C:\Windows\system32\LogFiles
2009-12-19 15:56:08 ----D---- C:\Windows
2009-12-19 15:24:04 ----SD---- C:\Windows\Downloaded Program Files
2009-12-19 15:22:28 ----SHD---- C:\$Recycle.Bin
2009-12-19 14:40:38 ----SHD---- C:\System Volume Information
2009-12-19 09:42:43 ----D---- C:\Users\LES LEVOYER'S\AppData\Roaming\Nero
2009-12-19 09:39:18 ----D---- C:\Program Files\Common Files
2009-12-19 09:38:05 ----D---- C:\Windows\winsxs
2009-12-19 09:37:54 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-18 18:56:30 ----D---- C:\Users\LES LEVOYER'S\AppData\Roaming\vlc
2009-12-17 22:27:48 ----D---- C:\Users\LES LEVOYER'S\AppData\Roaming\Skype
2009-12-17 22:25:59 ----D---- C:\Users\LES LEVOYER'S\AppData\Roaming\skypePM
2009-12-12 12:45:36 ----RSD---- C:\Windows\assembly
2009-12-12 12:44:47 ----RSD---- C:\Windows\Fonts
2009-12-12 12:42:22 ----D---- C:\Program Files\Java
2009-12-10 06:58:11 ----D---- C:\Windows\rescache
2009-12-10 06:43:16 ----D---- C:\Windows\system32\catroot
2009-12-10 06:40:31 ----D---- C:\Windows\system32\fr-FR
2009-12-10 06:40:31 ----D---- C:\Program Files\Windows Mail
2009-12-10 06:17:05 ----D---- C:\Windows\Debug
2009-12-02 00:06:19 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-06-27 10216]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-06-16 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-16 8192]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-16 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-16 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-30 1671680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-08 1761696]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-30 2222080]
R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2007-04-20 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2007-04-20 43904]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-07-06 84480]
R3 SNC;Sony Firmware Extension Parser Device; C:\Windows\System32\Drivers\SonyNC.sys [2006-11-06 27520]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-10 181560]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-04-24 41856]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-16 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-07 2591232]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 JL2005C;Dual Mode Camera; C:\Windows\System32\Drivers\jl2005c.sys [2007-01-26 68954]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-05-29 46992]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-02-13 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-07-24 182392]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2007-06-28 188416]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2007-06-28 184320]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-06-16 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2007-06-28 274432]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate1c9b9b08083cb0;Service Google Update (gupdate1c9b9b08083cb0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-10 133104]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-14 1831424]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-10 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 Service CANALPLAY;Service CANALPLAY; C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2007-07-09 415392]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-06-28 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2007-06-20 2523136]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-06-20 499712]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 79736]

-----------------EOF-----------------

Réponse 37 / 65

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

encore un petit dernier virus et on a fini

/!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs(uac)

https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
Téléchargez Lop S&D.exe sur le Bueau

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Certaines infections bloquent les telechargements d' outils de desinfection utilisez ce lien alternatif:
http://ww38.toofiles.com/fr/oip/documents/exe/yop4.html

Lop S&D est détecté par certains antivirus : il ne s'agit pas d'un virus (faux positif), mais d'un utilitaire destiné à mettre fin à des processus. Dans le cas d'une alerte de la part de votre antivirus, veuillez désactiver votre antivirus pendant la procédure

* Double-cliquez dessus pour lancer l'installation
* Puis double-cliquez sur le raccourci Lop S&D présent sur le Bureau
* Séléctionnez la langue souhaitée, puis choisir l'option 1 (Recherche)
* Patientez jusqu'à la fin du scan
* Postez le rapport généré sur un forum(C:\lopR.txt)

Réponse 38 / 65

FLO974

ok !!

Réponse 39 / 65

FLO974

voila !

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : LES LEVOYER'S ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:140 Go (Free:55 Go)
D:\ (USB)
E:\ (USB)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 19/12/2009|21:36 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[11/04/2008|11:53] C:\Users\LESLEV~1\AppData\Local\Adobe
[25/02/2009|19:53] C:\Users\LESLEV~1\AppData\Local\Apple
[26/02/2009|06:59] C:\Users\LESLEV~1\AppData\Local\Apple Computer
[26/03/2008|21:57] C:\Users\LESLEV~1\AppData\Local\Application Data
[04/05/2008|11:07] C:\Users\LESLEV~1\AppData\Local\Apps
[28/03/2008|15:32] C:\Users\LESLEV~1\AppData\Local\Ares
[27/06/2008|07:48] C:\Users\LESLEV~1\AppData\Local\d3d9caps.dat
[23/10/2009|19:09] C:\Users\LESLEV~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[31/01/2009|07:03] C:\Users\LESLEV~1\AppData\Local\Deployment
[26/06/2009|20:42] C:\Users\LESLEV~1\AppData\Local\eMule
[12/12/2009|13:07] C:\Users\LESLEV~1\AppData\Local\GDIPFONTCACHEV1.DAT
[05/12/2009|20:30] C:\Users\LESLEV~1\AppData\Local\Google
[26/03/2008|21:57] C:\Users\LESLEV~1\AppData\Local\Historique
[19/12/2009|20:39] C:\Users\LESLEV~1\AppData\Local\IconCache.db
[09/04/2009|06:44] C:\Users\LESLEV~1\AppData\Local\Microsoft
[31/03/2008|17:28] C:\Users\LESLEV~1\AppData\Local\Microsoft Games
[14/08/2007|12:18] C:\Users\LESLEV~1\AppData\Local\Microsoft Help
[11/05/2008|00:35] C:\Users\LESLEV~1\AppData\Local\MigWiz
[16/05/2008|07:30] C:\Users\LESLEV~1\AppData\Local\pikemoik.bat
[14/08/2007|12:22] C:\Users\LESLEV~1\AppData\Local\Seven Zip
[19/12/2009|21:34] C:\Users\LESLEV~1\AppData\Local\Temp
[26/03/2008|21:57] C:\Users\LESLEV~1\AppData\Local\Temporary Internet Files
[08/09/2007|06:49] C:\Users\LESLEV~1\AppData\Local\Toshiba
[26/03/2008|23:21] C:\Users\LESLEV~1\AppData\Local\VirtualStore
[03/11/2009|17:15] C:\Users\LESLEV~1\AppData\Local\Yahoo!

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[19/12/2009 21:14][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[19/12/2009 20:40][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[19/12/2009 20:10][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{DE07AA01-D503-43FC-90CA-C85F00D4B173}.job
[19/12/2009 20:40][--ah-----] C:\Windows\tasks\SA.DAT
[19/12/2009 20:39][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[14/08/2007|12:22] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[20/05/2009|09:09] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[23/08/2009|17:03] C:\ProgramData\Adobe
[25/02/2009|19:51] C:\ProgramData\Apple
[25/02/2009|19:55] C:\ProgramData\Apple Computer
[02/11/2006|17:02] C:\ProgramData\Application Data
[13/08/2007|17:22] C:\ProgramData\Bureau
[02/11/2006|17:02] C:\ProgramData\Desktop
[02/11/2006|17:02] C:\ProgramData\Documents
[26/06/2009|20:42] C:\ProgramData\eMule
[20/06/2009|15:55] C:\ProgramData\Estsoft
[09/07/2008|17:31] C:\ProgramData\ezsidmv.dat
[13/08/2007|17:22] C:\ProgramData\Favoris
[02/11/2006|17:02] C:\ProgramData\Favorites
[11/10/2009|22:34] C:\ProgramData\Google
[19/12/2009|19:17] C:\ProgramData\Malwarebytes
[13/08/2007|17:22] C:\ProgramData\Menu D‚marrer
[23/01/2009|12:11] C:\ProgramData\Messenger Plus!
[20/02/2009|18:02] C:\ProgramData\Microsoft
[12/04/2008|10:22] C:\ProgramData\Microsoft Help
[13/08/2007|17:22] C:\ProgramData\ModŠles
[19/12/2009|09:46] C:\ProgramData\Nero
[10/08/2009|08:24] C:\ProgramData\NOS
[15/05/2008|09:17] C:\ProgramData\ntuser.pol
[23/05/2009|14:19] C:\ProgramData\Roxio
[05/11/2009|14:32] C:\ProgramData\Skype
[08/09/2007|05:51] C:\ProgramData\Sonic
[14/08/2007|12:26] C:\ProgramData\Sony
[04/05/2008|19:15] C:\ProgramData\Sony Corporation
[02/11/2006|17:02] C:\ProgramData\Start Menu
[03/08/2008|20:37] C:\ProgramData\Symantec
[02/11/2006|17:02] C:\ProgramData\Templates
[08/09/2007|06:04] C:\ProgramData\VAIO Media Platform
[07/07/2009|07:25] C:\ProgramData\WindowsSearch
[11/10/2009|22:08] C:\ProgramData\WinZip
[26/03/2008|22:56] C:\ProgramData\WLInstaller
[16/08/2008|17:26] C:\ProgramData\yahoo!
[26/02/2009|20:29] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[14/08/2007|12:22] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[23/08/2009|17:03] C:\Program Files\Adobe
[19/12/2009|17:09] C:\Program Files\Ad-remover
[26/03/2008|22:48] C:\Program Files\Alwil Software
[25/02/2009|19:53] C:\Program Files\Apple Software Update
[11/12/2008|13:45] C:\Program Files\ArcSoft
[26/06/2009|12:17] C:\Program Files\Atari
[25/02/2009|21:48] C:\Program Files\AviSynth 2.5
[20/05/2009|08:43] C:\Program Files\Bonjour
[28/03/2008|09:30] C:\Program Files\CCleaner
[19/12/2009|17:36] C:\Program Files\Circle Developemet
[19/12/2009|09:39] C:\Program Files\Common Files
[13/08/2007|18:53] C:\Program Files\CONEXANT
[10/04/2009|11:44] C:\Program Files\DivX
[26/06/2009|20:42] C:\Program Files\eMule
[22/08/2009|08:54] C:\Program Files\ESTsoft
[13/08/2007|17:22] C:\Program Files\Fichiers communs [Y:\Program Files\Common Files]
[26/02/2009|17:48] C:\Program Files\Free Video Converter
[11/10/2009|22:32] C:\Program Files\Google
[28/07/2008|08:58] C:\Program Files\Google BAE
[15/05/2009|19:32] C:\Program Files\InfraRecorder
[11/12/2008|13:45] C:\Program Files\InstallShield Installation Information
[13/08/2007|18:38] C:\Program Files\Intel
[24/06/2008|15:25] C:\Program Files\InterActual
[28/10/2009|07:43] C:\Program Files\Internet Explorer
[08/09/2007|06:18] C:\Program Files\InterVideo
[20/05/2009|09:08] C:\Program Files\iPod
[05/03/2009|13:03] C:\Program Files\Ipod Video Converter
[29/03/2009|19:18] C:\Program Files\IrfanView
[20/05/2009|09:09] C:\Program Files\iTunes
[12/12/2009|12:42] C:\Program Files\Java
[17/12/2008|11:26] C:\Program Files\JL2005C
[12/12/2009|12:44] C:\Program Files\JRE
[27/03/2008|14:47] C:\Program Files\Lecteur CANALPLAY
[19/12/2009|19:17] C:\Program Files\Malwarebytes' Anti-Malware
[09/11/2009|15:31] C:\Program Files\Messenger Plus! Live
[07/11/2008|14:19] C:\Program Files\Micro Application
[22/12/2008|09:57] C:\Program Files\Microsoft
[27/03/2008|23:54] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|16:37] C:\Program Files\Microsoft Games
[09/09/2009|21:22] C:\Program Files\Microsoft Silverlight
[22/12/2008|10:00] C:\Program Files\Microsoft SQL Server Compact Edition
[22/12/2008|10:02] C:\Program Files\Microsoft Sync Framework
[14/08/2009|12:08] C:\Program Files\Mindscape
[28/10/2009|07:43] C:\Program Files\Movie Maker
[02/11/2006|16:37] C:\Program Files\MSBuild
[13/08/2007|18:09] C:\Program Files\MSXML 4.0
[19/12/2009|20:32] C:\Program Files\Navilog1
[10/08/2009|08:24] C:\Program Files\NOS
[12/04/2008|10:40] C:\Program Files\OpenOffice.org 2.2
[12/12/2009|12:44] C:\Program Files\OpenOffice.org 3
[31/03/2008|21:44] C:\Program Files\PhotoFiltre
[28/09/2009|19:21] C:\Program Files\Picasa2
[10/07/2009|14:34] C:\Program Files\QUAD Utilities
[25/02/2009|19:54] C:\Program Files\QuickTime
[13/08/2007|18:47] C:\Program Files\Realtek
[26/02/2009|17:35] C:\Program Files\Red Kawa
[02/11/2006|16:37] C:\Program Files\Reference Assemblies
[08/09/2007|05:50] C:\Program Files\Roxio
[05/11/2009|14:32] C:\Program Files\Skype
[28/04/2009|13:38] C:\Program Files\SkypeMate
[08/09/2007|06:30] C:\Program Files\Sony
[13/08/2007|18:54] C:\Program Files\Synaptics
[08/09/2007|05:57] C:\Program Files\Toshiba
[14/05/2008|11:32] C:\Program Files\Trend Micro
[02/11/2006|17:01] C:\Program Files\Uninstall Information
[30/05/2009|09:06] C:\Program Files\VideoLAN
[07/07/2009|08:28] C:\Program Files\Web Publish
[28/10/2009|07:43] C:\Program Files\Windows Calendar
[28/10/2009|07:43] C:\Program Files\Windows Collaboration
[28/10/2009|07:43] C:\Program Files\Windows Defender
[28/10/2009|07:43] C:\Program Files\Windows Journal
[02/10/2009|12:12] C:\Program Files\Windows Live
[22/12/2008|09:57] C:\Program Files\Windows Live SkyDrive
[10/12/2009|06:40] C:\Program Files\Windows Mail
[29/10/2009|08:03] C:\Program Files\Windows Media Player
[13/08/2007|17:22] C:\Program Files\Windows NT
[28/10/2009|07:43] C:\Program Files\Windows Photo Gallery
[18/11/2009|07:19] C:\Program Files\Windows Portable Devices
[28/10/2009|07:43] C:\Program Files\Windows Sidebar
[15/05/2009|19:47] C:\Program Files\WinRAR
[16/08/2008|17:25] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[23/08/2009|17:03] C:\Program Files\Common Files\Adobe
[20/05/2009|09:08] C:\Program Files\Common Files\Apple
[11/12/2008|13:36] C:\Program Files\Common Files\ArcSoft
[10/04/2009|11:43] C:\Program Files\Common Files\DivX Shared
[08/09/2007|05:47] C:\Program Files\Common Files\InstallShield
[08/09/2007|06:18] C:\Program Files\Common Files\InterVideo
[14/08/2007|12:31] C:\Program Files\Common Files\Java
[19/12/2009|09:37] C:\Program Files\Common Files\microsoft shared
[19/12/2009|09:46] C:\Program Files\Common Files\Nero
[14/08/2007|12:26] C:\Program Files\Common Files\PX Storage Engine
[08/09/2007|05:51] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|15:18] C:\Program Files\Common Files\Services
[05/11/2009|14:32] C:\Program Files\Common Files\Skype
[08/09/2007|05:51] C:\Program Files\Common Files\Sonic Shared
[08/09/2007|06:04] C:\Program Files\Common Files\Sony Shared
[02/11/2006|15:18] C:\Program Files\Common Files\SpeechEngines
[04/08/2008|17:16] C:\Program Files\Common Files\Symantec Shared
[28/10/2009|07:43] C:\Program Files\Common Files\System
[22/12/2008|09:26] C:\Program Files\Common Files\Windows Live
[26/03/2008|23:12] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 85 Processes )

iexplore.exe ~ [PID:5272]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\LESLEV~1\AppData\Roaming\MICROS~1\Windows\Cookies\les_levoyer's@advertstream[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 21:36:54
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\Users\LESLEV~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQSLDWAG\afr[1].htm
C:\Users\LESLEV~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQSLDWAG\afr[3].htm
scan completed successfully
hidden processes: 0
hidden files: 59

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure

[F:18][D:7]-> C:\Users\LESLEV~1\AppData\Local\Temp
[F:105][D:1]-> C:\Users\LESLEV~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1703][D:7]-> C:\Users\LESLEV~1\AppData\Local\MICROS~2\Windows\TEMPOR~1\content.IE5
[F:3][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 19/12/2009|21:39 - Option : [1]

--------------------\\ Fin du rapport a 21:39:24
[ UAC => 1 ]

Réponse 40 / 65

moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

relances Lop SD option 2 sppression + hosts
postes le rapport

enchaines ensuite ainsi

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

à la fin du scan la fenêtre se referme seule.

ouvre C:\List'em.txt

▶colle le contenu dans ta prochaine réponse

Virus

65 réponses

Votre réponse

Discussions similaires