Sujet Précédent Sujet Suivant

Problème de telechargement, virus??

lenoill7931 Messages postés 19 Statut Membre -  
flo-91 Messages postés 5973 Statut Contributeur sécurité -
Bonjour,
depuis quelque jour je télécharge à du 3xko/s et vu que j'aime télécharger, c'est un peu ennuyeux :/ et je suppose que ça doit être un virus :o Pouvez-vous m'aider svp :'(?

j'ai utiliser Hijackthis et ça me met ça (mais pour moi, c'est pire que du japonais--'):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:28, on 7/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\system32\WinUpd.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RomStation] "C:\Program Files\RomStation\RomStation.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk133YYBE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O22 - SharedTaskScheduler: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdate1c99d09aa69c136) (gupdate1c99d09aa69c136) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
 
Ok, la suite :

-Passer de avast à Antivir :

Desinstalle avast qui n'est pas terrible à l'aide de cet outil :

https://www.avast.com/fr-fr/uninstall-utility

Telecharge Avira Antivir ( bien mieux et gratuit ) ici :

http://www.commentcamarche.net/telecharger/telecharger-55-antivir

Puis :

Configure avira comme ceci et lancer un scan après une mise à jour :

•Configuration de Antivir :
clic droit sur son icône dans la barre des taches et sélectionner Configurer Antivir.
cocher la case : Mode Expert( en haut à gauche de la fenêtre)..
=> Cliquer sur Scanner dans le volet de gauche :
> Dans "Fichiers" sélectionner Tous les fichiers.
> Dans procédure de recherche, cocher Autoriser l'arrêt, et dans "priorité scanner" sélectionner Moyen.
> Dans "Autres réglages" cocher toutes les cases.
NE SURTOUT PAS OUBLIER LA RECHERCHE DES ROOTKIT QUI EST TRES IMPORTANTE !
> Cliquer sur "Recherche" dans le volet de gauche et appliquer les mêmes paramètres que précédemment.
=> Dérouler "Recherche" en cliquant sur le +. Cliquer sur "Heuristique" :
=> Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'indentification MOYEN !
=> Dans le volet de gauche, dérouler "Guard" :
coche : contrôler pendant la lecture et l’écriture, puis à côté : tous les fichiers.
aide en images :
http://www.commentcamarche.net/...
Tuto configuration en vidéo (merci à Nico pour la vidéo) :
http://sd-1.archive-host.com/membres/up/829108531491024/video-Antivir.zip
1
Réponse 2 / 22
flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
 
Bonsoir,

En effet, tu es inefcté :

Pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire
sous peine de ne pas pouvoir faire fonctionner correctement l'outil.
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

>Ad-Remover<

>Telecharge Ad-Remover et enregistre-le sur ton bureau :

https://www.commentcamarche.net/telecharger/securite/2547-ad-remover/

>Désactive ton antivirus le temps de la manip
>Déconnecte-toi d'Internet et ferme toutes applications en cours
>Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
>Au menu principal, choisis l'option L ( Nettoyage )
>Poste le rapport généré (C:\Ad-Report-CLEAN.log).
>N'oublie pas de réactiver ton anti-virus
0
Réponse 3 / 22
jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618
 
bonjour, désolé j'avais pas vu que le sujet était déjà pris en charge je me retire @+
0
Réponse 4 / 22
rebitus
 
Salut,
Vous etes obliger d'utiliser un proxy?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
lenoill7931 Messages postés 19 Statut Membre
 
eeuuhhh,j'ai telecharger le programme, je le lance, je tape L, mon pc redémarre, et quand je me connecte sur ma session, ça met que "windows ne trouve pas c:\program~1\ad-remover\adr_01.bat......etc.

je fais quoi, stp?
0
Réponse 6 / 22
flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
 
Essaie en mode sans echec ( tapote F8 au demarrage du pc )
0
Réponse 7 / 22
lenoill7931 Messages postés 19 Statut Membre
 
quand je tape f8 au démarrage ça me demande de selection "boot device" ou quelque chose comme ça...^^' avec
"-st Floppy Drive
-PM - pionner DVD-RV DVR-110D
-PS-DVD-ROM BPV316E
-3m- MAXTOR 6V160E0"

et avant de faire une erreur je préfère demander >.<
Je dois sélectionner un des quatre??? help please!!

PS: je suis nul niveau informatique, je sais :'(
0
Réponse 8 / 22
flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
 
Essaie avec F5
0
Réponse 9 / 22
rebitus
 
Pour F8 vous etiez dans le premier fait attendre quelque second avant d appuyé sur F8
0
Réponse 10 / 22
lenoill7931 Messages postés 19 Statut Membre
 
voilà =D

.
Updated by C_XX on 05.01.2010 at 18:50
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 19:32:09, ven. 08/01/2010 | Normal Boot | Option: CLEAN
Executed from: C:\PROGRA~1\Ad-Remover\
Operating system: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Computer Name: ROBERT-65A6F78C | Current user: Zangetsu

.
============== NEUTRALIZED ELEMENT(S) ==============
.

C:\WINDOWS\System32\f3PSSavr.scr
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\ShoppingReport
C:\DOCUME~1\Zangetsu\APPLIC~1\Desktopicon
C:\DOCUME~1\Zangetsu\APPLIC~1\ShoppingReport
C:\DOCUME~1\Zangetsu\MENUDM~1\Ebay.lnk
C:\Program Files\MSN Messenger\Riched20.dll
C:\Program Files\Internet Explorer\msimg32.dll

(!) -- Temp files deleted.

.
HKCU\software\Fun Web Products
HKCU\software\FunWebProducts
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
HKCU\software\MyWebSearch
HKCU\software\ShoppingReport
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
HKLM\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\Software\Classes\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}
HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKLM\Software\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKLM\software\classes\FunWebProducts.DataControl
HKLM\software\classes\FunWebProducts.DataControl.1
HKLM\software\classes\FunWebProducts.HistoryKillerScheduler
HKLM\software\classes\FunWebProducts.HistoryKillerScheduler.1
HKLM\software\classes\FunWebProducts.HistorySwatterControlBar
HKLM\software\classes\FunWebProducts.HistorySwatterControlBar.1
HKLM\software\classes\FunWebProducts.HTMLMenu
HKLM\software\classes\FunWebProducts.HTMLMenu.1
HKLM\software\classes\FunWebProducts.HTMLMenu.2
HKLM\software\classes\FunWebProducts.IECookiesManager
HKLM\software\classes\FunWebProducts.IECookiesManager.1
HKLM\software\classes\FunWebProducts.KillerObjManager
HKLM\software\classes\FunWebProducts.KillerObjManager.1
HKLM\software\classes\FunWebProducts.PopSwatterBarButton
HKLM\software\classes\FunWebProducts.PopSwatterBarButton.1
HKLM\software\classes\FunWebProducts.PopSwatterSettingsControl
HKLM\software\classes\FunWebProducts.PopSwatterSettingsControl.1
HKLM\software\classes\FunWebProducts.ShellViewControl
HKLM\software\classes\FunWebProducts.ShellViewControl.1
HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKLM\Software\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKLM\Software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKLM\software\classes\MyWebSearch.HTMLPanel
HKLM\software\classes\MyWebSearch.HTMLPanel.1
HKLM\software\classes\MyWebSearch.OutlookAddin
HKLM\software\classes\MyWebSearch.OutlookAddin.1
HKLM\software\classes\MyWebSearch.PseudoTransparentPlugin
HKLM\software\classes\MyWebSearch.PseudoTransparentPlugin.1
HKLM\software\classes\MyWebSearchToolBar.SettingsPlugin
HKLM\software\classes\MyWebSearchToolBar.SettingsPlugin.1
HKLM\software\classes\MyWebSearchToolBar.ToolbarPlugin
HKLM\software\classes\MyWebSearchToolBar.ToolbarPlugin.1
HKLM\software\classes\ScreenSaverControl.ScreenSaverInstaller
HKLM\software\classes\ScreenSaverControl.ScreenSaverInstaller.1
HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\TypeLib\{621FEACD-8857-43A6-AE26-451D670D5370}
HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKLM\Software\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
HKLM\Software\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKLM\software\FocusInteractive
HKLM\software\Fun Web Products
HKLM\software\FunWebProducts
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\software\microsoft\internet explorer\searchscopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources\\F3PopularScreenSavers
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2EFF3CF7-99C1-4C29-BC2B-68E057E22340}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform\\FunWebProducts
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin
HKLM\software\microsoft\windows\currentversion\uninstall\MyWebSearch bar Uninstall
HKLM\software\microsoft\windows\currentversion\uninstall\ShoppingReport
HKLM\software\MyWebSearch
HKLM\software\ShoppingReport
HKU\S-1-5-21-1757981266-1614895754-725345543-1008\Software\Microsoft\Internet Explorer\Searchscopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
.
============== Added scan ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
ProfilePath: 8xxtjzk0.default (Zangetsu)
.
(Zangetsu, prefs.js) Browser.download.dir, C:\Documents and Settings\Zangetsu\Bureau
(Zangetsu, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Zangetsu\Bureau
(Zangetsu, prefs.js) Browser.search.defaultenginename, Yahoo
(Zangetsu, prefs.js) Browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2187070&SearchSource=3&q=
(Zangetsu, prefs.js) Browser.startup.homepage, google.be
(Zangetsu, prefs.js) Extensions.enabledItems, delatv@detectvideo.com:0.4,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{b905bc9d-6059-4517-a6b4-950d26299a2b}:2.3.0.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
(Zangetsu, prefs.js) Keyword.URL, hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
.
(Zangetsu, prefs.js) ERASED - Browser.search.defaultthis.engineName, radiodofus Customized Web Search
.
.
* Internet Explorer Version 7.0.5730.11 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Zangetsu\Mes documents\DofusPatch_v1_23_0_to_v1_24_0.exe
.
===================================
.
13721 Byte(s) - C:\Ad-Report-CLEAN[1].log
.
0 File(s) - C:\DOCUME~1\Zangetsu\LOCALS~1\Temp
3 File(s) - C:\WINDOWS\Temp
0 File(s) - C:\WINDOWS\Prefetch
.
17 File(s) - C:\PROGRA~1\Ad-Remover\BACKUP
97 File(s) - C:\PROGRA~1\Ad-Remover\QUARANTINE
.
End at: 19:41:17 | ven. 08/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.
Alors, c'est grave???
0
Réponse 11 / 22
flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
 
Ok, fait ceci :

>Telecharge RSIT ici et enregistre-le sur ton bureau :

http://images.malwareremoval.com/random/RSIT.exe

>Double-clique sur RSIT.exe qui se trouve sur le bureau

>Le programme se lance, choisi "1month" et clique sur "continue"

>Laisse faire l'outil et poste le rapport qui s'affiche.

>Voici un tuto d'aide :

https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
0
Réponse 12 / 22
lenoill7931 Messages postés 19 Statut Membre
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Zangetsu at 2010-01-08 20:08:14
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 21 GB (14%) free of 153 GB
Total RAM: 1023 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:16, on 8/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zangetsu\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Zangetsu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\system32\WinUpd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O22 - SharedTaskScheduler: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdate1c99d09aa69c136) (gupdate1c99d09aa69c136) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 13 / 22
flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
 
Fait ceci :

/!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs(uac)

https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

Téléchargez Lop S&D.exe sur le Bureau

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Certaines infections bloquent les telechargements d' outils de desinfection utilisez ce lien alternatif:
http://ww38.toofiles.com/fr/oip/documents/exe/yop4.html

* Double-cliquez dessus pour lancer l'installation

* Puis double-cliquez sur le raccourci Lop S&D présent sur le Bureau

* Séléctionnez la langue souhaitée, puis choisir l'option 1 (Recherche)

* Patientez jusqu'à la fin du scan

* Postez le rapport généré sur un forum(C:\lopR.txt)

Tutorial (aide) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956­.htm
0
Réponse 14 / 22
flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
 
La suite :

/!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs(uac)

https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

* Puis double-cliquez sur le raccourci Lop S&D présent sur le Bureau

* Séléctionnez la langue souhaitée, puis choisir l'option 2 (Suppression)

* Patientez jusqu'à la fin du scan

* Postez le rapport généré sur un forum(C:\lopR.txt)

Tutorial (aide) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956­.htm
0
lenoill7931 Messages postés 19 Statut Membre
 
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 06/17/05 12:02:26 Ver: 08.00.10
USER : Zangetsu ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 100108-0] 4.8.1368 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:20 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( ven. 08/01/2010|22:07 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[04/11/2009|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/06/2008|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[10/06/2008|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[13/05/2009|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
[16/09/2006|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[03/07/2007|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[22/06/2006|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[27/07/2009|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EmailNotifier
[20/04/2009|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/01/2010|21:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[27/06/2006|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[08/06/2009|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Insight Software
[08/06/2009|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Insight Software Solutions
[04/09/2009|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[17/09/2006|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[27/07/2009|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Megaupload
[26/08/2009|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[11/03/2009|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[21/10/2009|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[05/09/2009|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA Corporation
[16/08/2006|16:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[06/03/2009|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[04/09/2009|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\page
[04/09/2009|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers HeadQuarters
[16/09/2006|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[05/06/2009|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PMB Files
[18/10/2009|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[26/03/2009|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[18/07/2006|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
[22/03/2008|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[11/11/2009|08:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[25/08/2006|13:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[02/03/2008|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[11/03/2008|17:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[02/03/2007|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[25/05/2009|06:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[08/04/2008|20:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[23/11/2009|16:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[23/11/2009|16:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[22/06/2006|09:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/06/2006|09:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


[25/05/2009|15:48] C:\DOCUME~1\Sylvain\APPLIC~1\Adobe
[02/06/2009|10:05] C:\DOCUME~1\Sylvain\APPLIC~1\Creative
[18/04/2009|16:17] C:\DOCUME~1\Sylvain\APPLIC~1\Google
[18/04/2009|16:15] C:\DOCUME~1\Sylvain\APPLIC~1\Identities
[20/04/2009|10:14] C:\DOCUME~1\Sylvain\APPLIC~1\Macromedia
[10/06/2009|12:13] C:\DOCUME~1\Sylvain\APPLIC~1\Microsoft
[22/05/2009|16:55] C:\DOCUME~1\Sylvain\APPLIC~1\Mozilla
[06/05/2009|09:23] C:\DOCUME~1\Sylvain\APPLIC~1\Real
[18/04/2009|16:17] C:\DOCUME~1\Sylvain\APPLIC~1\Yahoo!

[25/11/2008|17:54] C:\DOCUME~1\Zangetsu\APPLIC~1\AccurateRip
[22/09/2009|18:41] C:\DOCUME~1\Zangetsu\APPLIC~1\Adobe
[09/06/2008|20:42] C:\DOCUME~1\Zangetsu\APPLIC~1\AdobeUM
[29/11/2009|14:19] C:\DOCUME~1\Zangetsu\APPLIC~1\app
[16/06/2009|18:09] C:\DOCUME~1\Zangetsu\APPLIC~1\Apple Computer
[30/03/2009|06:07] C:\DOCUME~1\Zangetsu\APPLIC~1\ArcSoft
[13/06/2009|12:59] C:\DOCUME~1\Zangetsu\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[15/02/2008|18:35] C:\DOCUME~1\Zangetsu\APPLIC~1\Creative
[19/06/2009|23:37] C:\DOCUME~1\Zangetsu\APPLIC~1\CyberLink
[08/04/2008|15:18] C:\DOCUME~1\Zangetsu\APPLIC~1\DAEMON Tools
[11/03/2008|17:02] C:\DOCUME~1\Zangetsu\APPLIC~1\DivX
[16/12/2009|21:03] C:\DOCUME~1\Zangetsu\APPLIC~1\Dofus 2
[28/11/2009|13:43] C:\DOCUME~1\Zangetsu\APPLIC~1\Dofus 2 Online
[02/12/2009|20:52] C:\DOCUME~1\Zangetsu\APPLIC~1\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[02/12/2009|20:59] C:\DOCUME~1\Zangetsu\APPLIC~1\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[09/12/2009|14:04] C:\DOCUME~1\Zangetsu\APPLIC~1\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[28/11/2009|13:18] C:\DOCUME~1\Zangetsu\APPLIC~1\DofusOnline.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[04/11/2009|17:39] C:\DOCUME~1\Zangetsu\APPLIC~1\DofusOnline.D3C9F6CBD45122AC696063EA7CD9E35E7469708A.1
[29/11/2009|14:19] C:\DOCUME~1\Zangetsu\APPLIC~1\DofusOnline-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[28/11/2009|13:49] C:\DOCUME~1\Zangetsu\APPLIC~1\dvdcss
[04/09/2009|20:57] C:\DOCUME~1\Zangetsu\APPLIC~1\EmailNotifier
[28/10/2009|21:48] C:\DOCUME~1\Zangetsu\APPLIC~1\fltk.org
[03/06/2009|16:59] C:\DOCUME~1\Zangetsu\APPLIC~1\FMZilla
[04/09/2009|20:14] C:\DOCUME~1\Zangetsu\APPLIC~1\GetRightToGo
[13/03/2008|21:31] C:\DOCUME~1\Zangetsu\APPLIC~1\GlobalSCAPE
[04/03/2009|21:43] C:\DOCUME~1\Zangetsu\APPLIC~1\Google
[23/02/2008|20:45] C:\DOCUME~1\Zangetsu\APPLIC~1\Help
[13/06/2009|12:54] C:\DOCUME~1\Zangetsu\APPLIC~1\HLSW
[14/02/2008|17:10] C:\DOCUME~1\Zangetsu\APPLIC~1\Identities
[26/06/2008|10:43] C:\DOCUME~1\Zangetsu\APPLIC~1\InstallShield
[04/09/2009|20:57] C:\DOCUME~1\Zangetsu\APPLIC~1\LimeWire
[17/02/2008|17:16] C:\DOCUME~1\Zangetsu\APPLIC~1\Macromedia
[23/02/2008|22:13] C:\DOCUME~1\Zangetsu\APPLIC~1\Media Player Classic
[12/11/2009|21:09] C:\DOCUME~1\Zangetsu\APPLIC~1\Microsoft
[27/08/2008|22:26] C:\DOCUME~1\Zangetsu\APPLIC~1\Mozilla
[18/10/2009|10:10] C:\DOCUME~1\Zangetsu\APPLIC~1\Real
[02/12/2009|20:52] C:\DOCUME~1\Zangetsu\APPLIC~1\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[29/11/2009|14:19] C:\DOCUME~1\Zangetsu\APPLIC~1\RegLocal.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[27/06/2009|13:02] C:\DOCUME~1\Zangetsu\APPLIC~1\Samsung
[05/01/2010|21:01] C:\DOCUME~1\Zangetsu\APPLIC~1\Skype
[11/04/2008|19:23] C:\DOCUME~1\Zangetsu\APPLIC~1\skypePM
[24/02/2008|15:47] C:\DOCUME~1\Zangetsu\APPLIC~1\Sun
[04/09/2009|14:54] C:\DOCUME~1\Zangetsu\APPLIC~1\SystemRequirementsLab
[28/12/2008|22:05] C:\DOCUME~1\Zangetsu\APPLIC~1\teamspeak2
[08/01/2010|21:32] C:\DOCUME~1\Zangetsu\APPLIC~1\vlc
[16/03/2008|20:53] C:\DOCUME~1\Zangetsu\APPLIC~1\WinRAR
[22/11/2008|15:23] C:\DOCUME~1\Zangetsu\APPLIC~1\Xfire
[11/03/2008|17:02] C:\DOCUME~1\Zangetsu\APPLIC~1\Yahoo!

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[08/01/2010 21:59][--a--c---] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1614895754-725345543-1008UA.job
[08/01/2010 19:59][--a--c---] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1614895754-725345543-1008Core.job
[08/01/2010 21:44][--a--c---] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[08/01/2010 19:45][--a--c---] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[08/01/2010 19:45][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[07/01/2010 19:32][--a--c---] C:\WINDOWS\tasks\HP Usg Daily.job
[08/01/2010 19:44][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[20/08/2006|03:31] C:\Program Files\ACE Mega CoDecS Pack
[22/09/2009|18:40] C:\Program Files\Adobe
[08/01/2010|19:41] C:\Program Files\Ad-Remover
[18/10/2009|15:54] C:\Program Files\adslTV
[05/09/2009|04:21] C:\Program Files\AGEIA Technologies
[22/06/2006|09:55] C:\Program Files\Ahead
[22/03/2008|16:21] C:\Program Files\Alwil Software
[20/04/2008|08:26] C:\Program Files\Ankama Games
[16/06/2009|18:08] C:\Program Files\Apple Software Update
[26/06/2008|11:33] C:\Program Files\ArcSoft
[04/09/2009|20:54] C:\Program Files\Ashampoo
[04/09/2009|14:32] C:\Program Files\ASUS
[22/06/2006|09:51] C:\Program Files\ASUSTeK
[16/12/2008|22:20] C:\Program Files\Audacity
[03/07/2007|17:03] C:\Program Files\Audible
[23/03/2007|19:58] C:\Program Files\Auralog
[08/12/2007|07:58] C:\Program Files\azertyuiop
[20/12/2006|12:00] C:\Program Files\Azureus
[16/03/2008|14:13] C:\Program Files\Battleships Forever
[30/05/2009|19:47] C:\Program Files\BitLord
[18/10/2009|15:57] C:\Program Files\Bonjour
[24/12/2006|23:01] C:\Program Files\Boonty
[17/09/2006|10:54] C:\Program Files\BoontyGames
[07/08/2009|12:32] C:\Program Files\CamStudio
[27/06/2009|16:16] C:\Program Files\CCleaner
[04/09/2009|20:57] C:\Program Files\Cheat Engine
[26/08/2009|14:51] C:\Program Files\Circle Dvelopement
[27/04/2009|16:30] C:\Program Files\Common Files
[22/06/2006|09:12] C:\Program Files\ComPlus Applications
[13/06/2008|17:55] C:\Program Files\Convertor
[09/06/2009|20:28] C:\Program Files\Creative
[03/07/2007|17:00] C:\Program Files\Creative Installation Information
[19/10/2009|15:46] C:\Program Files\CursorXP
[22/06/2006|10:00] C:\Program Files\CyberLink
[09/04/2008|17:53] C:\Program Files\DAEMON Tools Lite
[07/08/2009|12:00] C:\Program Files\DebugMode
[05/12/2006|20:25] C:\Program Files\Dial-Messenger
[27/06/2009|13:03] C:\Program Files\DIFX
[02/11/2009|08:16] C:\Program Files\DivX
[16/12/2009|21:38] C:\Program Files\Dofus
[03/12/2009|13:58] C:\Program Files\Dofus 2
[28/11/2009|09:39] C:\Program Files\Dofus 2 Online
[12/09/2009|21:07] C:\Program Files\DofusArena2
[10/09/2009|17:26] C:\Program Files\DofusBeta
[13/06/2009|13:00] C:\Program Files\DofusCalc
[17/01/2008|17:44] C:\Program Files\Eidos
[29/04/2009|19:03] C:\Program Files\Eltima Software
[09/08/2006|13:57] C:\Program Files\eMule
[16/03/2008|14:12] C:\Program Files\Fatal Hearts Demo
[04/11/2009|15:53] C:\Program Files\Fichiers communs
[04/09/2009|20:57] C:\Program Files\FlashGet
[23/09/2009|17:20] C:\Program Files\Free Audio Pack
[14/10/2009|15:41] C:\Program Files\Free Music Zilla
[27/06/2006|16:39] C:\Program Files\GlobalSCAPE
[11/03/2008|22:42] C:\Program Files\GOA
[22/12/2009|18:56] C:\Program Files\Google
[06/12/2008|18:34] C:\Program Files\Gpotato.eu
[03/12/2009|21:10] C:\Program Files\Graphmatica
[05/05/2008|20:32] C:\Program Files\Gravity
[18/01/2008|19:32] C:\Program Files\H-Craft_Demo_v1_2
[27/06/2006|15:30] C:\Program Files\Hewlett-Packard
[04/12/2008|16:40] C:\Program Files\HP
[07/08/2009|12:03] C:\Program Files\HyCam2
[25/11/2008|19:11] C:\Program Files\Illustrate
[28/10/2009|16:38] C:\Program Files\InstallShield Installation Information
[22/06/2006|09:38] C:\Program Files\Intel
[08/01/2010|19:40] C:\Program Files\Internet Explorer
[22/06/2006|09:47] C:\Program Files\ITE
[04/11/2009|08:19] C:\Program Files\Java
[03/08/2009|22:51] C:\Program Files\Justdo Software
[06/03/2008|20:46] C:\Program Files\K-Lite Codec Pack
[16/03/2008|14:12] C:\Program Files\Kong
[17/02/2009|19:53] C:\Program Files\LimeWire
[28/10/2009|16:38] C:\Program Files\Logitech
[25/05/2007|18:29] C:\Program Files\LucasArts
[04/09/2009|22:59] C:\Program Files\ma-config.com
[24/01/2007|13:18] C:\Program Files\Malware-Wiped
[27/06/2009|13:02] C:\Program Files\MarkAny
[22/06/2006|09:46] C:\Program Files\Marvell
[22/12/2006|00:41] C:\Program Files\Media Player Classic
[17/09/2006|08:37] C:\Program Files\Mes Jeux T‚l‚charg‚s
[26/08/2008|17:33] C:\Program Files\Messenger
[26/08/2009|14:51] C:\Program Files\Messenger Plus! Live
[17/12/2008|18:36] C:\Program Files\M‚tronome - Version D‚mo
[02/10/2009|15:56] C:\Program Files\Microsoft
[02/03/2008|01:05] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[30/11/2008|19:59] C:\Program Files\Microsoft Encarta
[22/06/2006|09:16] C:\Program Files\microsoft frontpage
[22/11/2008|17:13] C:\Program Files\Microsoft Games
[08/09/2009|16:35] C:\Program Files\Microsoft Office
[02/10/2009|16:01] C:\Program Files\Microsoft Office Outlook Connector
[10/09/2009|15:37] C:\Program Files\Microsoft Silverlight
[02/03/2008|09:12] C:\Program Files\Microsoft SQL Server Compact Edition
[08/04/2008|16:07] C:\Program Files\Microsoft.NET
[26/08/2008|17:30] C:\Program Files\Movie Maker
[07/01/2010|17:42] C:\Program Files\Mozilla Firefox
[07/08/2009|12:47] C:\Program Files\MSBuild
[08/09/2009|16:34] C:\Program Files\MSECACHE
[23/06/2006|19:43] C:\Program Files\MSN
[22/06/2006|09:12] C:\Program Files\MSN Gaming Zone
[08/01/2010|19:40] C:\Program Files\MSN Messenger
[15/11/2006|21:39] C:\Program Files\MSXML 4.0
[23/02/2008|22:20] C:\Program Files\MX Simulator
[04/09/2009|14:27] C:\Program Files\My Company Name
[26/06/2008|10:46] C:\Program Files\MyDSC2
[02/06/2009|18:28] C:\Program Files\MyMediaRecorder (YouTube & Dailymotion Enabled)
[24/03/2009|20:56] C:\Program Files\NDSROM Player
[26/08/2008|17:27] C:\Program Files\NetMeeting
[16/05/2008|19:24] C:\Program Files\NetProject
[19/08/2006|22:05] C:\Program Files\NovaLogic
[05/09/2009|04:20] C:\Program Files\NVIDIA Corporation
[22/06/2006|09:12] C:\Program Files\Online Services
[20/08/2006|00:02] C:\Program Files\OpenOffice.org 2.0
[04/05/2008|17:47] C:\Program Files\Opera
[21/12/2009|10:58] C:\Program Files\osu!
[14/08/2009|08:34] C:\Program Files\Outlook Express
[28/11/2006|16:11] C:\Program Files\Overland
[05/06/2009|18:33] C:\Program Files\Pando Networks
[30/10/2009|17:45] C:\Program Files\Pcsx2
[19/08/2006|21:37] C:\Program Files\PhotoFiltre
[30/11/2008|17:43] C:\Program Files\Plus!
[01/04/2009|19:49] C:\Program Files\Real
[07/08/2009|12:46] C:\Program Files\Reference Assemblies
[12/05/2008|14:58] C:\Program Files\ReflexiveArcade
[08/01/2010|06:30] C:\Program Files\RomStation
[16/06/2009|18:08] C:\Program Files\Safari
[27/06/2009|13:01] C:\Program Files\Samsung
[13/07/2008|22:40] C:\Program Files\Satsuki Decoder Pack
[13/07/2008|22:40] C:\Program Files\SDPbackup
[22/06/2006|09:14] C:\Program Files\Services en ligne
[14/11/2006|15:55] C:\Program Files\Silkroad
[26/03/2009|17:05] C:\Program Files\Skype
[13/06/2009|12:59] C:\Program Files\Slayers Online
[12/05/2008|15:03] C:\Program Files\Slickball
[14/07/2008|11:04] C:\Program Files\Sun
[18/07/2006|16:42] C:\Program Files\support.com
[04/09/2009|14:54] C:\Program Files\SystemRequirementsLab
[13/04/2008|13:38] C:\Program Files\TaalNet1
[30/05/2009|13:24] C:\Program Files\Teamspeak2_RC2
[22/11/2008|15:09] C:\Program Files\THQ
[12/10/2009|17:55] C:\Program Files\TI Education
[24/11/2009|17:21] C:\Program Files\Trend Micro
[22/06/2006|09:33] C:\Program Files\Uninstall Information
[30/07/2009|04:38] C:\Program Files\Unlocker
[30/01/2008|18:04] C:\Program Files\Valve
[09/06/2009|20:29] C:\Program Files\Veoh Networks
[30/04/2008|01:55] C:\Program Files\Video ActiveX Object
[23/03/2009|17:35] C:\Program Files\VideoLAN
[11/12/2008|20:43] C:\Program Files\Wakfu
[02/10/2009|15:59] C:\Program Files\Windows Live
[02/03/2008|09:11] C:\Program Files\Windows Live Favorites
[13/01/2009|20:37] C:\Program Files\Windows Live SkyDrive
[13/01/2009|20:41] C:\Program Files\Windows Live Toolbar
[07/12/2006|15:30] C:\Program Files\Windows Media Connect 2
[04/09/2009|20:57] C:\Program Files\Windows Media Player
[26/08/2008|17:27] C:\Program Files\Windows NT
[22/06/2006|09:14] C:\Program Files\WindowsUpdate
[16/03/2008|20:53] C:\Program Files\WinRAR
[27/10/2009|14:00] C:\Program Files\World of Warcraft
[22/06/2006|09:16] C:\Program Files\xerox
[22/11/2008|15:22] C:\Program Files\Xfire
[11/03/2008|17:01] C:\Program Files\Yahoo!
[28/03/2007|16:10] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[21/10/2009|17:16] C:\Program Files\Fichiers communs\Adobe
[16/12/2009|21:06] C:\Program Files\Fichiers communs\Adobe AIR
[22/06/2006|09:55] C:\Program Files\Fichiers communs\Ahead
[10/06/2008|14:42] C:\Program Files\Fichiers communs\Apple
[13/05/2009|23:50] C:\Program Files\Fichiers communs\Blizzard Entertainment
[16/09/2006|18:44] C:\Program Files\Fichiers communs\BOONTY Shared
[03/07/2007|16:58] C:\Program Files\Fichiers communs\Creative
[08/04/2008|16:08] C:\Program Files\Fichiers communs\DESIGNER
[05/04/2009|19:10] C:\Program Files\Fichiers communs\DivX Shared
[27/06/2006|15:29] C:\Program Files\Fichiers communs\HP
[22/06/2006|09:50] C:\Program Files\Fichiers communs\InstallShield
[16/09/2006|12:36] C:\Program Files\Fichiers communs\Java
[03/08/2009|22:51] C:\Program Files\Fichiers communs\Justdo
[28/10/2009|16:39] C:\Program Files\Fichiers communs\Logitech
[17/09/2006|08:37] C:\Program Files\Fichiers communs\Macrovision Shared
[08/09/2009|16:35] C:\Program Files\Fichiers communs\Microsoft Shared
[22/06/2006|09:13] C:\Program Files\Fichiers communs\MSSoap
[22/06/2006|16:53] C:\Program Files\Fichiers communs\ODBC
[18/10/2009|10:09] C:\Program Files\Fichiers communs\Real
[22/06/2006|09:13] C:\Program Files\Fichiers communs\Services
[22/06/2006|16:53] C:\Program Files\Fichiers communs\SpeechEngines
[22/03/2008|15:52] C:\Program Files\Fichiers communs\Symantec Shared
[02/10/2009|16:01] C:\Program Files\Fichiers communs\System
[12/10/2009|17:54] C:\Program Files\Fichiers communs\TI Shared
[09/01/2009|18:04] C:\Program Files\Fichiers communs\Windows Live
[02/03/2008|09:09] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[05/09/2009|04:22] C:\Program Files\Fichiers communs\Wise Installation Wizard
[18/10/2009|10:08] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 58 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 22:10:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 44

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:16][D:5]-> C:\DOCUME~1\Zangetsu\LOCALS~1\Temp
[F:16][D:0]-> C:\DOCUME~1\Zangetsu\Cookies
[F:50][D:5]-> C:\DOCUME~1\Zangetsu\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - ven. 08/01/2010|21:04 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - ven. 08/01/2010|22:11 - Option : [2]

--------------------\\ Fin du rapport a 22:11:10
0
Réponse 15 / 22
flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
 
Reposte un nouveau rapport RSIT stp.
0
Réponse 16 / 22
lenoill7931 Messages postés 19 Statut Membre
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Zangetsu at 2010-01-09 12:55:25
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 21 GB (14%) free of 153 GB
Total RAM: 1023 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:33, on 9/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zangetsu\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Zangetsu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\system32\WinUpd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Zangetsu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O22 - SharedTaskScheduler: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdate1c99d09aa69c136) (gupdate1c99d09aa69c136) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 17 / 22
flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
 
Fait ceci :

1->Telecharge Hijackthis puis :

- Ferme toutes tes applications ( navigateur compris ) et déconnecte toi .

Lance Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas cliquer sur les carrés des lignes suivantes :

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\system32\WinUpd.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E}

O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O22 - SharedTaskScheduler: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)

O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - Global Startup: RAID Manager.lnk = ?
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe



Tu cliques en bas sur le bouton FIX CHECKED et valides.

2-•/!\ Utilisateur de Vista : Ne pas oublier de désactiver l’UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac­er-l-uac
Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
https://www.androidworld.fr/
(c est le numéro 7 en bas de la page) :

* Double-clique sur OTMoveIt.exe pour le lancer.
/!\Utilisateur de Vista : Clique droit sur le logo de OtmoveIT, « exécuter en tant qu’Administrateur »
* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

* Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

:processes
explorer.exe
:files
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\BitLord\BitLord.exe
C:\WINDOWS\system32\WinUpd.exe

:services
Boonty Games

:Commands
[emptytemp]
[purity]
[start explorer]
[Reboot]

# clique sur MoveIt! pour lancer la suppression.
# Le résultat apparaitra dans le cadre "Results".
# Clique sur Exit pour fermer.
# Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
# Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
Réponse 18 / 22
lenoill7931 Messages postés 19 Statut Membre
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Program Files\Video ActiveX Object\isamonitor.exe not found.
File/Folder C:\Program Files\NetProject\scit.exe not found.
C:\Program Files\BitLord\BitLord.exe moved successfully.
C:\WINDOWS\system32\WinUpd.exe moved successfully.
========== SERVICES/DRIVERS ==========
Service Boonty Games stopped successfully!
Service Boonty Games deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2476192 bytes
->Google Chrome cache emptied: 9932973 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1476593 bytes

User: ROBERT
->Temporary Internet Files folder emptied: 44735911 bytes

User: Sylvain
->Temp folder emptied: 49092 bytes
->Temporary Internet Files folder emptied: 54008277 bytes
->FireFox cache emptied: 34186594 bytes

User: Zangetsu
->Temp folder emptied: 541205 bytes
->Temporary Internet Files folder emptied: 2837462 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55751491 bytes
->Google Chrome cache emptied: 51096966 bytes
->Apple Safari cache emptied: 32561499 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114937 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 82283 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10963522 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 289,00 mb

OTM by OldTimer - Version 3.1.4.0 log created on 01092010_135305

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4f4.dat not found!

Registry entries deleted on Reboot...
0
Réponse 19 / 22
flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
 
Ok, :

>Telecharge malwarebytes ici :

https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
/!\Utilisateur de Vista : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu’Administrateur »

. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Une fois la mise à jour terminé
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller

Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 20 / 22
lenoill7931 Messages postés 19 Statut Membre
 
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3527
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

9/01/2010 20:20:09
mbam-log-2010-01-09 (20-20-09).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 365726
Temps écoulé: 1 hour(s), 53 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 49

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{035c1836-0d78-dabc-f4a7-d5d0517ee1f9} (Rogue.MalwareWiped) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video ActiveX Object (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\717305 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Zangetsu\Bureau\dossiers\      \pcsx2\plugins\PadSSSPSX-PM.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zangetsu\Mes documents\rom\Pcsx2\plugins\PadSSSPSX.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\Zangetsu\APPLIC~1\DESKTO~1\eBayShortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MSNMES~1\riched20.dll.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\2.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\2.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\2.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\F3SCHMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\3.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\SrchAstt\2.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\SrchAstt\3.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Pcsx2\plugins\PadSSSPSX.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP761\A0342062.rbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP777\A0348832.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360256.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360292.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360257.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360258.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360259.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360269.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360270.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360275.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360276.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360278.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360279.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360280.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360281.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360282.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360283.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360284.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360285.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360286.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360287.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360289.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360290.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D4D554E-43F7-4911-A9F5-299A1A1DA073}\RP797\A0360294.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses