Virus publicitaire

Résolu
Dage1971 -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
a vous tous, je crois avoir un virus sur mon ordinateur. A chaque ou presque, que j’ouvre une page internet, une autre page de publicité s’ouvre aussi. J’ai fais plusieurs scan avec Ad-aware, spybot, Ccleaner et ils n’ont pas réglés le problème…Mon ordinateur est neuf et j’aimerais qu’il soit sans problème, quelqu’un peu m’aider svp….
Configuration: Windows Vista
Firefox 3.0

16 réponses

Résumé de la discussion

Un utilisateur signale une infection qui ouvre des pages publicitaires à chaque navigation, malgré des scans répétés avec Ad-aware, Spybot et CCleaner sur Windows Vista et Firefox 3. La meilleure intervention préconisée consiste à lancer Navilog et Navipromo, puis à réaliser une désinfection guidée par les rapports et à poster les résultats pour analyse avant toute suppression. En cas de doute, l'approche prévoit une seconde passe de nettoyage avec NaviPromo, Catchme et GenericNaviSearch, suppression sécurisée avec sauvegardes, nettoyage des fichiers temporaires et sauvegarde du registre, puis redémarrage supervisé. Des alertes NaviPromo peuvent indiquer des fichiers légitimes et nécessitent une vérification approfondie avant toute suppression, afin d'éviter des désinfections incorrectes et des perturbations système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    *Télécharger Catchme de Gmer http://www2.gmer.net/catchme.php sur le bureau :
    *Double cliquer sur le fichier catchme.exe pour lancer l'utilitaire.
    *Cliquer sur Scan, Une fenêtre DOS s'ouvrira pour commencer l'analyse.
    *Attendre jusqu'au message « scan completed successfully », puis fermer la fenêtre.
    *Un fichier catchme.log est alors créé sur le bureau contenant le résultat de l'analyse.
    *Poster ce rapport.
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      salut boy 94450, voici le reapport

      catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
      http://www.gmer.net

      scanning hidden processes ...

      ? [460]

      scanning hidden services ...

      scanning hidden autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      LXCRCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

      scanning hidden files ...


      scan completed successfully
      hidden processes: 1
      hidden services: 0
      hidden files: 0
      0
    2. Utilisateur anonyme > dage1971 Messages postés 67 Statut Membre
       
      # 1. Désactiver la Restauration du système

      * Cliquez sur le bouton Démarrer.
      * Faites un clic droit de la souris sur Poste de travail puis cliquez sur Propriétés.
      * Dans l'onglet Restauration du système : sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs. (Ne pas oublier de la réactiver à la fin de la manip.)

      # 2.Afficher les dossiers système et fichiers cachés :

      * Ouvrir le Poste de travail :
      * Menu : Outils => Options des dossiers
      * Affichage => zone Paramètres avancés
      * Cochez : Afficher le contenu des dossiers système
      * Cochez : Afficher les fichiers et dossiers cachés
      * Décochez : Masquer les extensions des fichiers dont le type est connu
      * Décochez : Masquer les fichiers protégés du système d'exploitation (recommandé)
      * Répondre Oui au message d'alerte
      * Cliquez sur Appliquer à tous les dossiers
      * Cliquez sur OK

      # 3. Après le redémarrage du PC, téléchargez Killbox sur le Bureau.
      http://www.downloads.subratam.org/KillBox.exe

      * Double-cliquez sur KillBox.exe.
      * Copiez liste des fichiers infectés trouvés par Catchme (sélectionnez tout avec la souris, clic-droit et "Copier").
      * Sélectionnez delete on reboot
      * Cliquez sur le menu File puis Past from clip board
      * Cliquez sur All Files
      * Cliquez sur la croix rouge et blanche
      * Répondez yes et laisser redémarrer le PC.
      * Refaire un nouveau rapport avec Catchme pour s’assurer que l’infection a bien était neutralisée.
      0
    3. dage1971 Messages postés 67 Statut Membre > Utilisateur anonyme
       
      je fonctionne avec vista, poste travail pour moi est ordinateur. mais je ne trouve pas l'endroit ou désactivé point de restauration ...
      0
    4. Utilisateur anonyme > dage1971 Messages postés 67 Statut Membre
       
      * Cliquez sur le bouton Démarrer.
      * Faites un clic droit de la souris sur Poste de travail puis cliquez sur Propriétés.
      * Dans l'onglet Restauration du système : sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs. (Ne pas oublier de la réactiver à la fin de la manip.)
      0
  2. Utilisateur anonyme
     
    Re alors désinstalle tous tes logiciel de sécurité. Et installe AntiVir,Malwarebytes Anti-Malware,Ccleaner et active le pare-feu XP.

    AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
    Tutoriel AntiVir: https://www.malekal.com/avira-free-security-antivirus-gratuit/

    Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

    Ccleaner: https://www.01net.com/outils/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/tele32599.html
    Tutoriel Ccleaner: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php (Tu l'installe sans la bare d'outil Yahoo)

    PS: TU LES INSTALLES SEULEMENT ET TU NE FAIS PAS D'ANALYSE. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE.
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      tu veux que J,enleve avast, Ad-aware CCleaner j'ai deja...
      0
    2. Utilisateur anonyme > dage1971 Messages postés 67 Statut Membre
       
      Oui stp
      0
    3. dage1971 Messages postés 67 Statut Membre > Utilisateur anonyme
       
      pendant le téléchargement de antivir, je veux savoir dans les options de dossier est ce que je refais l'inverse de ce que tu m'as demandé tantot...et est ce que j'enleve navilog

      Il y a encore une fenetre publicitaire qui vient de s'ouvrir, lorsque j'ai ouvert mon émeil
      0
    4. dage1971 Messages postés 67 Statut Membre > Utilisateur anonyme
       
      tout est fais....logiciel mis a jour et maintenant???
      0
    5. dage1971 Messages postés 67 Statut Membre > Utilisateur anonyme
       
      Encore une putain de fenetre publicitaire
      0
  3. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    1)- Avec connexion au Net en service,
    Télécharge la version finale de Hijackthis (Trend Secure) ==> HijackThis™ 2.0 .2 < http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download > avec un installeur. Sur la page, choisis « Download HijackThis Installer » et enregistre-le sur le bureau. Tu dois voir une nouvelle icône « HJTInstall.exe » sur le bureau.

    2)- Installation : clic-droit sur l’ icône « HJTInstall.exe » présente sur ton bureau et choisis : "Exécuter en tant qu'administrateur" dans le menu déroulant qui s'affiche.
    - Ensuite, clic sur « Exécuter », puis sur « Install ».
    - Accepte la licence en cliquant sur le bouton "I Accept"
    - Le programme s’installe de lui-même dans un dossier dédié.
    - Par défaut, il s'installera en C:\Program Files\Trend Micro\HijackThis
    - Et un raccourci pour lancer l’analyse apparaît sur le bureau.

    Note: Comme cette version est appelée à rester sur le PC, faire un clic-droit sur HJTInstall.exe > Propriétés > Onglet compatibilité > coche la case "Exécuter en tant qu'administrateur" en bas .
    - Cette solution pérennise le choix qui peut être obtenu de manière provisoire par « clic-droit sur l'icône de raccourci/Exécuter en tant qu'administrateur» dans le menu contextuel.

    3)Analyse :
    •-Important à faire en priorité si tu possèdes le logiciel Spybot S&D > Désactive le Tea Timer de Spybot en passant par les options de Spybot: il faut une fois dans le logiciel il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Tea Timer" .
    - Tu ne dois plus voir l'icône du Tea Timer dans la barre de tâches (Systray près de l’horloge)!

    •-Arrête tous les programmes en cours et ferme toutes les fenêtres.
    •- Puis, double-clic sur le raccourci HJT créé sur le bureau, et clic sur "Do a system scan and save a logfile" pour lancer l'analyse.
    - À la fin du scan le bloc-notes va s'ouvrir sur le bureau
    - Tu fais un copier/coller de tout son contenu.
    - Et tu le postes sur le forum.
    - Il sera enregistré dans le dossier C:\Program Files\Trend Micro\HijackThis, sous hijackthis.log.
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      Salut , est ce que je fais quand meme, ce que Boy m'a demandé et regarde le message que je lui ai laissé, j'ai un virus qui apparait lorsque je télécharge Navilog
      0
    2. dage1971 Messages postés 67 Statut Membre
       
      Comment fait 'on pour savoir si vous etes en ligne ou non....on a 6 heures de décalage, je suis au Québec, moi...
      0
    3. dage1971 Messages postés 67 Statut Membre
       
      je ne peux pas cocher la case exécuter ce programme en tant qu'administrateur
      0
    4. dage1971 Messages postés 67 Statut Membre
       
      je n'ai pas pu cocher la case exécuter ce programme en tant qu'administrateur, alors j'ai fais clic droit sur le raccourci et exécuté en tant qu'administrateur et voici le rapport:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:16:33, on 2008-05-31
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\hp\support\hpsysdrv.exe
      C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
      C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
      C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
      C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
      C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
      C:\Program Files\Lexmark 2400 Series\ezprint.exe
      C:\Program Files\Portrait Displays\Pivot Software\floater.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
      C:\Windows\ehome\ehtray.exe
      C:\Windows\Speech\Common\sapisvr.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\ehome\ehmsas.exe
      C:\PROGRA~1\Webshots\webshots.scr
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\hp\kbd\kbd.exe
      C:\Windows\explorer.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=desktop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.qc.ca/?icid=desktop
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
      O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
      O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
      O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
      O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
      O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [CHIN LESS] "C:\ProgramData\locks idle idle.9tn8uf"
      O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\jump plus pile.cz9paup"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-ca.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O18 - Protocol: bw+0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
      O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
  4. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    fais ce que je demande.

    poste le rapport de Hijackthis.

    Pour navilog, c'est un faux positif. On verra plus tard si on a besoin de navilog.
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      ok merci je le fais la
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    je suis sur le forum très souvent jusqu'à 19 h (heure du Québec) et un peu vers 1h 2h (heure du Québec)

    Télécharge Lop S&D ici :

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    Double-clique dessus pour lancer l'installation

    Puis double-clique [b]sur le raccourci Lop S&D/b présent sur ton bureau

    Séléctionne la langue souhaitée , puis choisis [b]l'Option 1/b ( Recherche )

    Patiente jusqu'à la fin du scan

    Poste le rapport généré ( C:lopR.txt )

    ( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier ,
    Nouvelle tâche , tape explorer.exe et valide )
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      -----------------------[ Lop S&D 4.2.1-1 XP/Vista ]---------------------

      [ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
      [ USER : David ] [ "C:\Lop SD" ] [ Selection : 1 ]
      [ 2008-05-31 | 14:59:12,82 ] [ PC : PC-DE-DAVID ]
      [ MAJ : 31-05-2008 | 14:12 ]
      [ UAC => 0 ]

      -------------[ Listing des dossiers dans Application Data ]------------


      [2008-05-06|00:56] C:\Users\David\AppData\Roaming\ACD Systems\ACDSee

      [2008-05-06|22:59] C:\Users\David\AppData\Roaming\Adobe\Flash Player
      [2008-05-06|13:18] C:\Users\David\AppData\Roaming\Adobe\Linguistics
      [2008-05-06|13:17] C:\Users\David\AppData\Roaming\Adobe\Acrobat


      [2008-05-28|23:47] C:\Users\David\AppData\Roaming\Apple Computer\iTunes

      [2008-05-06|19:03] C:\Users\David\AppData\Roaming\ArcSoft\ArcRegister
      [2008-05-06|19:03] C:\Users\David\AppData\Roaming\ArcSoft\PhotoImpression

      [2008-05-05|16:27] C:\Users\David\AppData\Roaming\CyberLink\MediaCache
      [2008-05-05|16:27] C:\Users\David\AppData\Roaming\CyberLink\PowerStarter

      [2008-05-06|12:43] C:\Users\David\AppData\Roaming\DisplayTune\1.0.0.1
      [2008-05-06|12:43] C:\Users\David\AppData\Roaming\DisplayTune\HPW

      [2008-05-15|02:24] C:\Users\David\AppData\Roaming\Google\GoogleEarth

      [2008-05-05|12:07] C:\Users\David\AppData\Roaming\Hewlett-Packard\HP Software UI

      [2008-05-05|16:07] C:\Users\David\AppData\Roaming\Identities\{BE248EB0-3A32-4C1D-9375-3668D384EF06}

      [2008-05-25|21:45] C:\Users\David\AppData\Roaming\LimeWire\xml
      [2008-05-25|21:01] C:\Users\David\AppData\Roaming\LimeWire\.NetworkShare
      [2008-05-05|18:05] C:\Users\David\AppData\Roaming\LimeWire\.AppSpecialShare
      [2008-05-05|18:05] C:\Users\David\AppData\Roaming\LimeWire\themes

      [2008-05-21|22:41] C:\Users\David\AppData\Roaming\Macromedia\Flash Player

      [2008-05-29|14:27] C:\Users\David\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware


      [2008-05-31|02:50] C:\Users\David\AppData\Roaming\Microsoft\MSN Messenger
      [2008-05-30|18:29] C:\Users\David\AppData\Roaming\Microsoft\Word
      [2008-05-30|16:05] C:\Users\David\AppData\Roaming\Microsoft\Templates
      [2008-05-28|00:21] C:\Users\David\AppData\Roaming\Microsoft\eHome
      [2008-05-21|20:36] C:\Users\David\AppData\Roaming\Microsoft\MMC
      [2008-05-21|18:18] C:\Users\David\AppData\Roaming\Microsoft\Speech
      [2008-05-11|12:05] C:\Users\David\AppData\Roaming\Microsoft\UProof
      [2008-05-07|21:49] C:\Users\David\AppData\Roaming\Microsoft\Office
      [2008-05-07|21:49] C:\Users\David\AppData\Roaming\Microsoft\Outlook
      [2008-05-07|15:51] C:\Users\David\AppData\Roaming\Microsoft\OIS
      [2008-05-06|12:51] C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer
      [2008-05-06|12:37] C:\Users\David\AppData\Roaming\Microsoft\Installer
      [2008-05-06|11:03] C:\Users\David\AppData\Roaming\Microsoft\Crypto
      [2008-05-06|10:59] C:\Users\David\AppData\Roaming\Microsoft\WLTB Custom Buttons
      [2008-05-06|10:59] C:\Users\David\AppData\Roaming\Microsoft\MSNLiveFav
      [2008-05-06|10:43] C:\Users\David\AppData\Roaming\Microsoft\IdentityCRL
      [2008-05-06|00:31] C:\Users\David\AppData\Roaming\Microsoft\Network
      [2008-05-05|22:16] C:\Users\David\AppData\Roaming\Microsoft\Proof
      [2008-05-05|22:14] C:\Users\David\AppData\Roaming\Microsoft\Windows
      [2008-05-05|20:57] C:\Users\David\AppData\Roaming\Microsoft\Document Building Blocks
      [2008-05-05|20:57] C:\Users\David\AppData\Roaming\Microsoft\AddIns
      [2008-05-05|16:56] C:\Users\David\AppData\Roaming\Microsoft\HTML Help
      [2008-05-05|16:07] C:\Users\David\AppData\Roaming\Microsoft\Protect
      [2008-05-05|12:07] C:\Users\David\AppData\Roaming\Microsoft\CLR Security Config
      [2008-05-05|12:06] C:\Users\David\AppData\Roaming\Microsoft\SystemCertificates
      [2008-05-05|12:05] C:\Users\David\AppData\Roaming\Microsoft\Credentials

      [2008-05-09|22:22] C:\Users\David\AppData\Roaming\Mozilla\Extensions
      [2008-05-09|22:17] C:\Users\David\AppData\Roaming\Mozilla\Firefox

      [2008-05-13|22:39] C:\Users\David\AppData\Roaming\Nero\Nero8

      [2008-05-05|17:17] C:\Users\David\AppData\Roaming\Symantec\NPMDataStore

      [2008-05-06|21:13] C:\Users\David\AppData\Roaming\Talkback\MozillaOrg

      [2008-05-05|17:45] C:\Users\David\AppData\Roaming\TuneUp Software\TuneUp Utilities


      [2008-05-05|17:44] C:\Users\David\AppData\Roaming\Webshots\The Webshots Desktop

      [2008-05-27|23:28] C:\Users\David\AppData\Roaming\WinBatch\Settings

      [2008-05-06|04:38] C:\Users\David\AppData\Roaming\Yahoo!\Companion

      ----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

      [2008-05-28 11:40][--a------] C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
      [2008-05-06 10:44][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
      [2008-05-31 06:10][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{1D362B60-170B-41D9-8C99-219CEF2F751F}.job
      [2008-05-30 17:15][--a------] C:\Windows\tasks\1-Click Maintenance.job
      [2008-05-31 12:33][--ah-----] C:\Windows\tasks\SA.DAT
      [2008-05-31 12:32][--a------] C:\Windows\tasks\SCHEDLGU.TXT

      ------[ Listing des dossiers dans C:\ProgramData ]------

      [2008-05-05|17:05] C:\ProgramData\ACD Systems
      [2008-05-06|13:56] C:\ProgramData\Adobe
      [2008-05-11|21:32] C:\ProgramData\Apple
      [2008-05-14|10:35] C:\ProgramData\Apple Computer
      [2006-11-02|09:02] C:\ProgramData\Application Data
      [2008-05-29|14:34] C:\ProgramData\Avira
      [2008-05-05|12:02] C:\ProgramData\Bureau
      [2008-05-05|16:27] C:\ProgramData\CyberLink
      [2006-11-02|09:02] C:\ProgramData\Desktop
      [2006-11-02|09:02] C:\ProgramData\Documents
      [2008-05-05|18:20] C:\ProgramData\DVD Shrink
      [2008-05-05|12:02] C:\ProgramData\Favoris
      [2006-11-02|09:02] C:\ProgramData\Favorites
      [2008-05-31|13:46] C:\ProgramData\Google
      [2008-05-31|14:46] C:\ProgramData\Google Updater
      [2008-05-05|12:06] C:\ProgramData\Hewlett-Packard
      [2008-05-29|21:40] C:\ProgramData\Hold Trust Amok Mode
      [2008-02-26|03:55] C:\ProgramData\HP
      [2008-02-26|03:55] C:\ProgramData\hpzinstall.log
      [2008-05-29|21:40] C:\ProgramData\jump plus pile.cz9paup
      [2008-05-29|14:24] C:\ProgramData\Lavasoft
      [2008-05-05|21:47] C:\ProgramData\LightScribe
      [2008-05-07|15:22] C:\ProgramData\locks idle idle.2zbpp
      [2008-05-29|21:39] C:\ProgramData\locks idle idle.9tn8uf
      [2008-05-29|21:39] C:\ProgramData\locks idle idle.o3yqx
      [2008-05-06|12:31] C:\ProgramData\Logitech
      [2008-05-05|17:09] C:\ProgramData\LuUninstall.LiveUpdate
      [2008-05-29|14:26] C:\ProgramData\Malwarebytes
      [2008-05-05|12:02] C:\ProgramData\Menu D‚marrer
      [2008-05-07|15:28] C:\ProgramData\Messenger Plus!
      [2008-05-05|18:16] C:\ProgramData\Microsoft
      [2008-05-14|03:01] C:\ProgramData\Microsoft Help
      [2008-05-05|12:02] C:\ProgramData\ModŠles
      [2008-02-26|04:04] C:\ProgramData\muvee Technologies
      [2008-05-29|21:40] C:\ProgramData\name mp3 hold
      [2008-05-05|21:39] C:\ProgramData\Nero
      [2008-05-05|16:08] C:\ProgramData\NVIDIA
      [2008-02-26|04:09] C:\ProgramData\PC-Doctor
      [2008-05-21|00:30] C:\ProgramData\Spybot - Search & Destroy
      [2006-11-02|09:02] C:\ProgramData\Start Menu
      [2008-05-05|17:16] C:\ProgramData\Symantec
      [2008-05-05|18:02] C:\ProgramData\TEMP
      [2006-11-02|09:02] C:\ProgramData\Templates
      [2008-05-05|17:45] C:\ProgramData\TuneUp Software
      [2008-05-31|13:34] C:\ProgramData\WindowsSearch
      [2008-05-06|10:35] C:\ProgramData\WLInstaller

      ---------------[ Listing des dossiers dans C:\Program Files ]--------------

      [2008-05-05|17:04] C:\Program Files\ACD Systems
      [2008-05-06|13:56] C:\Program Files\Adobe
      [2008-05-05|16:50] C:\Program Files\Alwil Software
      [2008-05-14|10:20] C:\Program Files\Apple Software Update
      [2008-05-06|13:09] C:\Program Files\ArcSoft
      [2008-05-29|14:34] C:\Program Files\Avira
      [2008-02-26|04:10] C:\Program Files\AWS
      [2008-05-11|21:34] C:\Program Files\Bonjour
      [2008-05-05|17:21] C:\Program Files\CCleaner
      [2008-05-07|15:21] C:\Program Files\Circle Developement
      [2008-05-08|13:18] C:\Program Files\CodeStuff
      [2008-05-11|21:32] C:\Program Files\Common Files
      [2008-02-26|03:42] C:\Program Files\CONEXANT
      [2008-02-26|04:03] C:\Program Files\CyberLink
      [2008-01-20|22:43] C:\Program Files\desktop.ini
      [2008-05-05|18:20] C:\Program Files\DVD Shrink
      [2008-05-05|18:23] C:\Program Files\DVDFab Platinum
      [2008-05-05|12:02] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
      [2008-05-31|13:46] C:\Program Files\Google
      [2008-02-26|04:10] C:\Program Files\Hewlett-Packard
      [2008-02-26|04:05] C:\Program Files\HP
      [2008-05-06|13:09] C:\Program Files\InstallShield Installation Information
      [2008-05-11|21:34] C:\Program Files\Internet Explorer
      [2008-05-14|10:35] C:\Program Files\iPod
      [2008-05-14|10:35] C:\Program Files\iTunes
      [2008-02-26|04:05] C:\Program Files\Java
      [2008-05-26|11:31] C:\Program Files\Lexmark 2400 Series
      [2008-05-26|11:31] C:\Program Files\Lexmark Toolbar
      [2008-05-05|18:05] C:\Program Files\LimeWire
      [2008-05-06|12:40] C:\Program Files\Logitech
      [2008-05-31|12:33] C:\Program Files\lx_Cats
      [2008-05-29|14:27] C:\Program Files\Malwarebytes' Anti-Malware
      [2008-05-07|15:21] C:\Program Files\Messenger Plus! Live
      [2006-11-02|08:37] C:\Program Files\Microsoft Games
      [2008-05-05|18:17] C:\Program Files\Microsoft Office
      [2008-05-05|18:17] C:\Program Files\Microsoft Visual Studio
      [2008-05-05|18:14] C:\Program Files\Microsoft Visual Studio 8
      [2008-05-05|18:17] C:\Program Files\Microsoft Works
      [2008-05-05|18:16] C:\Program Files\Microsoft.NET
      [2008-02-26|12:37] C:\Program Files\Movie Maker
      [2008-05-31|14:16] C:\Program Files\Mozilla Firefox 3 Beta 5
      [2008-05-05|18:17] C:\Program Files\MSBuild
      [2008-05-07|03:00] C:\Program Files\MSXML 4.0
      [2008-02-26|04:04] C:\Program Files\muvee Technologies
      [2008-05-31|13:43] C:\Program Files\Navilog1
      [2008-05-05|17:31] C:\Program Files\Nero
      [2008-05-05|12:06] C:\Program Files\Online Services
      [2008-05-08|13:22] C:\Program Files\Paint.NET
      [2008-02-26|04:19] C:\Program Files\PC-Doctor 5 for Windows
      [2008-05-06|11:57] C:\Program Files\Portrait Displays
      [2008-05-11|21:34] C:\Program Files\QuickTime
      [2006-11-02|08:37] C:\Program Files\Reference Assemblies
      [2008-05-05|17:47] C:\Program Files\SlySoft
      [2008-05-08|12:38] C:\Program Files\Spybot - Search & Destroy
      [2008-05-25|22:18] C:\Program Files\SurfingSoftware
      [2008-05-31|14:04] C:\Program Files\Trend Micro
      [2008-05-05|17:45] C:\Program Files\TuneUp Utilities 2007
      [2006-11-02|09:01] C:\Program Files\Uninstall Information
      [2008-05-05|17:43] C:\Program Files\Webshots
      [2008-02-26|12:37] C:\Program Files\Windows Calendar
      [2008-02-26|12:37] C:\Program Files\Windows Collaboration
      [2008-02-26|12:37] C:\Program Files\Windows Defender
      [2008-02-26|12:37] C:\Program Files\Windows Journal
      [2008-05-06|10:43] C:\Program Files\Windows Live
      [2008-05-06|10:44] C:\Program Files\Windows Live Favorites
      [2008-05-06|10:44] C:\Program Files\Windows Live Toolbar
      [2008-05-14|03:01] C:\Program Files\Windows Mail
      [2008-02-26|12:37] C:\Program Files\Windows Media Player
      [2008-05-05|12:02] C:\Program Files\Windows NT
      [2008-02-26|12:37] C:\Program Files\Windows Photo Gallery
      [2008-02-26|12:37] C:\Program Files\Windows Sidebar
      [2008-05-05|17:02] C:\Program Files\WinRAR
      [2008-05-05|16:57] C:\Program Files\WinZip
      [2008-05-31|13:43] C:\Program Files\Yahoo!

      ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

      [2008-05-05|17:05] C:\Program Files\Common Files\ACD Systems
      [2008-05-06|13:56] C:\Program Files\Common Files\Adobe
      [2008-05-11|21:32] C:\Program Files\Common Files\Apple
      [2008-05-05|18:17] C:\Program Files\Common Files\DESIGNER
      [2008-02-26|03:55] C:\Program Files\Common Files\HP
      [2008-02-26|04:16] C:\Program Files\Common Files\InstallShield
      [2008-02-26|04:05] C:\Program Files\Common Files\Java
      [2008-02-26|04:03] C:\Program Files\Common Files\LightScribe
      [2008-05-06|12:34] C:\Program Files\Common Files\Logitech
      [2008-02-26|04:03] C:\Program Files\Common Files\LS Getting Started
      [2008-05-06|10:44] C:\Program Files\Common Files\microsoft shared
      [2008-02-26|04:04] C:\Program Files\Common Files\muvee Technologies
      [2008-05-05|21:41] C:\Program Files\Common Files\Nero
      [2008-05-06|11:57] C:\Program Files\Common Files\Portrait Displays
      [2006-11-02|07:18] C:\Program Files\Common Files\Services
      [2006-11-02|07:18] C:\Program Files\Common Files\SpeechEngines
      [2008-05-05|17:17] C:\Program Files\Common Files\Symantec Shared
      [2008-05-05|18:14] C:\Program Files\Common Files\System
      [2008-05-06|10:43] C:\Program Files\Common Files\WindowsLiveInstaller
      [2008-05-29|14:25] C:\Program Files\Common Files\Wise Installation Wizard

      ---------------------------[ Process ]--------------------------

      ... 87

      iexplore.exe ~ [2608]
      iexplore.exe ~ [2800]

      ----------------------[ Recherche avec S_Lop ]---------------------

      C:\ProgramData\jump plus pile.cz9paup
      C:\ProgramData\locks idle idle.2zbpp
      C:\ProgramData\locks idle idle.9tn8uf
      C:\ProgramData\locks idle idle.o3yqx
      C:\ProgramData\jump plus pile.cz9paup
      C:\ProgramData\locks idle idle.2zbpp
      C:\ProgramData\locks idle idle.9tn8uf
      C:\ProgramData\locks idle idle.o3yqx

      -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

      C:\ProgramData\Hold Trust Amok Mode
      C:\ProgramData\Hold Trust Amok Mode\Settings meet.exe
      C:\Program Files\Circle Developement
      C:\Program Files\Circle Developement\Uninstall.exe

      ----------------------[ Verification du Registre ]----------------------

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

      ..... OK !

      --------------------[ Verification du fichier Hosts ]---------------------

      Fichier Hosts PROPRE


      ----------------[ Recherche de fichiers avec Catchme ]-----------------

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-31 14:59:39
      Windows 6.0.6001 Service Pack 1 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------[ Recherche d'autres infections ]---------------------


      Aucune autre infection trouvée !

      [F:47][D:16]-> C:\Users\David\AppData\Local\Temp
      [F:163][D:1]-> C:\Users\David\AppData\Roaming\MICROS~1\Windows\Cookies
      [F:8705][D:16]-> C:\Users\David\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
      [F:36][D:1]-> C:\$Recycle.Bin

      [ UAC => 1 ]

      --------------------[ Fin du rapport a 15:00:17,83 ]----------------------
      0
  7. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    Relance Lop S&D

    Choisis cette fois ci l'Option 2 ( Suppression )

    Ne ferme pas la fenêtre lors de la suppression !

    Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

    Nouvelle tâche, tape explorer.exe et valide )

    Remets un rapport Hijackthis
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      -----------------------[ Lop S&D 4.2.1-1 XP/Vista ]---------------------

      [ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
      [ USER : David ] [ "C:\Lop SD" ] [ Selection : 2 ]
      [ 2008-05-31 | 15:35:07,90 ] [ PC : PC-DE-DAVID ]
      [ MAJ : 31-05-2008 | 14:12 ]
      [ UAC => 0 ]


      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

      Echec ! - C:\ProgramData\Hold Trust Amok Mode\Settings meet.exe
      Supprimé! - C:\Program Files\Circle Developement\Uninstall.exe
      Supprimé! - C:\ProgramData\jump plus pile.cz9paup
      Supprimé! - C:\ProgramData\locks idle idle.2zbpp
      Supprimé! - C:\ProgramData\locks idle idle.9tn8uf
      Supprimé! - C:\ProgramData\locks idle idle.o3yqx
      Echec ! - C:\ProgramData\Hold Trust Amok Mode
      Supprimé! - C:\Program Files\Circle Developement
      Restauré! - Fichier Hosts

      \\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////

      Supprimé! - C:\ProgramData\Hold Trust Amok Mode\Settings meet.exe
      Supprimé! - C:\ProgramData\Hold Trust Amok Mode

      //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


      -------------[ Listing des dossiers dans Application Data ]------------


      [2008-05-06|00:56] C:\Users\David\AppData\Roaming\ACD Systems\ACDSee

      [2008-05-06|22:59] C:\Users\David\AppData\Roaming\Adobe\Flash Player
      [2008-05-06|13:18] C:\Users\David\AppData\Roaming\Adobe\Linguistics
      [2008-05-06|13:17] C:\Users\David\AppData\Roaming\Adobe\Acrobat


      [2008-05-28|23:47] C:\Users\David\AppData\Roaming\Apple Computer\iTunes

      [2008-05-06|19:03] C:\Users\David\AppData\Roaming\ArcSoft\ArcRegister
      [2008-05-06|19:03] C:\Users\David\AppData\Roaming\ArcSoft\PhotoImpression

      [2008-05-05|16:27] C:\Users\David\AppData\Roaming\CyberLink\MediaCache
      [2008-05-05|16:27] C:\Users\David\AppData\Roaming\CyberLink\PowerStarter

      [2008-05-06|12:43] C:\Users\David\AppData\Roaming\DisplayTune\1.0.0.1
      [2008-05-06|12:43] C:\Users\David\AppData\Roaming\DisplayTune\HPW

      [2008-05-15|02:24] C:\Users\David\AppData\Roaming\Google\GoogleEarth

      [2008-05-05|12:07] C:\Users\David\AppData\Roaming\Hewlett-Packard\HP Software UI

      [2008-05-05|16:07] C:\Users\David\AppData\Roaming\Identities\{BE248EB0-3A32-4C1D-9375-3668D384EF06}

      [2008-05-25|21:45] C:\Users\David\AppData\Roaming\LimeWire\xml
      [2008-05-25|21:01] C:\Users\David\AppData\Roaming\LimeWire\.NetworkShare
      [2008-05-05|18:05] C:\Users\David\AppData\Roaming\LimeWire\.AppSpecialShare
      [2008-05-05|18:05] C:\Users\David\AppData\Roaming\LimeWire\themes

      [2008-05-21|22:41] C:\Users\David\AppData\Roaming\Macromedia\Flash Player

      [2008-05-29|14:27] C:\Users\David\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware


      [2008-05-31|02:50] C:\Users\David\AppData\Roaming\Microsoft\MSN Messenger
      [2008-05-30|18:29] C:\Users\David\AppData\Roaming\Microsoft\Word
      [2008-05-30|16:05] C:\Users\David\AppData\Roaming\Microsoft\Templates
      [2008-05-28|00:21] C:\Users\David\AppData\Roaming\Microsoft\eHome
      [2008-05-21|20:36] C:\Users\David\AppData\Roaming\Microsoft\MMC
      [2008-05-21|18:18] C:\Users\David\AppData\Roaming\Microsoft\Speech
      [2008-05-11|12:05] C:\Users\David\AppData\Roaming\Microsoft\UProof
      [2008-05-07|21:49] C:\Users\David\AppData\Roaming\Microsoft\Office
      [2008-05-07|21:49] C:\Users\David\AppData\Roaming\Microsoft\Outlook
      [2008-05-07|15:51] C:\Users\David\AppData\Roaming\Microsoft\OIS
      [2008-05-06|12:51] C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer
      [2008-05-06|12:37] C:\Users\David\AppData\Roaming\Microsoft\Installer
      [2008-05-06|11:03] C:\Users\David\AppData\Roaming\Microsoft\Crypto
      [2008-05-06|10:59] C:\Users\David\AppData\Roaming\Microsoft\WLTB Custom Buttons
      [2008-05-06|10:59] C:\Users\David\AppData\Roaming\Microsoft\MSNLiveFav
      [2008-05-06|10:43] C:\Users\David\AppData\Roaming\Microsoft\IdentityCRL
      [2008-05-06|00:31] C:\Users\David\AppData\Roaming\Microsoft\Network
      [2008-05-05|22:16] C:\Users\David\AppData\Roaming\Microsoft\Proof
      [2008-05-05|22:14] C:\Users\David\AppData\Roaming\Microsoft\Windows
      [2008-05-05|20:57] C:\Users\David\AppData\Roaming\Microsoft\Document Building Blocks
      [2008-05-05|20:57] C:\Users\David\AppData\Roaming\Microsoft\AddIns
      [2008-05-05|16:56] C:\Users\David\AppData\Roaming\Microsoft\HTML Help
      [2008-05-05|16:07] C:\Users\David\AppData\Roaming\Microsoft\Protect
      [2008-05-05|12:07] C:\Users\David\AppData\Roaming\Microsoft\CLR Security Config
      [2008-05-05|12:06] C:\Users\David\AppData\Roaming\Microsoft\SystemCertificates
      [2008-05-05|12:05] C:\Users\David\AppData\Roaming\Microsoft\Credentials

      [2008-05-09|22:22] C:\Users\David\AppData\Roaming\Mozilla\Extensions
      [2008-05-09|22:17] C:\Users\David\AppData\Roaming\Mozilla\Firefox

      [2008-05-13|22:39] C:\Users\David\AppData\Roaming\Nero\Nero8

      [2008-05-05|17:17] C:\Users\David\AppData\Roaming\Symantec\NPMDataStore

      [2008-05-06|21:13] C:\Users\David\AppData\Roaming\Talkback\MozillaOrg

      [2008-05-05|17:45] C:\Users\David\AppData\Roaming\TuneUp Software\TuneUp Utilities


      [2008-05-05|17:44] C:\Users\David\AppData\Roaming\Webshots\The Webshots Desktop

      [2008-05-27|23:28] C:\Users\David\AppData\Roaming\WinBatch\Settings

      [2008-05-06|04:38] C:\Users\David\AppData\Roaming\Yahoo!\Companion

      ----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

      [2008-05-28 11:40][--a------] C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
      [2008-05-06 10:44][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
      [2008-05-31 06:10][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{1D362B60-170B-41D9-8C99-219CEF2F751F}.job
      [2008-05-30 17:15][--a------] C:\Windows\tasks\1-Click Maintenance.job
      [2008-05-31 15:34][--ah-----] C:\Windows\tasks\SA.DAT
      [2008-05-31 15:33][--a------] C:\Windows\tasks\SCHEDLGU.TXT

      ------[ Listing des dossiers dans C:\ProgramData ]------

      [2008-05-05|17:05] C:\ProgramData\ACD Systems
      [2008-05-06|13:56] C:\ProgramData\Adobe
      [2008-05-11|21:32] C:\ProgramData\Apple
      [2008-05-14|10:35] C:\ProgramData\Apple Computer
      [2006-11-02|09:02] C:\ProgramData\Application Data
      [2008-05-29|14:34] C:\ProgramData\Avira
      [2008-05-05|12:02] C:\ProgramData\Bureau
      [2008-05-05|16:27] C:\ProgramData\CyberLink
      [2006-11-02|09:02] C:\ProgramData\Desktop
      [2006-11-02|09:02] C:\ProgramData\Documents
      [2008-05-05|18:20] C:\ProgramData\DVD Shrink
      [2008-05-05|12:02] C:\ProgramData\Favoris
      [2006-11-02|09:02] C:\ProgramData\Favorites
      [2008-05-31|13:46] C:\ProgramData\Google
      [2008-05-31|14:46] C:\ProgramData\Google Updater
      [2008-05-05|12:06] C:\ProgramData\Hewlett-Packard
      [2008-02-26|03:55] C:\ProgramData\HP
      [2008-02-26|03:55] C:\ProgramData\hpzinstall.log
      [2008-05-29|14:24] C:\ProgramData\Lavasoft
      [2008-05-05|21:47] C:\ProgramData\LightScribe
      [2008-05-06|12:31] C:\ProgramData\Logitech
      [2008-05-05|17:09] C:\ProgramData\LuUninstall.LiveUpdate
      [2008-05-29|14:26] C:\ProgramData\Malwarebytes
      [2008-05-05|12:02] C:\ProgramData\Menu D‚marrer
      [2008-05-07|15:28] C:\ProgramData\Messenger Plus!
      [2008-05-05|18:16] C:\ProgramData\Microsoft
      [2008-05-14|03:01] C:\ProgramData\Microsoft Help
      [2008-05-05|12:02] C:\ProgramData\ModŠles
      [2008-02-26|04:04] C:\ProgramData\muvee Technologies
      [2008-05-29|21:40] C:\ProgramData\name mp3 hold
      [2008-05-05|21:39] C:\ProgramData\Nero
      [2008-05-05|16:08] C:\ProgramData\NVIDIA
      [2008-02-26|04:09] C:\ProgramData\PC-Doctor
      [2008-05-21|00:30] C:\ProgramData\Spybot - Search & Destroy
      [2006-11-02|09:02] C:\ProgramData\Start Menu
      [2008-05-05|17:16] C:\ProgramData\Symantec
      [2008-05-05|18:02] C:\ProgramData\TEMP
      [2006-11-02|09:02] C:\ProgramData\Templates
      [2008-05-05|17:45] C:\ProgramData\TuneUp Software
      [2008-05-31|13:34] C:\ProgramData\WindowsSearch
      [2008-05-06|10:35] C:\ProgramData\WLInstaller

      ---------------[ Listing des dossiers dans C:\Program Files ]--------------

      [2008-05-05|17:04] C:\Program Files\ACD Systems
      [2008-05-06|13:56] C:\Program Files\Adobe
      [2008-05-05|16:50] C:\Program Files\Alwil Software
      [2008-05-14|10:20] C:\Program Files\Apple Software Update
      [2008-05-06|13:09] C:\Program Files\ArcSoft
      [2008-05-29|14:34] C:\Program Files\Avira
      [2008-02-26|04:10] C:\Program Files\AWS
      [2008-05-11|21:34] C:\Program Files\Bonjour
      [2008-05-05|17:21] C:\Program Files\CCleaner
      [2008-05-08|13:18] C:\Program Files\CodeStuff
      [2008-05-11|21:32] C:\Program Files\Common Files
      [2008-02-26|03:42] C:\Program Files\CONEXANT
      [2008-02-26|04:03] C:\Program Files\CyberLink
      [2008-01-20|22:43] C:\Program Files\desktop.ini
      [2008-05-05|18:20] C:\Program Files\DVD Shrink
      [2008-05-05|18:23] C:\Program Files\DVDFab Platinum
      [2008-05-05|12:02] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
      [2008-05-31|13:46] C:\Program Files\Google
      [2008-02-26|04:10] C:\Program Files\Hewlett-Packard
      [2008-02-26|04:05] C:\Program Files\HP
      [2008-05-06|13:09] C:\Program Files\InstallShield Installation Information
      [2008-05-11|21:34] C:\Program Files\Internet Explorer
      [2008-05-14|10:35] C:\Program Files\iPod
      [2008-05-14|10:35] C:\Program Files\iTunes
      [2008-02-26|04:05] C:\Program Files\Java
      [2008-05-26|11:31] C:\Program Files\Lexmark 2400 Series
      [2008-05-26|11:31] C:\Program Files\Lexmark Toolbar
      [2008-05-05|18:05] C:\Program Files\LimeWire
      [2008-05-06|12:40] C:\Program Files\Logitech
      [2008-05-31|15:35] C:\Program Files\lx_Cats
      [2008-05-29|14:27] C:\Program Files\Malwarebytes' Anti-Malware
      [2008-05-07|15:21] C:\Program Files\Messenger Plus! Live
      [2006-11-02|08:37] C:\Program Files\Microsoft Games
      [2008-05-05|18:17] C:\Program Files\Microsoft Office
      [2008-05-05|18:17] C:\Program Files\Microsoft Visual Studio
      [2008-05-05|18:14] C:\Program Files\Microsoft Visual Studio 8
      [2008-05-05|18:17] C:\Program Files\Microsoft Works
      [2008-05-05|18:16] C:\Program Files\Microsoft.NET
      [2008-02-26|12:37] C:\Program Files\Movie Maker
      [2008-05-31|15:06] C:\Program Files\Mozilla Firefox 3 Beta 5
      [2008-05-05|18:17] C:\Program Files\MSBuild
      [2008-05-07|03:00] C:\Program Files\MSXML 4.0
      [2008-02-26|04:04] C:\Program Files\muvee Technologies
      [2008-05-31|13:43] C:\Program Files\Navilog1
      [2008-05-05|17:31] C:\Program Files\Nero
      [2008-05-05|12:06] C:\Program Files\Online Services
      [2008-05-08|13:22] C:\Program Files\Paint.NET
      [2008-02-26|04:19] C:\Program Files\PC-Doctor 5 for Windows
      [2008-05-06|11:57] C:\Program Files\Portrait Displays
      [2008-05-11|21:34] C:\Program Files\QuickTime
      [2006-11-02|08:37] C:\Program Files\Reference Assemblies
      [2008-05-05|17:47] C:\Program Files\SlySoft
      [2008-05-08|12:38] C:\Program Files\Spybot - Search & Destroy
      [2008-05-25|22:18] C:\Program Files\SurfingSoftware
      [2008-05-31|14:04] C:\Program Files\Trend Micro
      [2008-05-05|17:45] C:\Program Files\TuneUp Utilities 2007
      [2006-11-02|09:01] C:\Program Files\Uninstall Information
      [2008-05-05|17:43] C:\Program Files\Webshots
      [2008-02-26|12:37] C:\Program Files\Windows Calendar
      [2008-02-26|12:37] C:\Program Files\Windows Collaboration
      [2008-02-26|12:37] C:\Program Files\Windows Defender
      [2008-02-26|12:37] C:\Program Files\Windows Journal
      [2008-05-06|10:43] C:\Program Files\Windows Live
      [2008-05-06|10:44] C:\Program Files\Windows Live Favorites
      [2008-05-06|10:44] C:\Program Files\Windows Live Toolbar
      [2008-05-14|03:01] C:\Program Files\Windows Mail
      [2008-02-26|12:37] C:\Program Files\Windows Media Player
      [2008-05-05|12:02] C:\Program Files\Windows NT
      [2008-02-26|12:37] C:\Program Files\Windows Photo Gallery
      [2008-02-26|12:37] C:\Program Files\Windows Sidebar
      [2008-05-05|17:02] C:\Program Files\WinRAR
      [2008-05-05|16:57] C:\Program Files\WinZip
      [2008-05-31|13:43] C:\Program Files\Yahoo!

      ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

      [2008-05-05|17:05] C:\Program Files\Common Files\ACD Systems
      [2008-05-06|13:56] C:\Program Files\Common Files\Adobe
      [2008-05-11|21:32] C:\Program Files\Common Files\Apple
      [2008-05-05|18:17] C:\Program Files\Common Files\DESIGNER
      [2008-02-26|03:55] C:\Program Files\Common Files\HP
      [2008-02-26|04:16] C:\Program Files\Common Files\InstallShield
      [2008-02-26|04:05] C:\Program Files\Common Files\Java
      [2008-02-26|04:03] C:\Program Files\Common Files\LightScribe
      [2008-05-06|12:34] C:\Program Files\Common Files\Logitech
      [2008-02-26|04:03] C:\Program Files\Common Files\LS Getting Started
      [2008-05-06|10:44] C:\Program Files\Common Files\microsoft shared
      [2008-02-26|04:04] C:\Program Files\Common Files\muvee Technologies
      [2008-05-05|21:41] C:\Program Files\Common Files\Nero
      [2008-05-06|11:57] C:\Program Files\Common Files\Portrait Displays
      [2006-11-02|07:18] C:\Program Files\Common Files\Services
      [2006-11-02|07:18] C:\Program Files\Common Files\SpeechEngines
      [2008-05-05|17:17] C:\Program Files\Common Files\Symantec Shared
      [2008-05-05|18:14] C:\Program Files\Common Files\System
      [2008-05-06|10:43] C:\Program Files\Common Files\WindowsLiveInstaller
      [2008-05-29|14:25] C:\Program Files\Common Files\Wise Installation Wizard

      ---------------------------[ Process ]--------------------------

      ... 74

      ... OK !

      ----------------------[ Recherche avec S_Lop ]---------------------

      Aucun fichier / dossier Lop trouvé !

      -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

      Aucun fichier / dossier Lop trouvé !

      ----------------------[ Verification du Registre ]----------------------

      ..... OK !

      --------------------[ Verification du fichier Hosts ]---------------------

      Fichier Hosts PROPRE


      ----------------[ Recherche de fichiers avec Catchme ]-----------------

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-31 15:35:51
      Windows 6.0.6001 Service Pack 1 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------[ Recherche d'autres infections ]---------------------


      Aucune autre infection trouvée !

      [F:40][D:15]-> C:\Users\David\AppData\Local\Temp
      [F:163][D:1]-> C:\Users\David\AppData\Roaming\MICROS~1\Windows\Cookies
      [F:8720][D:16]-> C:\Users\David\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
      [F:36][D:1]-> C:\$Recycle.Bin

      [ UAC => 1 ]

      --------------------[ Fin du rapport a 15:39:22,39 ]----------------------



      tu veux que je refasse un scan hijackthis ???
      0
  8. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    oui, qu'on fasse un point.

    Tu me dis comment fonctionne l'ordi maintenant.
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:44:05, on 2008-05-31
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\hp\support\hpsysdrv.exe
      C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
      C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
      C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
      C:\Program Files\Portrait Displays\Pivot Software\floater.exe
      C:\Program Files\Lexmark 2400 Series\ezprint.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
      C:\Windows\ehome\ehtray.exe
      C:\Windows\Speech\Common\sapisvr.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Windows\ehome\ehmsas.exe
      C:\PROGRA~1\Webshots\webshots.scr
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
      C:\hp\kbd\kbd.exe
      C:\Windows\explorer.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=desktop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.qc.ca/?icid=desktop
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
      O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
      O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
      O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
      O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
      O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [CHIN LESS] "C:\ProgramData\locks idle idle.9tn8uf"
      O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\jump plus pile.cz9paup"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-ca.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O18 - Protocol: bw+0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {90B4BF71-2C7A-422F-939C-B9AAEA5AED34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
      O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
    2. dage1971 Messages postés 67 Statut Membre
       
      On dirait que l'oedi est plus lente aussi...
      0
    3. dage1971 Messages postés 67 Statut Membre
       
      Firefox est correct maintenant
      0
    4. Utilisateur anonyme > dage1971 Messages postés 67 Statut Membre
       
      Salut Lyionnais69 si ca ne te dérange pas peux tu faire ceci:

      Défragmenter le disque dur:

      *Pour l'exécuter, cliquez sur le bouton Démarrer, sur Tous les programmes, sur Accessoires, Outils systèmes puis sur Défragmenteur de disque.

      *cliquez sur le bouton Analyser. Le logiciel examine alors votre disque dur.

      *Cliquez sur le bouton Afficher le rapport. (enregistre le et poste le moi stp)

      *cliquez sur le bouton Défragmenter.
      0
    5. dage1971 Messages postés 67 Statut Membre > Utilisateur anonyme
       
      je suis avec vista, je n,ai pas l'option de l'analyse...du moins je ne la trouve pas
      0
  9. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    comment fais tu pour te réinfecter entre 21h42 et 21h51 ?

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le Bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ?
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      désolé pour le délaie, j'ai eu des problemes avec ma connexion internet

      ComboFix 08-05-29.1 - David 2008-05-31 17:42:15.2 - NTFSx86
      Endroit: C:\Users\David\Desktop\ComboFix.exe
      * Création d'un nouveau point de restauration
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Windows\system32\WinNB55.dll
      .
      ---- Previous Run -------
      .
      C:\Windows\system32\jusched.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-31 17:40 . 2008-05-31 17:41 <REP> d-------- C:\327882R2FWJFW
      2008-05-31 14:58 . 2008-05-31 15:39 <REP> d-------- C:\Lop SD
      2008-05-31 14:04 . 2008-05-31 14:04 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-31 13:46 . 2008-05-31 14:46 <REP> d-------- C:\Users\All Users\Google Updater
      2008-05-31 13:46 . 2008-05-31 13:46 <REP> d-------- C:\Users\All Users\Google
      2008-05-31 13:46 . 2008-05-31 14:46 <REP> d-------- C:\PROGRA~2\Google Updater
      2008-05-31 13:34 . 2008-05-31 13:34 <REP> d-------- C:\Users\All Users\WindowsSearch
      2008-05-31 13:34 . 2008-05-31 13:34 <REP> d-------- C:\PROGRA~2\WindowsSearch
      2008-05-30 15:41 . 2008-05-30 15:41 <REP> d-------- C:\Windows\BDOSCAN8
      2008-05-29 14:34 . 2008-05-29 14:34 <REP> d-------- C:\Users\All Users\Avira
      2008-05-29 14:34 . 2008-05-29 14:34 <REP> d-------- C:\Program Files\Avira
      2008-05-29 14:34 . 2008-05-29 14:34 <REP> d-------- C:\PROGRA~2\Avira
      2008-05-29 14:27 . 2008-05-29 14:27 <REP> d-------- C:\Users\David\AppData\Roaming\Malwarebytes
      2008-05-29 14:26 . 2008-05-29 14:26 <REP> d-------- C:\Users\All Users\Malwarebytes
      2008-05-29 14:26 . 2008-05-29 14:27 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-05-29 14:26 . 2008-05-29 14:26 <REP> d-------- C:\PROGRA~2\Malwarebytes
      2008-05-29 14:26 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
      2008-05-29 14:26 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
      2008-05-29 13:34 . 2008-05-31 13:43 <REP> d-------- C:\Program Files\Navilog1
      2008-05-29 13:15 . 2008-05-29 13:15 <REP> d-------- C:\!KillBox
      2008-05-28 03:08 . 2008-03-07 22:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-05-28 03:08 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
      2008-05-27 23:28 . 2008-05-27 23:28 <REP> d-------- C:\Users\David\AppData\Roaming\WinBatch
      2008-05-26 11:31 . 2008-05-26 11:31 <REP> d-------- C:\Program Files\Lexmark Toolbar
      2008-05-26 11:31 . 2008-05-26 11:31 <REP> d-------- C:\Program Files\Lexmark 2400 Series
      2008-05-26 11:13 . 2008-05-26 11:33 16,393 --a------ C:\Windows\System32\LexFiles.ulf
      2008-05-25 22:18 . 2008-05-25 22:18 <REP> d-------- C:\Program Files\SurfingSoftware
      2008-05-19 22:13 . 2008-05-19 22:13 <REP> d-------- C:\Users\David\dwhelper
      2008-05-15 15:00 . 2008-05-29 14:24 <REP> d-------- C:\Users\All Users\Lavasoft
      2008-05-15 15:00 . 2008-05-29 14:24 <REP> d-------- C:\PROGRA~2\Lavasoft
      2008-05-14 10:35 . 2008-05-14 10:35 <REP> d-------- C:\Users\David\AppData\Roaming\Apple Computer
      2008-05-14 10:35 . 2008-05-14 10:35 <REP> d-------- C:\Program Files\iTunes
      2008-05-14 10:35 . 2008-05-14 10:35 <REP> d-------- C:\Program Files\iPod
      2008-05-14 10:19 . 2008-05-14 10:20 <REP> d-------- C:\Program Files\Apple Software Update
      2008-05-12 22:27 . 2008-05-31 17:40 <REP> d-------- C:\Program Files\lx_Cats
      2008-05-12 22:03 . 2008-05-12 22:03 <REP> d-------- C:\drivers
      2008-05-11 21:34 . 2008-05-11 21:34 <REP> d-------- C:\Program Files\Bonjour
      2008-05-11 21:33 . 2008-05-14 10:35 <REP> d-------- C:\Users\All Users\Apple Computer
      2008-05-11 21:33 . 2008-05-11 21:34 <REP> d-------- C:\Program Files\QuickTime
      2008-05-11 21:33 . 2008-05-14 10:35 <REP> d-------- C:\PROGRA~2\Apple Computer
      2008-05-11 21:32 . 2008-05-11 21:32 <REP> d-------- C:\Users\All Users\Apple
      2008-05-11 21:32 . 2008-05-11 21:32 <REP> d-------- C:\Program Files\Common Files\Apple
      2008-05-11 21:32 . 2008-05-11 21:32 <REP> d-------- C:\PROGRA~2\Apple
      2008-05-09 22:16 . 2008-05-31 15:53 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
      2008-05-09 02:43 . 2008-05-09 02:43 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
      2008-05-08 13:22 . 2008-05-08 13:22 <REP> d-------- C:\Program Files\Paint.NET
      2008-05-08 13:18 . 2008-05-08 13:18 <REP> d-------- C:\Program Files\CodeStuff
      2008-05-08 13:09 . 2008-05-31 13:46 <REP> d-------- C:\Program Files\Google
      2008-05-08 12:35 . 2008-05-21 00:30 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
      2008-05-08 12:35 . 2008-05-08 12:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-05-08 12:35 . 2008-05-21 00:30 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy
      2008-05-07 15:28 . 2008-05-07 15:28 <REP> d-------- C:\Users\All Users\Messenger Plus!
      2008-05-07 15:28 . 2008-05-07 15:28 <REP> d-------- C:\PROGRA~2\Messenger Plus!
      2008-05-07 15:22 . 2008-05-29 21:40 <REP> d-------- C:\Users\All Users\name mp3 hold
      2008-05-07 15:22 . 2008-05-29 21:40 <REP> d-------- C:\PROGRA~2\name mp3 hold
      2008-05-07 12:36 . 2008-05-07 15:21 <REP> d-------- C:\Program Files\Messenger Plus! Live
      2008-05-07 03:00 . 2008-05-07 03:00 <REP> d-------- C:\Program Files\MSXML 4.0
      2008-05-06 21:27 . 2008-01-31 14:39 4,155,471 -ra------ C:\Messenger_Plus!_Live_4.50.312(www.messlive.net).rar
      2008-05-06 21:27 . 2008-02-12 17:59 691,686 -ra------ C:\starter_starter_5.6.2.8_francais_12492.zip
      2008-05-06 21:13 . 2008-05-06 21:13 <REP> d-------- C:\Users\David\AppData\Roaming\Talkback
      2008-05-06 21:12 . 2008-05-06 21:12 0 --a------ C:\Windows\nsreg.dat
      2008-05-06 19:03 . 2008-05-06 19:03 <REP> d-------- C:\Users\David\AppData\Roaming\ArcSoft
      2008-05-06 13:09 . 2008-05-06 13:09 <REP> d-------- C:\Program Files\ArcSoft
      2008-05-06 13:09 . 2001-11-02 15:10 163,840 --a------ C:\Windows\System32\PhotoImpression Screen Saver.scr
      2008-05-06 12:43 . 2008-05-06 12:43 <REP> d-------- C:\Users\David\AppData\Roaming\DisplayTune
      2008-05-06 12:40 . 2008-05-06 12:40 118,784 -r------- C:\Windows\bwUnin-7.2.0.157-8876480SL.exe
      2008-05-06 12:37 . 2006-06-22 18:29 513,584 --a------ C:\Windows\System32\LVUI2RC.dll
      2008-05-06 12:37 . 2003-02-21 08:42 348,160 --a------ C:\Windows\system\msvcr71.dll
      2008-05-06 12:37 . 2006-06-22 18:29 293,808 --a------ C:\Windows\System32\drivers\LV561AV.SYS
      2008-05-06 12:37 . 2006-06-22 18:29 263,728 --a------ C:\Windows\System32\lvcodec2.dll
      2008-05-06 12:37 . 2006-06-22 18:29 210,480 --a------ C:\Windows\System32\LVUI2.dll
      2008-05-06 12:37 . 2006-06-22 18:29 116,272 --a------ C:\Windows\System32\lvcoinst.dll
      2008-05-06 12:37 . 2006-06-22 18:29 38,960 --a------ C:\Windows\System32\drivers\LVUSBSta.sys
      2008-05-06 12:37 . 2006-06-22 16:51 22,334 --a------ C:\Windows\System32\lvcoinst.ini
      2008-05-06 12:37 . 2006-06-22 16:51 4,770 --a------ C:\Windows\System32\Repository.reg
      2008-05-06 12:31 . 2008-05-06 12:31 <REP> d-------- C:\Users\All Users\Logitech
      2008-05-06 12:31 . 2008-05-06 12:40 <REP> d-------- C:\Program Files\Logitech
      2008-05-06 12:31 . 2008-05-06 12:34 <REP> d-------- C:\Program Files\Common Files\Logitech
      2008-05-06 12:31 . 2008-05-06 12:31 <REP> d-------- C:\PROGRA~2\Logitech
      2008-05-06 11:57 . 2006-11-16 17:20 15,920 --a------ C:\Windows\System32\drivers\PdiPorts.sys
      2008-05-06 11:57 . 2004-11-22 12:07 2,304 --a------ C:\Windows\System32\Machnm32.sys
      2008-05-06 11:56 . 2008-05-06 11:57 <REP> d-------- C:\Program Files\Portrait Displays
      2008-05-06 11:56 . 2008-05-06 11:57 <REP> d-------- C:\Program Files\Common Files\Portrait Displays
      2008-05-06 10:44 . 2008-05-06 10:44 <REP> d-------- C:\Program Files\Windows Live Toolbar
      2008-05-06 10:44 . 2008-05-06 10:44 <REP> d-------- C:\Program Files\Windows Live Favorites
      2008-05-06 10:35 . 2008-05-06 10:35 <REP> d-------- C:\Users\All Users\WLInstaller
      2008-05-06 10:35 . 2008-05-06 10:43 <REP> d-------- C:\Program Files\Windows Live
      2008-05-06 10:35 . 2008-05-06 10:43 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-05-06 10:35 . 2008-05-06 10:35 <REP> d-------- C:\PROGRA~2\WLInstaller
      2008-05-06 04:41 . 2008-05-06 04:41 <REP> d-------- C:\Users\David\AppData\Roaming\AdobeUM
      2008-05-06 04:38 . 2008-05-06 04:38 <REP> d-------- C:\Users\David\AppData\Roaming\Yahoo!
      2008-05-05 21:47 . 2008-05-05 21:47 <REP> d-------- C:\Users\All Users\LightScribe
      2008-05-05 21:47 . 2008-05-05 21:47 <REP> d-------- C:\PROGRA~2\LightScribe
      2008-05-05 21:39 . 2008-05-05 21:41 <REP> d-------- C:\Program Files\Common Files\Nero
      2008-05-05 18:23 . 2008-05-05 18:23 <REP> d-------- C:\Program Files\DVDFab Platinum
      2008-05-05 18:23 . 2008-05-05 18:23 47,360 --a------ C:\Windows\System32\drivers\Pcouffin.sys
      2008-05-05 18:20 . 2008-05-05 18:20 <REP> d-------- C:\Users\All Users\DVD Shrink
      2008-05-05 18:20 . 2008-05-05 18:20 <REP> d-------- C:\Program Files\DVD Shrink
      2008-05-05 18:20 . 2008-05-05 18:20 <REP> d-------- C:\PROGRA~2\DVD Shrink
      2008-05-05 18:16 . 2008-05-05 18:16 <REP> d-------- C:\Windows\PCHEALTH
      2008-05-05 18:16 . 2008-05-05 18:16 <REP> d-------- C:\Program Files\Microsoft.NET
      2008-05-05 18:14 . 2008-05-05 18:14 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
      2008-05-05 18:13 . 2008-05-14 03:01 <REP> d-------- C:\Users\All Users\Microsoft Help
      2008-05-05 18:13 . 2008-05-14 03:01 <REP> d-------- C:\PROGRA~2\Microsoft Help
      2008-05-05 18:13 . 2008-05-05 18:13 <REP> dr-h----- C:\MSOCache
      2008-05-05 18:05 . 2008-05-29 21:41 <REP> d-------- C:\Users\David\AppData\Roaming\LimeWire
      2008-05-05 18:05 . 2008-05-05 18:05 <REP> d-------- C:\Program Files\LimeWire
      2008-05-05 18:02 . 2008-05-05 18:02 <REP> d-------- C:\Users\All Users\TEMP
      2008-05-05 18:02 . 2008-05-05 18:02 <REP> d-------- C:\PROGRA~2\TEMP
      2008-05-05 17:47 . 2008-05-05 17:47 <REP> d-------- C:\Program Files\SlySoft
      2008-05-05 17:45 . 2008-05-05 17:45 <REP> d-------- C:\Users\David\AppData\Roaming\TuneUp Software
      2008-05-05 17:45 . 2008-05-05 17:45 <REP> d-------- C:\Users\All Users\TuneUp Software
      2008-05-05 17:45 . 2008-05-05 17:45 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
      2008-05-05 17:45 . 2008-05-05 17:45 <REP> d-------- C:\PROGRA~2\TuneUp Software
      2008-05-05 17:45 . 2007-03-28 19:42 29,704 --a------ C:\Windows\System32\uxtuneup.dll
      2008-05-05 17:45 . 2007-04-26 15:57 16,904 --a------ C:\Windows\System32\authuitu.dll
      2008-05-05 17:44 . 2008-05-29 14:25 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-05-05 17:43 . 2008-05-05 17:43 <REP> d-------- C:\Users\David\AppData\Roaming\Webshots
      2008-05-05 17:43 . 2008-05-05 17:43 <REP> d-------- C:\Program Files\Webshots
      2008-05-05 17:43 . 2006-01-25 16:12 36,864 --a------ C:\Windows\System32\WSVersionATX.ocx
      2008-05-05 17:33 . 2008-05-05 17:33 <REP> d-------- C:\Users\David\AppData\Roaming\Nero
      2008-05-05 17:31 . 2008-05-05 21:39 <REP> d-------- C:\Users\All Users\Nero
      2008-05-05 17:31 . 2008-05-05 17:31 <REP> d-------- C:\Program Files\Nero
      2008-05-05 17:31 . 2008-05-05 21:39 <REP> d-------- C:\PROGRA~2\Nero
      2008-05-05 17:26 . 2007-09-16 19:25 126,976 --a------ C:\keymaker.exe

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-31 17:43 --------- d-----w C:\Program Files\Yahoo!
      2008-05-14 07:01 --------- d-----w C:\Program Files\Windows Mail
      2008-05-06 17:56 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-05-06 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-05-05 22:17 --------- d-----w C:\Program Files\MSBuild
      2008-05-05 22:17 --------- d-----w C:\Program Files\Microsoft Works
      2008-05-05 21:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-05-05 21:16 --------- d-----w C:\PROGRA~2\Symantec
      2008-05-05 20:08 --------- d-----w C:\PROGRA~2\NVIDIA
      2008-05-05 16:06 --------- d-----w C:\PROGRA~2\Hewlett-Packard
      2008-05-05 16:02 --------- d-sh--w C:\Program Files\Fichiers communs
      2008-05-05 16:02 --------- d-sh--w C:\PROGRA~2\Modèles
      2008-05-05 16:02 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
      2008-05-05 16:02 --------- d-sh--w C:\PROGRA~2\Favoris
      2008-05-05 16:02 --------- d-sh--w C:\PROGRA~2\Bureau
      2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
      2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
      .

      ------- Sigcheck -------

      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 22:23 1233920]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-20 22:25 125952]
      "Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2008-01-20 22:24 49664]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
      "CHIN LESS"="C:\ProgramData\locks idle idle.9tn8uf" [ ]
      "Amok Mode Dupe Platform"="C:\ProgramData\jump plus pile.cz9paup" [ ]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-31 13:46 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 07:26 4874240 C:\Windows\RtHDVCpl.exe]
      "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
      "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
      "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 14:57 92704]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 14:57 8530464]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 14:57 88608]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-06 21:56 132760]
      "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 11:24 54840]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
      "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 09:47 57344]
      "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
      "PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 12:17 694008]
      "DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 17:56 278528]
      "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 10:33 243248]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
      "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 13:57 291760]
      "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 11:11 82864]
      "LXCRCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 12:27 106496]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

      C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [05/05/2008 17:43:44 45056]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)
      "ValidateAdminCodeSignatures"= 1 (0x1)
      "FilterAdministratorToken"= 1 (0x1)
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3codecp"= l3codecp.acm
      "VIDC.ACDV"= ACDV.dll
      "vidc.MJPG"= m3jpeg32.dll
      "vidc.dmb1"= m3jpeg32.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UacDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{40CF3191-A87C-4A23-BD04-CE45DAB7283A}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
      "{F18E52AE-BD7F-4591-8666-51A7C571CCFB}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
      "{6F314863-1565-441F-91DB-57A5C8F67F96}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
      "{89BC4E58-AB19-4FD9-9B3E-A1E1A1E77394}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
      "TCP Query User{2F4B4E78-B416-4433-BBD9-80FC69AB3E38}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
      "UDP Query User{F27B25BC-C071-44E7-A654-217AD4408164}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
      "TCP Query User{0E261B4C-A672-4729-9DAB-9745DE371ADE}C:\\users\\david\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\david\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
      "UDP Query User{E4F4F2B9-18F5-4044-BA8B-2799275AD034}C:\\users\\david\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\david\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
      "{3A7D9AAB-9545-4127-8CC5-32A8A7BA829E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "{A8E0DFEB-2DCB-4CDE-922D-FC5A20F14F5D}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
      "{5DC0221C-E2EE-4A8D-83FC-17873E127C9A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
      "{82291DA7-7B9E-4B87-9A2C-20678EF58505}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
      "{DDFD46EA-3E1D-4823-A7DE-50A495F6B0F2}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
      "{64245E9A-0FBE-4A01-AB1D-42AAF723DE10}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
      "{0DE58E7B-686A-419F-9CEF-295F4612B9F8}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
      "{A0C860CD-B801-45C3-A78D-A64115EB6CF5}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
      "{C09F9B2C-AC44-431C-9528-C4A67D8EF5D2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
      "{2976DBFE-17AA-4E99-9427-D250305B8C03}"= UDP:C:\Windows\System32\lxcrcoms.exe:Lexmark Communications System
      "{2E55618B-899F-4EE7-9C09-0673A4C77DA2}"= TCP:C:\Windows\System32\lxcrcoms.exe:Lexmark Communications System
      "{F66FCD6D-1E6B-49EC-8B0F-2435E8E7A137}"= UDP:C:\Program Files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
      "{76996D94-13B5-4625-A1AE-943C2D8A2627}"= TCP:C:\Program Files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
      "{D5E26E2E-E269-4FC2-A8A7-CDC88B2AACFA}"= UDP:C:\Program Files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
      "{54E1357B-083C-427D-A66F-F5D7CC5AF1F9}"= TCP:C:\Program Files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
      "EnableFirewall"= 0 (0x0)

      R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
      R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-20 22:23]
      R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 10:26]
      S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 22:23]
      S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 22:23]
      S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-07 11:28]
      S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-10-12 11:53]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-31 17:44:55
      Windows 6.0.6001 Service Pack 1 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      LXCRCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-31 17:45:39
      ComboFix-quarantined-files.txt 2008-05-31 21:45:36

      Pre-Run: 274,868,707,328 octets libres
      Post-Run: 274,908,987,392 octets libres

      274 --- E O F --- 2008-05-29 20:54:00
      0
  10. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    laisse tomber la défragmentation, on n'est pas là.

    On verra quand on aura jugulé l'infection.
    0
  11. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    je voudrais des précisions sur :

    C:\keymaker.exe
    C:\Messenger_Plus!_Live_4.50.312(www.messlive.net).rar

    On peut les supprimer ?
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      C:\keymaker.exe ...fonctionne avec néro8 mais je ne sais pas a quoi il sert et messenger plus, fonctionne avec messenger live il offre plus de fonction sur ce dernier, j'aime bien, sinon pas grave si je dois l'enlever....

      tu dois etre couché, alors on se reparle demain, moi j'y serai vers 9h00 pm pour toi....3 pm au Québec....bye
      0
  12. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    supprime tous les cracks et keygen que tu as téléchargé.
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      salut Lyonnais, ou je trouve ca...c'est quoi keygen...
      0
  13. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    un crack, c'est un fichier protégé par un mot de passe piraté;

    un keygen c'est un fichier qui contient ou génère un mot de passe.
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      A ma connaissance, je n'ai pas de ces fichiers...comment je peux le savoir et ou les trouver
      0
    2. dage1971 Messages postés 67 Statut Membre
       
      Lyonnais je ne sais pas si tu es la, mais j'aimerais que tu me dises comment trouver ces crack et keygen....ca fait seulement 4 semaines que j'ai cette ordi. neuf....et moi je n'ai rien installé, des choses de ce genre....mais la personne qui ma parti l'ordi., lui peut-etre qu'il m'a installé des programmes avec crack et keygen, mais je ne sais lesquel

      Par contre, je n'ai plus de pub. qui ouvre...le probleme a l'air ok...
      0
  14. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    OK, on laisse cette histoire. Il ne doit rien y avoir.

    Redis moi les problèmes qui te restent.
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      tout semble normal maintenant....mais j'aimerais savoir si je dois enlever tout ce que tu m'as fait installer et comme protection maintenant j,ai avitor et le pare feu de windows, est ce que j.ai besoin de autre chose...malwarebytes est qu,il protege mon ordi...
      0
  15. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Pour supprimer les outils de désinfection devenus inutiles :

    * Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

    http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
    hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

    * Clique sur Recherche et laisse le scan se terminer.

    * Clique, sur Suppression pour finaliser.

    * Tu peux, si tu le souhaites, te servir des Options facultatives.

    * Clique sur Quitter, pour que le rapport puisse se créer.

    * Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

    Pour Vista : clic droit et exécuter en tant qu'administrateur.

    Windows defender et Antivir, + MBAM (non résidenr mais que tu fais passer 1 foiss par mois).

    ___________________

    Tu ajoutes :

    *Ccleaner (gratuit)
    Téléchargement :
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
    Tuto :
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

    ¤Mode d'emploi (1 fois par mois aussi).

    Suppression des fichiers temporaires

    Va dans la section "Options" situé dans la marge gauche. Décoche Avancé. Retourne ensuite dans la section "Nettoyeur"
    Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
    • Clique sur Analyse
    • Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
    • Une fois le scan terminé, clique sur Lancer le Nettoyage

    Suppression des incohérence du registre

    • Clique sur l'icône Registre située dans la marge gauche.
    • Puis clique sur Analyser les erreurs
    • Patiente pendant que CCleaner scan ton registre.
    • Une fois le scan terminé, coche toutes les entrées qu'il t'aura trouvé.
    • Tu peux cliquer ensuite sur Corriger les erreurs.

    Si tu n'est pas sûr de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement

    ___
    =>/b Télécharge ATF-Cleaner (Attribune) : http://www.atribune.org/ccount/click.php?id=1
    -- Met le sur ton bureau

    Mode d'emploi (tous les jours)

    => Lance ATF-Cleaner :
    * Sous l'onglet Main, choisis : Select All
    * Clique sur le bouton Empty Selected

    * Sous l'onglet Firefox (si présent) : Clique sur select all
    -- Au message "are you sure you want to delete your firefox saved password" clique sur NON
    -- Clique sur Empty selected

    * Sous l'onglet Opéra (si présent) : Clique sur select all
    -- Au message "are you sure you want to delete your firefox saved password" clique sur NON
    -- Clique sur Empty selected

    * Quitte ATF-Cleaner
    0
    1. dage1971 Messages postés 67 Statut Membre
       
      voici le rapport tcleaner:
      -->- Recherche:

      C:\Combofix: trouvé !
      C:\Lop SD: trouvé !
      C:\!Killbox: trouvé !
      C:\Qoobox: trouvé !
      C:\Lop SD\Lop S&D.lnk: trouvé !
      C:\Program Files\Navilog1: trouvé !
      C:\Program Files\Mozilla Firefox 3 Beta 5\bureau\HijackThis.exe: trouvé !
      C:\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
      C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
      C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Lop S&D: trouvé !
      C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lop S&D: trouvé !
      C:\Users\David\Desktop\HijackThis.lnk: trouvé !
      C:\Users\David\Desktop\Lop S&D.lnk: trouvé !
      C:\Users\David\Desktop\ComboFix.exe: trouvé !
      C:\Users\David\Downloads\LopSD.exe: trouvé !
      C:\Users\David\Downloads\KillBox.exe: trouvé !
      C:\Users\David\Downloads\HJTInstall.exe: trouvé !

      ---------------------------------
      -->- Suppression:

      C:\Lop SD\Lop S&D.lnk: supprimé !
      C:\Program Files\Mozilla Firefox 3 Beta 5\bureau\HijackThis.exe: supprimé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
      C:\Users\David\Desktop\HijackThis.lnk: supprimé !
      C:\Users\David\Desktop\Lop S&D.lnk: supprimé !
      C:\Users\David\Desktop\ComboFix.exe: supprimé !
      C:\Users\David\Downloads\LopSD.exe: supprimé !
      C:\Users\David\Downloads\KillBox.exe: supprimé !
      C:\Users\David\Downloads\HJTInstall.exe: supprimé !
      C:\Combofix: supprimé !
      C:\Lop SD: supprimé !
      C:\!Killbox: supprimé !
      C:\Qoobox: supprimé !
      C:\Program Files\Navilog1: supprimé !
      C:\Program Files\Trend Micro\HijackThis: supprimé !
      C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
      C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Lop S&D: ERREUR DE SUPPRESSION !!
      C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lop S&D: supprimé !
      0
    2. dage1971 Messages postés 67 Statut Membre
       
      Salut lyonnais , tout est fait.....est ce que je garde Tcleaner et ATF cleaner
      0
  16. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    tu gardes ATF Cleaner et tu l'utilises 1 fois par jour.

    Tu supprimes ToolsCleaner (sur ton Bureau) et C:\Tcleaner.txt.

    Mets à jour ta console java.

    0
    1. dage1971 Messages postés 67 Statut Membre
       
      Ok, merci beaucoup pour ton aide Lyonnais, cela est bien apprécié...A+ David
      0
  17. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    de rien pour l'aide.

    Je mets le problème en résolu.

    Tu réouvres si tu as un souci.

    Bon surf.
    0