virus de pub quand je navigue Résolu/Fermé

Question

Alors voila, j'ai un virus que je n'est pas réussi à enlevé avec malware bytes,super antispyware et spybot. Le virus est tout simplement des pages publicitaire ou sites autres, qui apparaissent quand je navigue sur google ou autre moteur de recherche. S.V.P m'aider.


Merci de m'aider, et je suis près à éxécuter à la lettre ce que vous me dicterez de faire pour enlever ce virus!

Je vais poster mon log


Voici mon log hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:24:21, on 2010-05-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32	askmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\AYNR6NPI\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\Propriétaire\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\UltimateBet\UltimateBet.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180138593156
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

$levin · Answer

Bonsoir,

Essaye avec le LiveCD de Kaspersky !

metaltribe · Answer

quelqu'un a une autre suggestion svp.

$levin · Answer

Pourquoi?
Cette solution (qui fonctionnera) ne te convient pas?

okay · Answer

Salut, télécharge: 

https://www.commentcamarche.net/telecharger/securite/2547-ad-remover/

éteinds ta box ou déconnecte ton ordi

et fais: Nétoyer

poste le rapport ici, stp

metaltribe666 · Answer

voici le rapport


======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 07/05/10 à 16:50
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:30:57 le 08/05/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP(TM)  Service Pack 3 - X86
Nom du PC: GOYETTE-81777E5
Utilisateur actuel: Propriétaire
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Program Files\PartyGaming

(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\PartyGaming
HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\format.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\GRA.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\allLangVersion.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\account_but_newacocunt.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\allversion.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\bonus-icon.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\but.bmp
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\but_account.bmp
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\but_skin.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\but_skin_account.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\client_bottom.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\client_bottom_right.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\client_gradient.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\client_top.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\connect_screen_bg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\down_arrow.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\down_arrow_o.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\addplaymoney_button.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\aud.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\autospincancel_button.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\autospinoptions_background.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\autospinstart_button.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\balance_strip.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\bottombar_logo_net.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\bottombar_net.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\bottombar_net_big.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\bottombar_net_medium.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\buyin_botbg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\buyin_cancelbutton.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\buyin_cashierbutton.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\buyin_midbg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\buyin_okbutton.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\buyin_topbg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\BuyInConfig.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\cad.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\cashier_button.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\cashout_midbg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\cent_strip.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\chf.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\chips.wav
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\czk.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\dkk.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\eur.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\exit_button.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\format.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\game_topbar_pff.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\gamelogs_button.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\gbp.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\hkd.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\huf.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\ils.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\inr.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\jpy.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\krw.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\myr.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games
ok.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games
zd.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\php.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\pln.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\popup_but_cancel.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\popup_but_ok.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\popup_buyin_but_all.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\popup_buyin_tab.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\PushBut.wav
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\quickdeposit_button.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\gameson.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\gamesur.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\sek.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\sgd.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\skk.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\status_dlg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\sys_icons.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\system_but_close.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\system_but_inactive_close.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\system_but_inactive_minimise.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\system_but_minimise.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games	able_logo_com.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games	able_logo_net.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games	hb.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games	rny_buyin_botbg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games	ry.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games	wd.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\usd.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\version.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\version_button.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\win.wav
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\games\zar.png
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\icon_three.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\icon_ticked.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_account_background.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_account_divider.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_ani_refresh.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_bar_jackpot.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_bar_jackpot_numbers.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_bar_jackpot_numbers.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_bar_jackpot_numbers_small.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_bar_news.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_but_cashout.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_but_deposit.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_but_deposit_large.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_but_options.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_but_redeem.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_but_refresh.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_but_reload_play.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_but_status.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_details_open.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_link_arrow.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\lhn_tab_background.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\loading.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\menu_01_myaccount.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\menu_02_cashier.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\menu_03_news.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\menu_04_rules.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\menu_05_tellfriend.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\menu_06_about.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\menu_07_help.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images
ew-mail-icon.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images
o-mail-icon.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\PartyCasino.ico
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\popup_login_bottom.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\popup_login_top.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\popup_register_bottomleft.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\popup_register_top.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\skin.bmp
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\skin_account.bmp
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\spacer.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\system_but_bets.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\system_but_bingo.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\system_but_cashier.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\system_but_connected.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\system_but_gammon.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\system_but_poker.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\system_but_security.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images	icker_bg.jpg
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\up_arrow.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\up_arrow_o.gif
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\images\version.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\lang_pack_en_US.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\en_US\version.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\language\version.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\lobbyconfig.txt
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\PartyCasino.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\sys.ini
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|c:\program files\partygaming\PartyCasino\version.txt
.
(Orpheline) HKCU,Run - Netlog Music Tool - C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe (Fichier manquant)
(Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
(Orpheline) HKLM,Uninstall - Audio Damage VST plug-ins - C:\WINDOWS\Audio Damage VST plug-ins Uninstaller.exe (Fichier manquant)
(Orpheline) HKLM,Uninstall - KB923789 - C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe (Fichier manquant)
.
============== SCAN ADDITIONNEL ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 12 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 22683 Octet(s)
.
Fin à: 18:40:34, 08/05/2010
.
============== E.O.F - CLEAN[1] ==============

okay · Answer

Dac, télécharge:

https://www.commentcamarche.net/telecharger/securite/16001-navilog1/

et fais recherche

(désactive le tea timer de Spybot dans outils!!!)

metaltribe666 · Answer

le rapport me dit a la fin 

 b]Aucune Infection Navipromo/Egdaccess trouvée[/b]

est ce que mon probleme est reglé 

....

et jai supprimer le program spybot, alors comment désactiver l'option tea timer ?

okay · Answer

pour Spybot, si tu l'as supprimer, PAS de SOUCIS !! 

Télécharge USBFIX sur ton bureau (Merci à El Desaparecido/C_XX) 
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe 
ou ici : 
https://www.ionos.fr/?affiliate_id=77097 

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir 

* Double clic sur le raccourci UsbFix présent sur ton bureau . 
* Choisis l'option : suppréssion(2) 

* Laisse travailler l'outil. 

* Ensuite post le rapport UsbFix.txt qui apparaîtra. 

* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt ) 

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 


* Tuto : http://pagesperso-orange.fr/nostools/tuto_usbfix2.html

metaltribe666 · Answer

voici le rapport

merci


############################## | UsbFix V6.111 |

User : Propriétaire (Administrateurs) # GOYETTE-81777E5
Update on 03/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:55:41 | 2010-05-08
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 30,59 Go (6,52 Go free) [System] # NTFS
D:\ -> Disque fixe local # 43,94 Go (28,48 Go free) [MesFichiers] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM # 6,67 Mo (0 Mo free) [U3 System] # CDFS
I:\ -> Disque amovible # 1,86 Go (16,88 Mo free) # FAT

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-842925246-562591055-725345543-1003 
Supprimé ! D:\Recycler\S-1-5-21-842925246-562591055-725345543-1003 
(!) Non supprimé ! H:\autorun.inf 

################## | Registre |


################## | Mountpoints2 |


################## | Listing des fichiers présent |

[2009-05-11 21:21|--a------|186438] C:\acadminidump.dmp 
[2010-05-08 18:40|--a------|22810] C:\Ad-Report-CLEAN[1].txt 
[2010-05-08 19:13|--a------|2102] C:\Ad-Report-CLEAN[2].txt 
[2007-05-25 17:17|--a------|0] C:\AUTOEXEC.BAT 
[2007-11-25 20:24|-r-hs----|228] C:\boot.ini 
[2006-03-02 08:00|-rahs----|4952] C:\Bootfont.bin 
[2010-05-08 19:36|--a------|849] C:\cleannavi.txt 
[2007-05-25 17:17|--a------|0] C:\CONFIG.SYS 
[2007-05-25 17:17|-rahs----|0] C:\IO.SYS 
[2010-05-06 18:50|--a------|127] C:\mbam-error.txt 
[2010-05-06 16:03|--a------|1105] C:\mbam-log-2010-05-06 (16-02-08).txt 
[2007-05-25 17:17|-rahs----|0] C:\MSDOS.SYS 
[2006-03-02 08:00|-rahs----|47564] C:\NTDETECT.COM 
[2009-10-24 14:12|-rahs----|252240] C:
tldr 
[?|?|?] C:\pagefile.sys 
[2010-05-08 20:05|--a------|1927] C:\UsbFix.txt 
[2009-10-05 18:36|--a------|19456] D:\Alpha-Dimensions.doc 
[2007-05-25 17:25|--ahs----|80] D:\Copie de desktop.ini 
[2010-02-01 21:39|--a------|13312] D:\CV Francis Marquis dessinateur.doc 
[2010-01-27 21:56|--a------|13312] D:\CV Francis Marquis livreur.doc 
[2010-01-24 15:12|--a------|13312] D:\CV Francis Marquis.doc 
[2009-10-24 14:03|--ahs----|164] D:\desktop.ini 
[2009-05-06 22:35|--a------|148473] D:\eat in my hand.cwp 
[2007-10-02 16:58|--a------|255211520] D:\ImageMixer.iso 
[2009-10-24 14:37|--a------|93074728] D:\iTunesSetup.exe 
[2007-11-21 11:32|--a------|128] D:\kevproject.csh 
[2010-05-06 16:03|--a------|1105] D:\mbam-log-2010-05-06 (16-02-08).txt 
[2008-12-26 19:19|--a------|820] D:\Mes dossiers de partage.lnk 
[2009-01-24 17:29|--a------|1042] D:\metaltribe666@hotmail.com Sharing Folders Archive.lnk 
[2008-12-26 18:44|--a------|820] D:\My Sharing Folders.lnk 
[2010-03-27 15:23|--a------|388] D:\plot.log 
[2008-09-16 21:01|--a------|16282] D:\projet cfnt.odt 
[2007-12-30 15:52|--a------|6490] D:\Reason 4.nri 
[2010-05-04 18:08|--a------|313468] D:\Recording May 4 2010 6 08 21 PM.mp3 
[2010-05-04 18:14|--a------|198111] D:\Recording May 4 2010 6 13 54 PM.mp3 
[2010-05-04 18:20|--a------|189752] D:\Recording May 4 2010 6 20 18 PM.mp3 
[2010-05-04 18:20|--a------|122879] D:\Recording May 4 2010 6 20 29 PM.mp3 
[2010-05-04 18:20|--a------|81083] D:\Recording May 4 2010 6 20 39 PM.mp3 
[2010-05-04 18:20|--a------|101145] D:\Recording May 4 2010 6 20 45 PM.mp3 
[2009-11-16 21:50|--a------|79] D:\show desktop.scf 
[2010-04-07 22:18|--a------|412] D:\spider.sav 
[2009-07-23 17:08|--ahs----|5632] D:\Thumbs.db 
[2007-10-23 03:22|-r-------|285] H:\autorun.inf 
[2007-10-23 03:45|-r-------|1336632] H:\LaunchU3.exe 
[2008-03-04 10:59|-r-------|5606296] H:\LaunchPad.zip 
[2010-05-08 18:05|--a------|1351146] I:\song1.bmp 
[2010-05-08 18:07|--a------|1321074] I:\song2.bmp 
[2010-05-08 18:08|--a------|1330054] I:\song3.bmp 
[2010-05-08 18:08|--a------|1324374] I:\song4.bmp 
[2010-05-08 18:09|--a------|1347206] I:\song5.bmp 
[2010-05-08 18:09|--a------|1281386] I:\song6.bmp 
[2010-05-08 18:10|--a------|1343598] I:\song7.bmp 
[2010-05-08 18:11|--a------|1332554] I:\song8.bmp 
[2010-05-08 18:11|--a------|1339878] I:\song9.bmp 
[2010-05-08 18:11|--a------|1339694] I:\song10.bmp 
[2010-05-08 18:12|--a------|1296310] I:\song11.bmp 
[2010-05-08 18:12|--a------|328158] I:\song12.bmp 
[2009-10-05 18:40|--a------|13312] I:\CV Francis Marquis.doc 
[2009-10-13 11:51|--ah-----|198] I:\projet commercial.dwl2 
[2009-10-13 11:51|--ah-----|48] I:\projet commercial.dwl 
[2009-11-04 11:08|--a------|273428] I:\acad.CUIX 
[2009-04-16 11:04|--ah-----|196] I:\PLAN MULTI POUCE FRANK LALAdwg.dwl2 
[2009-04-16 11:04|--ah-----|46] I:\PLAN MULTI POUCE FRANK LALAdwg.dwl 
[2009-06-01 09:57|---h-----|11264] I:\G.cdc 

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). 
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). 
# I:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). 

################## | Upload | 

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_GOYETTE-81777E5.zip : https://www.ionos.fr/?affiliate_id=77097 
Merci pour votre contribution .  

################## | ! Fin du rapport # UsbFix V6.111 ! |

okay · Answer

De rien, 

Vérifie que tu as la version: 1.46 dans à propos de Malwarbyte's 

si oui, fais la mise à jour et un scan COMPLET !! 

à la fin du scan complet, si il y'a détection, 

supprime la sélections(important)

poste le rapport ici, stp

okay · Answer

avec VIRUS TOTAL, 

cherche: H:\autorun.inf 

https://www.virustotal.com/gui/

fais une analyse

metaltribe666 · Answer

voici le rapport de malwarebytes

je vais ensuite faire l'autre étape que tu ma dit

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4079

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-05-08 21:09:45
mbam-log-2010-05-08 (21-09-45).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|H:\|I:\|)
Elément(s) analysé(s): 217459
Temps écoulé: 46 minute(s), 36 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

metaltribe666 · Answer

virus auto-run rapport

Le fichier a déjà été analysé:
MD5: 783bd2606b6887c24680d4a0c2a5c9d8 
First received: 2009.06.24 16:23:49 UTC 
Date 2009.06.24 16:23:49 UTC [>318D] 
Résultats 0/41 
Permalink: analisis/bf22b1d9aafb4801a6d8e6213e73ec7b70eec5d547f13dff926a71a1cf8fc90a-1245860629 


Fichier autorun.inf reçu le 2009.06.24 16:23:49 (UTC)
Situation actuelle: terminé 

Résultat: 0/41 (0.00%)
 Formaté Impression des résultats  Antivirus Version Dernière mise à jour Résultat 
a-squared 4.5.0.18 2009.06.24 - 
AhnLab-V3 5.0.0.2 2009.06.24 - 
AntiVir 7.9.0.196 2009.06.24 - 
Antiy-AVL 2.0.3.1 2009.06.24 - 
Authentium 5.1.2.4 2009.06.24 - 
Avast 4.8.1335.0 2009.06.24 - 
AVG 8.5.0.339 2009.06.24 - 
BitDefender 7.2 2009.06.24 - 
CAT-QuickHeal 10.00 2009.06.22 - 
ClamAV 0.94.1 2009.06.24 - 
Comodo 1404 2009.06.24 - 
DrWeb 5.0.0.12182 2009.06.24 - 
eSafe 7.0.17.0 2009.06.24 - 
eTrust-Vet 31.6.6577 2009.06.24 - 
F-Prot 4.4.4.56 2009.06.24 - 
F-Secure 8.0.14470.0 2009.06.24 - 
Fortinet 3.117.0.0 2009.06.24 - 
GData 19 2009.06.24 - 
Ikarus T3.1.1.59.0 2009.06.24 - 
Jiangmin 11.0.706 2009.06.24 - 
K7AntiVirus 7.10.768 2009.06.19 - 
Kaspersky 7.0.0.125 2009.06.24 - 
McAfee 5655 2009.06.23 - 
McAfee+Artemis 5655 2009.06.23 - 
McAfee-GW-Edition 6.7.6 2009.06.24 - 
Microsoft 1.4803 2009.06.24 - 
NOD32 4185 2009.06.24 - 
Norman 6.01.09 2009.06.23 - 
nProtect 2009.1.8.0 2009.06.24 - 
Panda 10.0.0.16 2009.06.24 - 
PCTools 4.4.2.0 2009.06.24 - 
Prevx 3.0 2009.06.24 - 
Rising 21.35.24.00 2009.06.24 - 
Sophos 4.42.0 2009.06.24 - 
Sunbelt 3.2.1858.2 2009.06.24 - 
Symantec 1.4.4.12 2009.06.24 - 
TheHacker 6.3.4.3.353 2009.06.24 - 
TrendMicro 8.950.0.1094 2009.06.24 - 
VBA32 3.12.10.7 2009.06.24 - 
ViRobot 2009.6.24.1802 2009.06.24 - 
VirusBuster 4.6.5.0 2009.06.24 - 
Information additionnelle 
File size: 285 bytes 
MD5   : 783bd2606b6887c24680d4a0c2a5c9d8 
SHA1  : 4b4f91ee5faa722c5e7cb0449456f9c1fffdd525 
SHA256: bf22b1d9aafb4801a6d8e6213e73ec7b70eec5d547f13dff926a71a1cf8fc90a 
TrID  : File type identification
Generic INI configuration (100.0%) 
ssdeep: 6:F9VNmoNw/Wj5fzZE+NWlvEdjwvtkY/fO2BKkOXL0lbyH3nXTHe:VNmoNwedrZ9NWew1kYemKkOXglmH3DHe 
PEiD  : - 
RDS   : NSRL Reference Data Set
 
le probleme de pub semble toujours la ...

metaltribe666 · Answer

il y a t'il d'autres choses a faire???

metaltribe666 · Answer

et je te remerci , jai résolu mon probleme avec le program ''combofix'' mais je dit a quiquonque voulant essayer d'utiliser ce programme detre tres vigilant car il est dangeureu, si quelqu'un a le meme probleme que moi et veut l'utiliser, veuiller m'écrire, je vous expliquerai les marche a suivre. 

Merci encore ''okay'' pour l'aide que tu ma fourni! :)

dédétraqué · Answer

Salut metaltribe666


Exact, Combofix n'est pas a utiliser autre que sur la supervision d'un helper formé pour l'outil.

Poste ton rapport C:\Combofix.txt pour vérification


@++  :)

metaltribe666 · Answer

voici mon rapport, depuis cette opération , tout semble ok sur mon Pc. Merci de me confirmé que toute est correct  .

Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Propriétaire\Application Data\Microsoft\~DFK90cd938.tmp
c:\windows\system32\Chip.dll
c:\windows\system32\Pvt.tmp

Une copie infectée de c:\windows\system32\drivers
etbt.sys a été trouvée et désinfectée 
Copie restaurée à partir de - Kitty had a snack :p 
.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-04-09 au 2010-05-09  ))))))))))))))))))))))))))))))))))))
.

2010-05-09 00:05 . 2010-05-09 00:05	2194	----a-w-	C:\UsbFix_Upload_Me_GOYETTE-81777E5.zip
2010-05-08 23:52 . 2010-05-09 00:05	--------	d-----w-	C:\UsbFix
2010-05-08 23:34 . 2010-05-08 23:36	--------	d---a-w-	C:\Navilog1
2010-05-08 22:30 . 2010-05-08 23:13	--------	d-----w-	C:\Ad-Remover
2010-05-07 21:04 . 2010-05-08 18:54	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-05-07 21:04 . 2010-05-08 18:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-07 17:55 . 2010-05-07 17:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-07 17:54 . 2010-05-09 02:05	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-05-07 03:57 . 2010-05-07 03:57	--------	d-----r-	c:\documents and settings\NetworkService\Favoris
2010-05-06 22:47 . 2006-11-11 03:43	933536	----a-r-	c:\windows\system32\drivers\LV302V32.SYS
2010-05-04 22:04 . 2010-05-04 22:24	--------	d-----w-	c:\program files\MP3MyMP3 3.0

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 00:21 . 2010-01-15 22:38	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-06 22:49 . 2010-05-06 22:49	6153352	----a-w-	c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-06 22:43 . 2010-05-06 02:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\avg9
2010-05-06 20:55 . 2010-05-06 20:55	--------	d-----w-	c:\documents and settings\Administrateur\Application Data\Malwarebytes
2010-05-06 01:42 . 2009-10-24 18:48	--------	d-----w-	c:\program files\Bonjour
2010-04-29 19:39 . 2010-01-15 22:44	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-01-15 22:44	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-03-16 21:22 . 2006-03-02 12:00	80856	----a-w-	c:\windows\system32\perfc00C.dat
2010-03-16 21:22 . 2006-03-02 12:00	500786	----a-w-	c:\windows\system32\perfh00C.dat
2010-03-10 06:16 . 2006-03-02 12:00	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2006-03-02 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-02 12:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2006-03-02 12:00	2148352	----a-w-	c:\windows\system32
toskrnl.exe
2010-02-16 19:06 . 2004-08-19 16:04	2026496	----a-w-	c:\windows\system32
tkrnlpa.exe
2010-02-12 04:34 . 2006-03-02 12:00	100864	----a-w-	c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-03-02 12:00	226880	----a-w-	c:\windows\system32\drivers	cpip6.sys
2004-10-01 19:00 . 2007-05-25 21:40	40960	----a-w-	c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-18 1228800]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"D-Link AirPlus XtremeG"="c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 1011712]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-16 746520]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-11-16 244512]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-07-12 1397760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 16049664]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"FIREBOX"="c:\program files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe" [2005-01-28 1003520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\documents and settings\Propri'taire\Menu D'marrer\Programmes\D'marrage\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
Notification de cadeaux MSN.lnk - c:\documents and settings\Propri'taire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-10-26 135680]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Azureus\Azureus.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\iTunes\iTunes.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"=
"c:\Program Files\LimeWire\LimeWire.exe"=

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2007-10-16 19478]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2007-10-16 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2007-10-16 431236]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-03-22 450400]
R3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [2007-07-25 97152]
R3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [2007-07-25 24576]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2007-10-16 64093]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-12-30 715248]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
.
.
------- Associations de fichier -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-SoundMan - SOUNDMAN.EXE
AddRemove-PreSonus 1394 Audio Driver V1.20.0 (FIREBox) Setup - c:\program files\PreSonus\1394AudioDriver_FIREBox\uninst.exe Software\PreSonus\1394AudioDriver_FIREBox\Setup



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 23:12
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-842925246-562591055-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9C475300-C14D-F15E-6EE2-0F4151FF198B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oacigmdgdchlpajgdapbnmnjhhdlaa"=hex:62,61,6a,6a,00,8f
"oaocbolbcakcpgijelaidakmpgalli"=hex:6b,61,62,67,65,6f,62,6f,66,62,6b,6e,6f,64,
   6a,61,62,65,67,6b,6e,63,00,00
"naechejdclflmcfnfckoemknpafd"=hex:6a,61,63,67,67,6f,65,65,6b,68,6a,61,61,65,
   6b,64,65,68,62,64,00,fd
.
Heure de fin: 2010-05-08  23:19:23
ComboFix-quarantined-files.txt  2010-05-09 03:19

Avant-CF: 6 903 767 040 octets libres
Après-CF: 6 998 466 560 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP  dition familiale" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - B5721EF2B71D893F3C03E4C570160BC8

dédétraqué · Answer

Salut metaltribe666 


OK cela est bon, je te donne quelques consignes de sécurité :

-  Windows Update  parfaitement à jour http://www.windowsupdate.com/windowsupdate/v6/default.aspx (catégories critique, Services Pack et Services Release)
- pare-feu bien paramétré, je te conseil ZoneAlarm : 
https://www.malekal.com/tutoriel-zonealarm-firewall/
- antivirus bien paramétré et mis à jour régulièrement (quotidiennement s'il le faut) avec un scan complet régulier (journalier s'il le faut).
- une attitude prudente vis à vis de la navigation (pas de sites douteux : cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scannés avant d'être ouverts)
- pas de téléchargement illégal, qui est le principal facteur d'infection (µTorrent, BitTorrent, eMule, Limewire, etc..)   https://forum.malekal.com/viewtopic.php?t=893&start=
- une attitude vigilante (être à l'affût d'un fonctionnement inhabituel de son système)
- nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defrag)
- scan hebdomadaire antispyware, je conseil MalwareByte's Anti-Malware :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
- un contrôle régulier de la console JAVA pour s'assurer qu'elle est à jour :
https://www.java.com/en/download/uninstalltool.jsp 
- faire régulièrement un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités :
https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/


De bonne lecture si tu veux en savoir plus sur la sécurité et le fonctionnement de Windows :
http://www.malekal.com/menu_windows_general.php
http://www.malekal.com/menu_windows_securite.php

Si tu considères ton problème comme résolu, tu pourras mettre en résolu :
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/

Bonne journée/soirée et bon surf   


@++  :)

okay · Answer

Re-salut, 

télécharge: 

https://www.commentcamarche.net/telecharger/securite/19879-secunia-personal-software-inspector/

mets le en mode avancer (en haut à droite) 

et fais une analyse

regarde dans: Vulnérable, en face de chaque logiciels, 

tu as un lien, clic dessus pour faire la mise à jour 

tu feras pareille pour fin de vie

metaltribe666 · Answer

dac ! cest fait, merci a vous tous pour votre aide. Je suis tres content que mon Pc soit de nouveau fonctionnel  :)

okay · Answer

Re- 

de rien, 

utilise ceci pour désinstaller les logiciels utilisé:

https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

tu fais recherche(attends 4/5minutes)

puis: suppréssion(attends)

ensuite quitter et tu peux le désinstaller 



et je te conseille de faire un peux de ménage avec

Télécharge: Ccleaner: 

https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/ 

clic sur: option/avancer: décoche,éffacer uniquement les fichier temporaire de Windows datant de plus de 24heures 

dans Parametre/effacement:mets toi sur:effacement secusé(lent) 

en dessous cherche: Gutmann(35passages) 

coche toutes les cases dans:Lecteur 

coche aussi en dessous:netoyer l'espace libre: MFT 

dans: Netoyeur, coche: Cache dns et Vieille données prefecth 

Ensuite,tu te mets sur: NETOYEUR et fais une Analyse puis Nétoyer(clic ok) 

Dans:Registre,Clic sur: chercher les érreurs puis corriger les erreurs sélectionnées(sauvegarde)

Voili-voilà, tu peux mettre en résolu !

Virus de pub quand je navigue

21 réponses

Discussions similaires

Newsletters