Internet explorer de nouveau infecté Fermé

Question

Bonjour,

J'ai de nouveau un problème avec internet explorer, car au démarrage il semble qu'il marche bien, puis pendant la telechargement de page, il affiche un page blanche et puis apparaitre une fenetre qui me dit que votre systeme est infecté des virus veuiller télecharger l'antivirus ci-après. Dépuis j'ai desinstallé IE7. et j suis maintenant sur IE6 mais le problème persiste encore.

De l'aide à nouveau
Mrci

Utilisateur anonyme · Answer

bonjour

à lire jusqu'en bas

Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

IMPORTANT

Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier 
et choisis "renommer" : tapes eden et valide . FAIRE AVANT TOUT LANCEMENT DE HIJACKTHIS



Tutoriaux : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

gen-hackman · Answer

salut fais ceci :


Fais un clic droit sur ce lien : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau. 
Fais un clic droit sur navilog1.zip et choisis "tout extraire" 
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valides. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 
Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 
Appuie sur une touche comme demandé, le blocnote va s'ouvrir. 
Copie-colle l'intégralité dans une réponse. Referme le blocnote. 
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt) 
TUTO :: http://www.malekal.com/Adware.Magic_Control.php

Thread · Answer

Vérifie si ton anti virus fonctionne correctement (si ce n'est pas le cas essaye d'en changer ou de le mettre à jour) et vois si sous firefox le même problème apparaît.

georges86400 · Answer

Surtout ne telecharge pas l'antivirus propose, c'est lui le virus

bona_2 · Answer

rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:50, on 23/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\poweroff.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\alg.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
F:\Program Files\Comodo\Firewall\CPF.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Babylon\Babylon-Pro\Babylon.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
F:\PROGRA~1\DESKTO~1\TLDL.EXE
F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
F:\Program Files\Net Studio\USB_FW.exe
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\WINDOWS\system32\INTERNAT.EXE
F:\Program Files\Opera\opera.exe
F:\Program Files\Trend Micro\HijackThis\eden et valide.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\WINDOWS\system32\GWW4c2el.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: SpyPsy - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - F:\WINDOWS\system32\gopfa.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP SchedIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "F:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Babylon Client] F:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [StatusClient] F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] F:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Desktop Lock Loader] F:\PROGRA~1\DESKTO~1\TLDL.EXE /BOOT
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [USB_FW] F:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RAR Password Cracker.lnk = F:\Program Files\RAR Password Cracker\rpc.exe
O4 - Startup: VirtuaGirl2.lnk = F:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet Director.lnk = F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS3\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS4\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS5\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - F:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Poweroff - Jorgen Bosman - F:\WINDOWS\system32\poweroff.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

bona_2 · Answer

rapport navilog
Search Navipromo version 3.6.7 commencé le 23/10/2008 à 16:30:16,34

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis F:\Program Files
avilog1
Session actuelle : "user" 

Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.5512 
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "F:\WINDOWS" ***


*** Recherche dossiers dans "F:\Program Files" ***


*** Recherche dossiers dans "F:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "F:\Documents and Settings\All Users\menudÉ~1" ***


*** Recherche dossiers dans "f:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "F:\Documents and Settings\user\applic~1" *** 


*** Recherche dossiers dans "F:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "F:\DOCUME~1\ADMINI~2\applic~1" *** 


*** Recherche dossiers dans "F:\DOCUME~1\TOKY\applic~1" *** 


*** Recherche dossiers dans "F:\Documents and Settings\user\locals~1\applic~1" *** 


*** Recherche dossiers dans "F:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "F:\DOCUME~1\ADMINI~2\locals~1\applic~1" *** 


*** Recherche dossiers dans "F:\DOCUME~1\TOKY\locals~1\applic~1" *** 


*** Recherche dossiers dans "F:\Documents and Settings\user\menud+~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "F:\WINDOWS\system32" *

* Recherche dans "F:\Documents and Settings\user\locals~1\applic~1" * 

* Recherche dans "F:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 

* Recherche dans "F:\DOCUME~1\ADMINI~2\locals~1\applic~1" * 

* Recherche dans "F:\DOCUME~1\TOKY\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "F:\WINDOWS\system32" :


* Dans "F:\Documents and Settings\user\locals~1\applic~1" : 


* Dans "F:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


* Dans "F:\DOCUME~1\ADMINI~2\locals~1\applic~1" : 


* Dans "F:\DOCUME~1\TOKY\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 23/10/2008 à 16:31:20,67 ***

Utilisateur anonyme · Answer

1) Télécharge et installe Malwarebyte's Anti-Malware:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.

Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK

Laisse les Mises à jour se télécharger
*** Referme le programme ***

2) Redémarre en "Mode sans échec"

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : https://www.malekal.com/demarrer-windows-mode-sans-echec/

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

3) Scan avec Malwarebyte's Anti-Malware

Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaine
S'il t'es demandé de redémarrer >>> clique sur "Yes"

--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.

quand tu demande une analyse, demande en mode sans échec.

Pourquoi en mode sans échec:

*Car déjà l'analyse cherche plus de fichiers en mode sans échec que en mode normal.
*Et aussi en mode normal les virus ( trojans, cheval de troie, vers, spywares , malwares et autres ... sont actif) donc ne se supprimes pas donc ils faut le faire en mode sans échec .1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

gen-hackman · Answer

XP en Fat32???????????????????????????????????????????????????????????????????????????????????????????,

bona_2 · Answer

Rapport Mbam après analyse
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1308
Windows 5.1.2600 Service Pack 3

23/10/2008 16:54:17
mbam-log-2008-10-23 (16-54-09).txt

Type de recherche: Examen rapide
Eléments examinés: 53618
Temps écoulé: 6 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\lospn (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\lsksaq.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e52c17c7-8498-4d09-93b8-0c9227d10aeb} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
F:\WINDOWS\system32\gopfa.dll (Trojan.FakeAlert) -> No action taken.
F:\Program Files\Conduit\Community Alerts\Alert.dll (Trojan.HumourCanine) -> No action taken.
F:\WINDOWS\k.txt (Trojan.FakeAlert) -> No action taken.

rapport mbam après suppression
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1308
Windows 5.1.2600 Service Pack 3

23/10/2008 16:54:21
mbam-log-2008-10-23 (16-54-21).txt

Type de recherche: Examen rapide
Eléments examinés: 53618
Temps écoulé: 6 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\lospn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lsksaq.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e52c17c7-8498-4d09-93b8-0c9227d10aeb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
F:\WINDOWS\system32\gopfa.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\Program Files\Conduit\Community Alerts\Alert.dll (Trojan.HumourCanine) -> Quarantined and deleted successfully.
F:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

bonjour

reposte un log hijackthis a tu toujours tes alertes ?

bona_2 · Answer

apparement y a plus d'alerte, mais je n'ose pas encore utiliser IE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:37:22, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\poweroff.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Comodo\Firewall\CPF.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Babylon\Babylon-Pro\Babylon.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
F:\PROGRA~1\DESKTO~1\TLDL.EXE
F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
F:\Program Files\Net Studio\USB_FW.exe
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
F:\WINDOWS\system32\INTERNAT.EXE
F:\WINDOWS\System32\alg.exe
F:\Program Files\Opera\opera.exe
F:\Program Files\Trend Micro\HijackThis\eden et valide.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\WINDOWS\system32\GWW4c2el.exe
F:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP SchedIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "F:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Babylon Client] F:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [StatusClient] F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] F:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Desktop Lock Loader] F:\PROGRA~1\DESKTO~1\TLDL.EXE /BOOT
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [USB_FW] F:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RAR Password Cracker.lnk = F:\Program Files\RAR Password Cracker\rpc.exe
O4 - Startup: VirtuaGirl2.lnk = F:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet Director.lnk = F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS3\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS4\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS5\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - F:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Poweroff - Jorgen Bosman - F:\WINDOWS\system32\poweroff.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Utilisateur anonyme · Answer

un doute

Télécharges ToolBar S&D ( de Eric_71 ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )

bona_2 · Answer

rapport toolbar

   -----------\  ToolBar S&D 1.2.3   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.66GHz )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : user ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 081023-0] 4.8.1229 (Activated)
   Firewall  : COMODO Firewall Pro 2.3.035 (Not Activated)
   C:\ (Local Disk) - FAT32 - Total : 9 Go Free : 1 Go
   D:\ (Local Disk) - FAT32 - Total : 29 Go Free : 12 Go
   E:\ (Local Disk) - FAT32 - Total : 27 Go Free : 6 Go
   F:\ (Local Disk) - FAT32 - Total : 9 Go Free : 0 Go
   G:\ (CD or DVD)
   H:\ (CD or DVD)

   "F:\ToolBar SD" ( MAJ : 23-10-2008|0:25 )
   Option : [1] ( 24/10/2008|11:00 )

   -----------\  Recherche de Fichiers / Dossiers ...

   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\NewCfg
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\vmntoolbartb0501.cfg
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarelatedlinks.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\siteinfo.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	hes_search.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\logo.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\wikipedia.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_aries.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\gograph.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_taurus.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	ools.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\popup_off.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_virgo.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_libra.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_pisces.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\popup_on.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_gemini.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_cancer.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_leo.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\hororank.xml
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\gaming.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_uk.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\login.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\dictionary2.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	ranslate.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\web_en.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\YouTube.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_usa.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred5.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred4.bmp594359
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_australia.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred4.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_germany.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\avstate.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred3.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_canada.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\sinfo.txt612125
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred2.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred1.bmp614203
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\downfile
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_china.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\a.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	abdataV3.js
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_france.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_greece.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_india.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_italy.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred1.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_japan.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred0.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_spain.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\an.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
ews.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_korea.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\b.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\highlight.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\s.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\sn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\zoom.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\hideremove.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\l.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\kn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\c.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\cn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbareport.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\autofill.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\stars-red1.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\stars-red2.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\stars-red3.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\stars-red4.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\stars-red5.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\d.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarss.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\dn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\f.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\fn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
ew02.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\g.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\gn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\storage.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\hn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\i.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\in.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\slider.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\j.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\jn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\k.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarss1.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\ln.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
n.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\security.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\o.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\on.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\p.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\popup_ona.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\pn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\q.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\qn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\Yahoo.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\canalblog.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	n.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\u.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\un.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\01net.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\v.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\vn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\w.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\amazon.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	echnorati.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\ipsearch.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\pixsy.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\wn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\x.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\z.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\zn.bmp
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarssmenu1_7a.zip
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\arrowT.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bg_pub.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bg_ttl.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\loading.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\spacer.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\xp_close_small.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
ews.html
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarsslib.js
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\utf8.js
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\vmlib.js
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarss.xsl
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\dropdown.css
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\arrow_down.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\arrow_up.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\arrowB.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\IEtab1_7d.zip
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\search_fr.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\search.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\left.png
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbaright.png
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	op.png
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bottom.png
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	op_left.png
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	op_right.png
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bottom_left.png
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bottom_right.png
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	ab_icon.png
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\help.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\yahoo_search.gif
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	abwelcome_fr.html
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	abwelcome_en.html
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	ablib.js
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
   F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\sinfo.txt
   F:\DOCUME~1\ADMINI~2\APPLIC~1\VMNToolbar
   F:\WINDOWS\iun6002.exe

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="F:\windows\system32\blank.htm"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


   --------------------\  Recherche d'autres infections

   F:\WINDOWS\Tasks\At1.job
   F:\WINDOWS\Tasks\At2.job
   F:\WINDOWS\Tasks\At3.job
   F:\WINDOWS\Tasks\At4.job
   F:\WINDOWS\Tasks\At5.job
   F:\WINDOWS\Tasks\At6.job
   F:\WINDOWS\Tasks\At7.job
   F:\WINDOWS\Tasks\At8.job
   F:\WINDOWS\Tasks\At9.job
   F:\WINDOWS\Tasks\At10.job
   F:\WINDOWS\Tasks\At11.job
   F:\WINDOWS\Tasks\At12.job
   F:\WINDOWS\Tasks\At13.job
   F:\WINDOWS\Tasks\At14.job
   F:\WINDOWS\Tasks\At15.job
   F:\WINDOWS\Tasks\At16.job
   F:\WINDOWS\Tasks\At17.job
   F:\WINDOWS\Tasks\At18.job
   F:\WINDOWS\Tasks\At19.job
   F:\WINDOWS\Tasks\At20.job
   F:\WINDOWS\Tasks\At21.job
   F:\WINDOWS\Tasks\At22.job
   F:\WINDOWS\Tasks\At23.job
   F:\WINDOWS\Tasks\At24.job

   --------------------\  Cracks & Keygens ..

   F:\DOCUME~1\user\Favoris\aina\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download page 10.url
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6[1].02_Incl._Keygen_FRENCH-BS.RAR
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs-we60a.zip
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs.nfo
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\file_id.diz
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\keygenfr.exe



   1 - "F:\ToolBar SD\TB_1.txt" - 24/10/2008|11:02 - Option : [1]

   -----------\  Fin du rapport a 11:02:08,54

Utilisateur anonyme · Answer

bien c'est bien ce qui me semblais

relance toolbar et fait option 2 stp

feelgood · Answer

Salut, pourquoi un examen rapide avec mbam ? un examen complet n'aurait-il pas était préferable?

bona_2 · Answer

-----------\  ToolBar S&D 1.2.3   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.66GHz )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : user ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 081023-0] 4.8.1229 (Activated)
   Firewall  : COMODO Firewall Pro 2.3.035 (Not Activated)
   C:\ (Local Disk) - FAT32 - Total : 9 Go Free : 1 Go
   D:\ (Local Disk) - FAT32 - Total : 29 Go Free : 12 Go
   E:\ (Local Disk) - FAT32 - Total : 27 Go Free : 6 Go
   F:\ (Local Disk) - FAT32 - Total : 9 Go Free : 0 Go
   G:\ (CD or DVD)
   H:\ (CD or DVD)

   "F:\ToolBar SD" ( MAJ : 23-10-2008|0:25 )
   Option : [2] ( 24/10/2008|11:15 )

   -----------\ SUPPRESSION

   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\NewCfg
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\vmntoolbartb0501.cfg
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarelatedlinks.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\siteinfo.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	hes_search.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\logo.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\wikipedia.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_aries.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\gograph.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_taurus.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	ools.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\popup_off.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_virgo.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_libra.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_pisces.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\popup_on.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_gemini.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_cancer.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_leo.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\hororank.xml
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\gaming.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_uk.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\login.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\dictionary2.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	ranslate.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\web_en.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\YouTube.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_usa.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred5.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred4.bmp594359
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_australia.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred4.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_germany.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\avstate.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred3.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_canada.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\sinfo.txt612125
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred2.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred1.bmp614203
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\downfile
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_china.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\a.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	abdataV3.js
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_france.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_greece.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_india.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_italy.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred1.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_japan.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\graphred0.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_spain.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\an.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
ews.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_korea.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\b.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\highlight.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\s.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\sn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\zoom.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\hideremove.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\l.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\kn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\c.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\cn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbareport.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\autofill.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\stars-red1.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\stars-red2.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\stars-red3.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\stars-red4.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\stars-red5.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\d.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarss.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\dn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\f.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\fn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
ew02.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\g.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\gn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\h.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\storage.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\hn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\i.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\in.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\slider.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\j.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\jn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\k.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarss1.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\ln.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
n.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\security.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\o.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\on.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\p.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\popup_ona.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\pn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\q.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\qn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\Yahoo.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\canalblog.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	n.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\u.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\un.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\01net.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\v.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\vn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\w.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\amazon.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	echnorati.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\ipsearch.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\pixsy.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\wn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\x.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\z.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\zn.bmp
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarssmenu1_7a.zip
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\arrowT.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bg_pub.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bg_ttl.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\loading.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\spacer.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\xp_close_small.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
ews.html
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarsslib.js
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\utf8.js
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\vmlib.js
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbarss.xsl
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\dropdown.css
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\arrow_down.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\arrow_up.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\arrowB.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\IEtab1_7d.zip
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\search_fr.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\search.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\left.png
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbaright.png
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	op.png
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bottom.png
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	op_left.png
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	op_right.png
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bottom_left.png
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\bottom_right.png
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	ab_icon.png
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\help.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\yahoo_search.gif
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	abwelcome_fr.html
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	abwelcome_en.html
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar	ablib.js
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar\sinfo.txt
   Supprime! - F:\WINDOWS\iun6002.exe
   Supprime! - F:\DOCUME~1\ADMINI~1\APPLIC~1\VMNToolbar
   Supprime! - F:\DOCUME~1\ADMINI~2\APPLIC~1\VMNToolbar

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="F:\windows\system32\blank.htm"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections

   F:\WINDOWS\Tasks\At1.job
   F:\WINDOWS\Tasks\At2.job
   F:\WINDOWS\Tasks\At3.job
   F:\WINDOWS\Tasks\At4.job
   F:\WINDOWS\Tasks\At5.job
   F:\WINDOWS\Tasks\At6.job
   F:\WINDOWS\Tasks\At7.job
   F:\WINDOWS\Tasks\At8.job
   F:\WINDOWS\Tasks\At9.job
   F:\WINDOWS\Tasks\At10.job
   F:\WINDOWS\Tasks\At11.job
   F:\WINDOWS\Tasks\At12.job
   F:\WINDOWS\Tasks\At13.job
   F:\WINDOWS\Tasks\At14.job
   F:\WINDOWS\Tasks\At15.job
   F:\WINDOWS\Tasks\At16.job
   F:\WINDOWS\Tasks\At17.job
   F:\WINDOWS\Tasks\At18.job
   F:\WINDOWS\Tasks\At19.job
   F:\WINDOWS\Tasks\At20.job
   F:\WINDOWS\Tasks\At21.job
   F:\WINDOWS\Tasks\At22.job
   F:\WINDOWS\Tasks\At23.job
   F:\WINDOWS\Tasks\At24.job

   --------------------\  Cracks & Keygens ..

   F:\DOCUME~1\user\Favoris\aina\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download page 10.url
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6[1].02_Incl._Keygen_FRENCH-BS.RAR
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs-we60a.zip
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs.nfo
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\file_id.diz
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\keygenfr.exe



   1 - "F:\ToolBar SD\TB_1.txt" - 24/10/2008|11:02 - Option : [1]
   2 - "F:\ToolBar SD\TB_2.txt" - 24/10/2008|11:21 - Option : [2]

   -----------\  Fin du rapport a 11:21:01,70

Utilisateur anonyme · Answer

prend ce lien

https://sites.google.com/site/eric71mespages/lop.sd.exe

et fait l'option 1 ensuite poste le rapport

ensuite refait MBAM avec examen complet stp

bona_2 · Answer

--------------------\  Lop S&D 4.2.4-7   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.66GHz )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : user ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 081023-0] 4.8.1229 (Activated)
   Firewall  : COMODO Firewall Pro 2.3.035 (Not Activated)
   C:\ (Local Disk) - FAT32 - Total : 9 Go Free : 1 Go
   D:\ (Local Disk) - FAT32 - Total : 29 Go Free : 12 Go
   E:\ (Local Disk) - FAT32 - Total : 27 Go Free : 6 Go
   F:\ (Local Disk) - FAT32 - Total : 9 Go Free : 0 Go
   G:\ (CD or DVD)
   H:\ (CD or DVD)

   "F:\Lop SD" ( MAJ : 23-10-2008|23:15 )
   Option : [1] ( 24/10/2008|12:48 )
 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [19/11/2007|10:31] F:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [23/11/2007|12:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [30/09/2008|10:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [04/08/2008|14:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
   [07/12/2007|16:51] F:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [19/11/2007|16:34] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
   [04/12/2007|14:49] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
   [29/11/2007|15:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [19/11/2007|15:13] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
   [11/02/2008|12:03] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
   [22/09/2008|15:36] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [19/11/2007|10:31] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [19/11/2007|15:39] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
   [02/09/2008|13:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MPK
   [22/11/2007|16:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
   [02/09/2008|14:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MyUSBOnly
   [04/12/2007|14:50] F:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
   [23/04/2008|11:19] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Penpower
   [17/07/2008|12:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [05/12/2007|17:07] F:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
   [04/12/2007|15:40] F:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [09/09/2008|10:24] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [18/12/2007|13:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

   [23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
   [23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
   [19/11/2007|10:31] F:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
   [10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
   [19/11/2007|10:31] F:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [19/11/2007|15:55] F:\DOCUME~1\user\APPLIC~1\Adobe
   [30/11/2007|16:32] F:\DOCUME~1\user\APPLIC~1\AdobeUM
   [01/10/2008|09:48] F:\DOCUME~1\user\APPLIC~1\Avira(2)
   [04/08/2008|14:45] F:\DOCUME~1\user\APPLIC~1\Babylon
   [19/11/2007|16:34] F:\DOCUME~1\user\APPLIC~1\Comodo
   [04/12/2007|14:58] F:\DOCUME~1\user\APPLIC~1\Datalayer
   [24/01/2008|14:00] F:\DOCUME~1\user\APPLIC~1\GetRightToGo
   [29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Google
   [08/02/2008|10:00] F:\DOCUME~1\user\APPLIC~1\Help
   [19/11/2007|10:45] F:\DOCUME~1\user\APPLIC~1\Identities
   [07/12/2007|16:59] F:\DOCUME~1\user\APPLIC~1\InstallShield
   [28/05/2008|10:55] F:\DOCUME~1\user\APPLIC~1\Intelore
   [29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Macromedia
   [22/09/2008|15:36] F:\DOCUME~1\user\APPLIC~1\Malwarebytes
   [19/11/2007|10:31] F:\DOCUME~1\user\APPLIC~1\Microsoft
   [03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Mozilla
   [04/12/2007|14:57] F:\DOCUME~1\user\APPLIC~1\Nokia
   [10/01/2008|11:26] F:\DOCUME~1\user\APPLIC~1\Nokia Multimedia Player
   [03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Nvu
   [29/07/2008|09:42] F:\DOCUME~1\user\APPLIC~1\Opera
   [21/07/2008|13:25] F:\DOCUME~1\user\APPLIC~1\OtakuSoftware
   [04/12/2007|14:50] F:\DOCUME~1\user\APPLIC~1\PC Suite
   [10/07/2008|13:53] F:\DOCUME~1\user\APPLIC~1\PDFCreator
   [02/10/2008|16:11] F:\DOCUME~1\user\APPLIC~1\Publish Providers
   [18/09/2008|13:44] F:\DOCUME~1\user\APPLIC~1\Radmin Communication Client
   [18/06/2008|09:16] F:\DOCUME~1\user\APPLIC~1\Real
   [17/07/2008|12:54] F:\DOCUME~1\user\APPLIC~1\Skype
   [17/07/2008|12:59] F:\DOCUME~1\user\APPLIC~1\skypePM
   [02/10/2008|16:10] F:\DOCUME~1\user\APPLIC~1\Sony
   [10/01/2008|08:27] F:\DOCUME~1\user\APPLIC~1\Teleca
   [02/09/2008|15:16] F:\DOCUME~1\user\APPLIC~1\TopLang
   [21/11/2007|09:04] F:\DOCUME~1\user\APPLIC~1\Visicom Media
   [02/10/2008|16:59] F:\DOCUME~1\user\APPLIC~1\WinRAR
   [02/10/2008|15:04] F:\DOCUME~1\user\APPLIC~1\XemiComputers
   [05/09/2008|16:02] F:\DOCUME~1\user\APPLIC~1\ZIP RAR ACE Password Recovery

   [30/11/2007|13:00] F:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
   [18/08/2008|15:27] F:\DOCUME~1\ADMINI~1\APPLIC~1\Babylon
   [22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Comodo
   [22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [26/12/2007|08:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
   [19/11/2007|10:31] F:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [05/12/2007|08:49] F:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
   [16/09/2008|16:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Radmin Communication Client
   [09/07/2008|09:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Real
   [10/01/2008|13:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Teleca
   [03/09/2008|16:46] F:\DOCUME~1\ADMINI~1\APPLIC~1\TopLang

   [23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Comodo
   [23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Identities
   [19/11/2007|10:31] F:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft

   [29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Comodo
   [29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\Identities
   [19/11/2007|10:31] F:\DOCUME~1\TOKY\APPLIC~1\Microsoft
   [29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\PC Suite
   [29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Teleca
 
   --------------------\  Tâches planifiées dans F:\WINDOWS	asks

   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At24.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At22.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At23.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At21.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At19.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At20.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At18.job
   [23/10/2008 16:08][--a------] F:\WINDOWS	asks\At17.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At16.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At15.job
   [24/10/2008 12:00][--a------] F:\WINDOWS	asks\At13.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At14.job
   [24/10/2008 11:07][--a------] F:\WINDOWS	asks\At12.job
   [24/10/2008 09:04][--a------] F:\WINDOWS	asks\At10.job
   [24/10/2008 10:09][--a------] F:\WINDOWS	asks\At11.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At9.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At7.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At8.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At6.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At4.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At5.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At3.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At2.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At1.job
   [24/10/2008 10:45][--ah-----] F:\WINDOWS	asks\SA.DAT
   [17/11/2004 13:27][-r-h-----] F:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans F:\Program Files

   [05/08/2008|14:02] F:\Program Files\01-mp3search
   [23/10/2008|12:43] F:\Program Files\A.C. Element MyUSBOnly
   [30/05/2008|15:02] F:\Program Files\Accent OFFICE Password Recovery
   [05/09/2008|15:35] F:\Program Files\Active Data Recovery Software
   [19/11/2007|15:53] F:\Program Files\Adobe
   [27/12/2007|14:24] F:\Program Files\Ahead
   [29/01/2008|09:13] F:\Program Files\Alcohol Soft
   [01/10/2008|15:02] F:\Program Files\Alwil Software
   [28/05/2008|09:19] F:\Program Files\Ashampoo
   [07/12/2007|16:53] F:\Program Files\Avanquest update
   [26/02/2008|11:46] F:\Program Files\AVOne
   [04/08/2008|15:00] F:\Program Files\Babylon
   [29/09/2008|15:12] F:\Program Files\CCleaner
   [03/01/2008|14:12] F:\Program Files\CHANGJIE
   [19/11/2007|16:32] F:\Program Files\Comodo
   [19/11/2007|10:39] F:\Program Files\ComPlus Applications
   [04/08/2008|15:00] F:\Program Files\Conduit
   [02/09/2008|15:53] F:\Program Files\Desktop Lock
   [04/12/2007|14:51] F:\Program Files\DIFX
   [04/12/2007|15:39] F:\Program Files\Easy CD-DA Extractor 11
   [28/11/2007|11:36] F:\Program Files\Easy GIF Animator
   [28/11/2007|11:36] F:\Program Files\Easy Gif Animator Extension
   [08/08/2008|13:57] F:\Program Files\EasyPHP1-8
   [06/10/2008|10:47] F:\Program Files\ElcomSoft
   [29/01/2008|11:41] F:\Program Files\eMule
   [19/11/2007|10:25] F:\Program Files\Fichiers communs
   [29/11/2007|15:53] F:\Program Files\Google
   [11/01/2008|11:06] F:\Program Files\Grisoft
   [22/11/2007|16:21] F:\Program Files\Hewlett-Packard
   [25/02/2008|13:27] F:\Program Files\HP
   [08/08/2008|12:58] F:\Program Files\IDAutomation.com Code 39 Free Font
   [07/12/2007|16:51] F:\Program Files\InstallShield Installation Information
   [08/09/2008|09:26] F:\Program Files\Intelore
   [19/11/2007|10:40] F:\Program Files\Internet Explorer
   [03/01/2008|14:12] F:\Program Files\KOIME
   [23/11/2007|13:25] F:\Program Files\Lauyan
   [03/01/2008|14:09] F:\Program Files\LHSP
   [22/09/2008|15:36] F:\Program Files\Malwarebytes' Anti-Malware
   [19/11/2007|10:38] F:\Program Files\Messenger
   [19/11/2007|10:43] F:\Program Files\microsoft frontpage
   [19/11/2007|15:40] F:\Program Files\Microsoft Office
   [08/08/2008|09:47] F:\Program Files\Microsoft Silverlight
   [19/11/2007|15:45] F:\Program Files\Microsoft Visual Studio
   [19/11/2007|15:45] F:\Program Files\Microsoft Works
   [07/12/2007|16:51] F:\Program Files\Motorola Phone Tools
   [19/11/2007|10:40] F:\Program Files\Movie Maker
   [19/11/2007|15:45] F:\Program Files\MSBuild
   [19/11/2007|10:38] F:\Program Files\MSN
   [19/11/2007|10:38] F:\Program Files\MSN Gaming Zone
   [20/11/2007|08:40] F:\Program Files\MSN Messenger
   [04/08/2008|15:00] F:\Program Files\myBabylon
   [24/01/2008|14:51] F:\Program Files\NASA
   [23/10/2008|16:29] F:\Program Files\Navilog1
   [22/05/2008|11:10] F:\Program Files\Net Studio
   [19/11/2007|10:40] F:\Program Files\NetMeeting
   [07/10/2008|09:34] F:\Program Files\NN Software Collection 12
   [04/12/2007|14:49] F:\Program Files\Nokia
   [03/01/2008|09:30] F:\Program Files\Nvu
   [19/11/2007|10:39] F:\Program Files\Online Services
   [17/12/2007|10:24] F:\Program Files\Ontrack
   [29/07/2008|09:42] F:\Program Files\Opera
   [30/05/2008|15:12] F:\Program Files\OPRW
   [19/11/2007|10:40] F:\Program Files\Outlook Express
   [25/09/2008|13:31] F:\Program Files\Panda Security
   [28/05/2008|09:02] F:\Program Files\PasswordTools
   [16/09/2008|16:42] F:\Program Files\PCNetSoftware
   [20/08/2008|14:30] F:\Program Files\PDF2Word v1.6
   [10/07/2008|13:53] F:\Program Files\PDFCreator
   [27/12/2007|14:38] F:\Program Files\Radio Fr Solo
   [16/09/2008|16:58] F:\Program Files\Radmin Communication Client 3.0
   [05/09/2008|15:43] F:\Program Files\RAR Password Cracker
   [18/09/2008|09:54] F:\Program Files\Runtime Software
   [21/01/2008|10:35] F:\Program Files\Sarkophage
   [27/03/2008|14:21] F:\Program Files\SCC
   [03/01/2008|14:12] F:\Program Files\SCIME
   [19/11/2007|10:41] F:\Program Files\Services en ligne
   [17/07/2008|12:53] F:\Program Files\Skype
   [13/10/2008|13:55] F:\Program Files\Smart Projects
   [29/05/2008|16:54] F:\Program Files\SuperCopier2
   [22/10/2008|10:04] F:\Program Files\SuperLogix
   [03/01/2008|14:12] F:\Program Files\TCIME
   [08/02/2008|14:47] F:\Program Files\Temp
   [24/07/2008|10:49] F:\Program Files\Trend Micro
   [16/09/2008|15:02] F:\Program Files\UltraVNC
   [19/11/2007|10:45] F:\Program Files\Uninstall Information
   [09/10/2008|14:13] F:\Program Files\Vg
   [04/12/2007|15:47] F:\Program Files\VIA Technologies, Inc
   [09/09/2008|15:31] F:\Program Files\VirginMega
   [21/10/2008|09:26] F:\Program Files\Virtual Piano
   [21/11/2007|09:03] F:\Program Files\Visicom Media
   [06/03/2008|15:01] F:\Program Files\WinAVI Video Converter
   [09/09/2008|15:11] F:\Program Files\Windows Media Connect 2
   [19/11/2007|10:39] F:\Program Files\Windows Media Player
   [19/11/2007|10:38] F:\Program Files\Windows NT
   [19/11/2007|10:41] F:\Program Files\WindowsUpdate
   [07/12/2007|13:40] F:\Program Files\WinRAR
   [07/12/2007|13:41] F:\Program Files\WinZip
   [30/05/2008|13:35] F:\Program Files\XaviWare Password Recovery .MDB
   [19/11/2007|10:43] F:\Program Files\xerox
   [18/12/2007|13:03] F:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans F:\Program Files\Fichiers communs

   [19/11/2007|15:53] F:\Program Files\Fichiers communs\Adobe
   [27/12/2007|14:24] F:\Program Files\Fichiers communs\Ahead
   [19/11/2007|15:45] F:\Program Files\Fichiers communs\DESIGNER
   [07/12/2007|16:50] F:\Program Files\Fichiers communs\InstallShield
   [03/01/2008|14:09] F:\Program Files\Fichiers communs\L&H Shared
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\Microsoft Shared
   [18/12/2007|10:40] F:\Program Files\Fichiers communs\Motorola Shared
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\MSSoap
   [27/12/2007|14:26] F:\Program Files\Fichiers communs\Nero
   [04/12/2007|14:50] F:\Program Files\Fichiers communs\Nokia
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\ODBC
   [04/12/2007|14:50] F:\Program Files\Fichiers communs\PCSuite
   [18/06/2008|09:17] F:\Program Files\Fichiers communs\Real
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\Services
   [17/07/2008|12:53] F:\Program Files\Fichiers communs\Skype
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\SpeechEngines
   [04/02/2008|14:20] F:\Program Files\Fichiers communs\SWF Studio
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\System
   [10/01/2008|08:25] F:\Program Files\Fichiers communs\Teleca Shared
   [09/10/2008|14:13] F:\Program Files\Fichiers communs\Totem Shared
   [19/11/2007|15:20] F:\Program Files\Fichiers communs\Wise Installation Wizard
   [18/06/2008|09:20] F:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 51 Processes )

   iexplore.exe ~ [PID:1332]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-10-24 12:51:26
   Windows 5.1.2600 Service Pack 3 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
 
   --------------------\  Recherche d'autres infections

   F:\WINDOWS\Tasks\At1.job
   F:\WINDOWS\Tasks\At2.job
   F:\WINDOWS\Tasks\At3.job
   F:\WINDOWS\Tasks\At4.job
   F:\WINDOWS\Tasks\At5.job
   F:\WINDOWS\Tasks\At6.job
   F:\WINDOWS\Tasks\At7.job
   F:\WINDOWS\Tasks\At8.job
   F:\WINDOWS\Tasks\At9.job
   F:\WINDOWS\Tasks\At10.job
   F:\WINDOWS\Tasks\At11.job
   F:\WINDOWS\Tasks\At12.job
   F:\WINDOWS\Tasks\At13.job
   F:\WINDOWS\Tasks\At14.job
   F:\WINDOWS\Tasks\At15.job
   F:\WINDOWS\Tasks\At16.job
   F:\WINDOWS\Tasks\At17.job
   F:\WINDOWS\Tasks\At18.job
   F:\WINDOWS\Tasks\At19.job
   F:\WINDOWS\Tasks\At20.job
   F:\WINDOWS\Tasks\At21.job
   F:\WINDOWS\Tasks\At22.job
   F:\WINDOWS\Tasks\At23.job
   F:\WINDOWS\Tasks\At24.job

   --------------------\  Cracks & Keygens ..

   F:\DOCUME~1\user\Favoris\aina\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download page 10.url
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6[1].02_Incl._Keygen_FRENCH-BS.RAR
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs-we60a.zip
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs.nfo
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\file_id.diz
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\keygenfr.exe


   [F:14][D:6]-> F:\DOCUME~1\user\LOCALS~1\Temp
   [F:9][D:0]-> F:\DOCUME~1\user\Cookies
   [F:116][D:4]-> F:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5
   [F:2][D:0]-> F:\Recycled

   1 - "F:\Lop SD\LopR_1.txt" - 24/10/2008|12:52 - Option : [1]

   --------------------\  Fin du rapport a 12:52:30

Utilisateur anonyme · Answer

ok

relance Lop SD et fait option 2

bona_2 · Answer

les rapports de Mbam, mais un ptit problème apparait durant ces etapes, une fenetre debogage juste-à-temps sur nlle instance de microsoft script editor???

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1308
Windows 5.1.2600 Service Pack 3

24/10/2008 13:20:12
mbam-log-2008-10-24 (13-20-03).txt

Type de recherche: Examen complet (F:\|)
Eléments examinés: 111797
Temps écoulé: 20 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP39\A0018122.exe (Trojan.FakeAlert) -> No action taken.
F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP40\A0018360.exe (Trojan.FakeAlert) -> No action taken.
F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP41\A0018398.exe (Trojan.FakeAlert) -> No action taken.

après suppression
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1308
Windows 5.1.2600 Service Pack 3

24/10/2008 13:20:16
mbam-log-2008-10-24 (13-20-16).txt

Type de recherche: Examen complet (F:\|)
Eléments examinés: 111797
Temps écoulé: 20 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP39\A0018122.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP40\A0018360.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP41\A0018398.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

bona_2 · Answer

rapport de mbam

Utilisateur anonyme · Answer

ok et le rapport de lopsd stp

bona_2 · Answer

--------------------\  Lop S&D 4.2.4-7   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.66GHz )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : user ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 081024-0] 4.8.1229 (Activated)
   Firewall  : COMODO Firewall Pro 2.3.035 (Not Activated)
   C:\ (Local Disk) - FAT32 - Total : 9 Go Free : 1 Go
   D:\ (Local Disk) - FAT32 - Total : 29 Go Free : 12 Go
   E:\ (Local Disk) - FAT32 - Total : 27 Go Free : 6 Go
   F:\ (Local Disk) - FAT32 - Total : 9 Go Free : 1 Go
   G:\ (CD or DVD)
   H:\ (CD or DVD)

   "F:\Lop SD" ( MAJ : 23-10-2008|23:15 )
   Option : [2] ( 24/10/2008|15:08 )

 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [19/11/2007|10:31] F:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [23/11/2007|12:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [30/09/2008|10:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [04/08/2008|14:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
   [07/12/2007|16:51] F:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [19/11/2007|16:34] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
   [04/12/2007|14:49] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
   [29/11/2007|15:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [19/11/2007|15:13] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
   [11/02/2008|12:03] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
   [22/09/2008|15:36] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [19/11/2007|10:31] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [19/11/2007|15:39] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
   [02/09/2008|13:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MPK
   [22/11/2007|16:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
   [02/09/2008|14:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MyUSBOnly
   [04/12/2007|14:50] F:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
   [23/04/2008|11:19] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Penpower
   [17/07/2008|12:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [05/12/2007|17:07] F:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
   [04/12/2007|15:40] F:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [09/09/2008|10:24] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [18/12/2007|13:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

   [23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
   [23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
   [19/11/2007|10:31] F:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
   [10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
   [19/11/2007|10:31] F:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [19/11/2007|15:55] F:\DOCUME~1\user\APPLIC~1\Adobe
   [30/11/2007|16:32] F:\DOCUME~1\user\APPLIC~1\AdobeUM
   [01/10/2008|09:48] F:\DOCUME~1\user\APPLIC~1\Avira(2)
   [04/08/2008|14:45] F:\DOCUME~1\user\APPLIC~1\Babylon
   [19/11/2007|16:34] F:\DOCUME~1\user\APPLIC~1\Comodo
   [04/12/2007|14:58] F:\DOCUME~1\user\APPLIC~1\Datalayer
   [24/01/2008|14:00] F:\DOCUME~1\user\APPLIC~1\GetRightToGo
   [29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Google
   [08/02/2008|10:00] F:\DOCUME~1\user\APPLIC~1\Help
   [19/11/2007|10:45] F:\DOCUME~1\user\APPLIC~1\Identities
   [07/12/2007|16:59] F:\DOCUME~1\user\APPLIC~1\InstallShield
   [28/05/2008|10:55] F:\DOCUME~1\user\APPLIC~1\Intelore
   [29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Macromedia
   [22/09/2008|15:36] F:\DOCUME~1\user\APPLIC~1\Malwarebytes
   [19/11/2007|10:31] F:\DOCUME~1\user\APPLIC~1\Microsoft
   [03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Mozilla
   [04/12/2007|14:57] F:\DOCUME~1\user\APPLIC~1\Nokia
   [10/01/2008|11:26] F:\DOCUME~1\user\APPLIC~1\Nokia Multimedia Player
   [03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Nvu
   [29/07/2008|09:42] F:\DOCUME~1\user\APPLIC~1\Opera
   [21/07/2008|13:25] F:\DOCUME~1\user\APPLIC~1\OtakuSoftware
   [04/12/2007|14:50] F:\DOCUME~1\user\APPLIC~1\PC Suite
   [10/07/2008|13:53] F:\DOCUME~1\user\APPLIC~1\PDFCreator
   [02/10/2008|16:11] F:\DOCUME~1\user\APPLIC~1\Publish Providers
   [18/09/2008|13:44] F:\DOCUME~1\user\APPLIC~1\Radmin Communication Client
   [18/06/2008|09:16] F:\DOCUME~1\user\APPLIC~1\Real
   [17/07/2008|12:54] F:\DOCUME~1\user\APPLIC~1\Skype
   [17/07/2008|12:59] F:\DOCUME~1\user\APPLIC~1\skypePM
   [02/10/2008|16:10] F:\DOCUME~1\user\APPLIC~1\Sony
   [10/01/2008|08:27] F:\DOCUME~1\user\APPLIC~1\Teleca
   [02/09/2008|15:16] F:\DOCUME~1\user\APPLIC~1\TopLang
   [21/11/2007|09:04] F:\DOCUME~1\user\APPLIC~1\Visicom Media
   [02/10/2008|16:59] F:\DOCUME~1\user\APPLIC~1\WinRAR
   [02/10/2008|15:04] F:\DOCUME~1\user\APPLIC~1\XemiComputers
   [05/09/2008|16:02] F:\DOCUME~1\user\APPLIC~1\ZIP RAR ACE Password Recovery

   [30/11/2007|13:00] F:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
   [18/08/2008|15:27] F:\DOCUME~1\ADMINI~1\APPLIC~1\Babylon
   [22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Comodo
   [22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [26/12/2007|08:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
   [19/11/2007|10:31] F:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [05/12/2007|08:49] F:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
   [16/09/2008|16:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Radmin Communication Client
   [09/07/2008|09:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Real
   [10/01/2008|13:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Teleca
   [03/09/2008|16:46] F:\DOCUME~1\ADMINI~1\APPLIC~1\TopLang

   [23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Comodo
   [23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Identities
   [19/11/2007|10:31] F:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft

   [29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Comodo
   [29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\Identities
   [19/11/2007|10:31] F:\DOCUME~1\TOKY\APPLIC~1\Microsoft
   [29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\PC Suite
   [29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Teleca
 
   --------------------\  Tâches planifiées dans F:\WINDOWS	asks

   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At24.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At22.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At23.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At21.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At19.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At20.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At18.job
   [23/10/2008 16:08][--a------] F:\WINDOWS	asks\At17.job
   [24/10/2008 15:05][--a------] F:\WINDOWS	asks\At16.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At15.job
   [24/10/2008 12:00][--a------] F:\WINDOWS	asks\At13.job
   [24/10/2008 13:00][--a------] F:\WINDOWS	asks\At14.job
   [24/10/2008 11:07][--a------] F:\WINDOWS	asks\At12.job
   [24/10/2008 09:04][--a------] F:\WINDOWS	asks\At10.job
   [24/10/2008 10:09][--a------] F:\WINDOWS	asks\At11.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At9.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At7.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At8.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At6.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At4.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At5.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At3.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At2.job
   [23/10/2008 15:04][--a------] F:\WINDOWS	asks\At1.job
   [24/10/2008 14:02][--ah-----] F:\WINDOWS	asks\SA.DAT
   [17/11/2004 13:27][-r-h-----] F:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans F:\Program Files

   [05/08/2008|14:02] F:\Program Files\01-mp3search
   [23/10/2008|12:43] F:\Program Files\A.C. Element MyUSBOnly
   [30/05/2008|15:02] F:\Program Files\Accent OFFICE Password Recovery
   [05/09/2008|15:35] F:\Program Files\Active Data Recovery Software
   [19/11/2007|15:53] F:\Program Files\Adobe
   [27/12/2007|14:24] F:\Program Files\Ahead
   [29/01/2008|09:13] F:\Program Files\Alcohol Soft
   [01/10/2008|15:02] F:\Program Files\Alwil Software
   [28/05/2008|09:19] F:\Program Files\Ashampoo
   [07/12/2007|16:53] F:\Program Files\Avanquest update
   [26/02/2008|11:46] F:\Program Files\AVOne
   [04/08/2008|15:00] F:\Program Files\Babylon
   [29/09/2008|15:12] F:\Program Files\CCleaner
   [03/01/2008|14:12] F:\Program Files\CHANGJIE
   [19/11/2007|16:32] F:\Program Files\Comodo
   [19/11/2007|10:39] F:\Program Files\ComPlus Applications
   [04/08/2008|15:00] F:\Program Files\Conduit
   [02/09/2008|15:53] F:\Program Files\Desktop Lock
   [04/12/2007|14:51] F:\Program Files\DIFX
   [04/12/2007|15:39] F:\Program Files\Easy CD-DA Extractor 11
   [28/11/2007|11:36] F:\Program Files\Easy GIF Animator
   [28/11/2007|11:36] F:\Program Files\Easy Gif Animator Extension
   [08/08/2008|13:57] F:\Program Files\EasyPHP1-8
   [06/10/2008|10:47] F:\Program Files\ElcomSoft
   [29/01/2008|11:41] F:\Program Files\eMule
   [19/11/2007|10:25] F:\Program Files\Fichiers communs
   [29/11/2007|15:53] F:\Program Files\Google
   [11/01/2008|11:06] F:\Program Files\Grisoft
   [22/11/2007|16:21] F:\Program Files\Hewlett-Packard
   [25/02/2008|13:27] F:\Program Files\HP
   [08/08/2008|12:58] F:\Program Files\IDAutomation.com Code 39 Free Font
   [07/12/2007|16:51] F:\Program Files\InstallShield Installation Information
   [08/09/2008|09:26] F:\Program Files\Intelore
   [19/11/2007|10:40] F:\Program Files\Internet Explorer
   [03/01/2008|14:12] F:\Program Files\KOIME
   [23/11/2007|13:25] F:\Program Files\Lauyan
   [03/01/2008|14:09] F:\Program Files\LHSP
   [22/09/2008|15:36] F:\Program Files\Malwarebytes' Anti-Malware
   [24/10/2008|14:56] F:\Program Files\Medocs 4.5
   [19/11/2007|10:38] F:\Program Files\Messenger
   [19/11/2007|10:43] F:\Program Files\microsoft frontpage
   [19/11/2007|15:40] F:\Program Files\Microsoft Office
   [08/08/2008|09:47] F:\Program Files\Microsoft Silverlight
   [19/11/2007|15:45] F:\Program Files\Microsoft Visual Studio
   [19/11/2007|15:45] F:\Program Files\Microsoft Works
   [07/12/2007|16:51] F:\Program Files\Motorola Phone Tools
   [19/11/2007|10:40] F:\Program Files\Movie Maker
   [19/11/2007|15:45] F:\Program Files\MSBuild
   [19/11/2007|10:38] F:\Program Files\MSN
   [19/11/2007|10:38] F:\Program Files\MSN Gaming Zone
   [20/11/2007|08:40] F:\Program Files\MSN Messenger
   [04/08/2008|15:00] F:\Program Files\myBabylon
   [24/01/2008|14:51] F:\Program Files\NASA
   [23/10/2008|16:29] F:\Program Files\Navilog1
   [22/05/2008|11:10] F:\Program Files\Net Studio
   [19/11/2007|10:40] F:\Program Files\NetMeeting
   [07/10/2008|09:34] F:\Program Files\NN Software Collection 12
   [04/12/2007|14:49] F:\Program Files\Nokia
   [03/01/2008|09:30] F:\Program Files\Nvu
   [19/11/2007|10:39] F:\Program Files\Online Services
   [17/12/2007|10:24] F:\Program Files\Ontrack
   [29/07/2008|09:42] F:\Program Files\Opera
   [30/05/2008|15:12] F:\Program Files\OPRW
   [19/11/2007|10:40] F:\Program Files\Outlook Express
   [25/09/2008|13:31] F:\Program Files\Panda Security
   [28/05/2008|09:02] F:\Program Files\PasswordTools
   [16/09/2008|16:42] F:\Program Files\PCNetSoftware
   [20/08/2008|14:30] F:\Program Files\PDF2Word v1.6
   [10/07/2008|13:53] F:\Program Files\PDFCreator
   [27/12/2007|14:38] F:\Program Files\Radio Fr Solo
   [16/09/2008|16:58] F:\Program Files\Radmin Communication Client 3.0
   [05/09/2008|15:43] F:\Program Files\RAR Password Cracker
   [18/09/2008|09:54] F:\Program Files\Runtime Software
   [21/01/2008|10:35] F:\Program Files\Sarkophage
   [27/03/2008|14:21] F:\Program Files\SCC
   [03/01/2008|14:12] F:\Program Files\SCIME
   [19/11/2007|10:41] F:\Program Files\Services en ligne
   [17/07/2008|12:53] F:\Program Files\Skype
   [13/10/2008|13:55] F:\Program Files\Smart Projects
   [29/05/2008|16:54] F:\Program Files\SuperCopier2
   [22/10/2008|10:04] F:\Program Files\SuperLogix
   [03/01/2008|14:12] F:\Program Files\TCIME
   [08/02/2008|14:47] F:\Program Files\Temp
   [24/07/2008|10:49] F:\Program Files\Trend Micro
   [16/09/2008|15:02] F:\Program Files\UltraVNC
   [19/11/2007|10:45] F:\Program Files\Uninstall Information
   [09/10/2008|14:13] F:\Program Files\Vg
   [04/12/2007|15:47] F:\Program Files\VIA Technologies, Inc
   [09/09/2008|15:31] F:\Program Files\VirginMega
   [21/10/2008|09:26] F:\Program Files\Virtual Piano
   [21/11/2007|09:03] F:\Program Files\Visicom Media
   [06/03/2008|15:01] F:\Program Files\WinAVI Video Converter
   [09/09/2008|15:11] F:\Program Files\Windows Media Connect 2
   [19/11/2007|10:39] F:\Program Files\Windows Media Player
   [19/11/2007|10:38] F:\Program Files\Windows NT
   [19/11/2007|10:41] F:\Program Files\WindowsUpdate
   [07/12/2007|13:40] F:\Program Files\WinRAR
   [07/12/2007|13:41] F:\Program Files\WinZip
   [30/05/2008|13:35] F:\Program Files\XaviWare Password Recovery .MDB
   [19/11/2007|10:43] F:\Program Files\xerox
   [18/12/2007|13:03] F:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans F:\Program Files\Fichiers communs

   [19/11/2007|15:53] F:\Program Files\Fichiers communs\Adobe
   [27/12/2007|14:24] F:\Program Files\Fichiers communs\Ahead
   [19/11/2007|15:45] F:\Program Files\Fichiers communs\DESIGNER
   [07/12/2007|16:50] F:\Program Files\Fichiers communs\InstallShield
   [03/01/2008|14:09] F:\Program Files\Fichiers communs\L&H Shared
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\Microsoft Shared
   [18/12/2007|10:40] F:\Program Files\Fichiers communs\Motorola Shared
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\MSSoap
   [27/12/2007|14:26] F:\Program Files\Fichiers communs\Nero
   [04/12/2007|14:50] F:\Program Files\Fichiers communs\Nokia
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\ODBC
   [04/12/2007|14:50] F:\Program Files\Fichiers communs\PCSuite
   [18/06/2008|09:17] F:\Program Files\Fichiers communs\Real
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\Services
   [17/07/2008|12:53] F:\Program Files\Fichiers communs\Skype
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\SpeechEngines
   [04/02/2008|14:20] F:\Program Files\Fichiers communs\SWF Studio
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\System
   [10/01/2008|08:25] F:\Program Files\Fichiers communs\Teleca Shared
   [09/10/2008|14:13] F:\Program Files\Fichiers communs\Totem Shared
   [19/11/2007|15:20] F:\Program Files\Fichiers communs\Wise Installation Wizard
   [18/06/2008|09:20] F:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 48 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-10-24 15:12:56
   Windows 5.1.2600 Service Pack 3 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
 
   --------------------\  Recherche d'autres infections

   F:\WINDOWS\Tasks\At1.job
   F:\WINDOWS\Tasks\At2.job
   F:\WINDOWS\Tasks\At3.job
   F:\WINDOWS\Tasks\At4.job
   F:\WINDOWS\Tasks\At5.job
   F:\WINDOWS\Tasks\At6.job
   F:\WINDOWS\Tasks\At7.job
   F:\WINDOWS\Tasks\At8.job
   F:\WINDOWS\Tasks\At9.job
   F:\WINDOWS\Tasks\At10.job
   F:\WINDOWS\Tasks\At11.job
   F:\WINDOWS\Tasks\At12.job
   F:\WINDOWS\Tasks\At13.job
   F:\WINDOWS\Tasks\At14.job
   F:\WINDOWS\Tasks\At15.job
   F:\WINDOWS\Tasks\At16.job
   F:\WINDOWS\Tasks\At17.job
   F:\WINDOWS\Tasks\At18.job
   F:\WINDOWS\Tasks\At19.job
   F:\WINDOWS\Tasks\At20.job
   F:\WINDOWS\Tasks\At21.job
   F:\WINDOWS\Tasks\At22.job
   F:\WINDOWS\Tasks\At23.job
   F:\WINDOWS\Tasks\At24.job

   --------------------\  Cracks & Keygens ..

   F:\DOCUME~1\user\Favoris\aina\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download page 10.url
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6[1].02_Incl._Keygen_FRENCH-BS.RAR
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs-we60a.zip
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs.nfo
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\file_id.diz
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\keygenfr.exe


   [F:18][D:9]-> F:\DOCUME~1\user\LOCALS~1\Temp
   [F:16][D:0]-> F:\DOCUME~1\user\Cookies
   [F:222][D:4]-> F:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5
   [F:2][D:0]-> F:\Recycled

   1 - "F:\Lop SD\LopR_1.txt" - 24/10/2008|12:52 - Option : [1]
   2 - "F:\Lop SD\LopR_2.txt" - 24/10/2008|15:18 - Option : [2]

   --------------------\  Fin du rapport a 15:18:13

Utilisateur anonyme · Answer

ok cela résiste 

A LIRE JUSQU'EN BAS


Télécharges ComboFix à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

bona_2 · Answer

Le rapport de combofix, mais il parrait qu'il y un problème sur catch-me, si l'analyse passe par là il affiche une erreur de catch-me.

ComboFix 08-10-23.08 - user 2008-10-24 15:55:28.8 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.28 [GMT 3:00]
Lancé depuis: F:\Documents and Settings\user\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
Error: Cfiles.dat

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-24 au 2008-10-24 ))))))))))))))))))))))))))))))))))))
.

2008-10-24 14:56 . 2008-10-24 14:56 <REP> d-------- F:\Program Files\Medocs 4.5
2008-10-24 14:51 . 2008-10-24 14:51 <REP> d-------- F:\ocs-ng
2008-10-24 14:01 . 2008-10-24 14:01 <REP> d--hs---- F:\FOUND.006
2008-10-24 12:48 . 2008-10-24 12:48 <REP> d-------- F:\Lop SD
2008-10-24 10:59 . 2008-10-24 10:59 <REP> d-------- F:\ToolBar SD
2008-10-24 09:58 . 2008-10-24 09:58 268 --ah----- F:\sqmdata02.sqm
2008-10-24 09:58 . 2008-10-24 09:58 244 --ah----- F:\sqmnoopt02.sqm
2008-10-23 16:29 . 2008-10-23 16:29 <REP> d-------- F:\Program Files\Navilog1
2008-10-23 15:53 . 2008-10-23 15:53 230 --a------ F:\WINDOWS\system32\spupdsvc.inf
2008-10-23 15:38 . 2008-10-24 14:29 4 --a------ F:\WINDOWS\data4711.bak
2008-10-23 12:43 . 2008-10-23 12:43 <REP> d-------- F:\Program Files\A.C. Element MyUSBOnly
2008-10-23 12:42 . 2008-10-23 15:04 54,272 --a------ F:\WINDOWS\system32\GWW4c2el.exe
2008-10-22 16:14 . 2008-10-22 16:14 268 --ah----- F:\sqmdata01.sqm
2008-10-22 16:14 . 2008-10-22 16:14 244 --ah----- F:\sqmnoopt01.sqm
2008-10-22 13:30 . 2008-10-22 13:30 <REP> d-------- F:\TYVB24h
2008-10-22 13:29 . 2008-10-22 13:29 <REP> d--h----- F:\WINDOWS\PIF
2008-10-22 10:05 . 2008-10-22 10:29 80 --a------ F:\WINDOWS\SuperUtil.ini
2008-10-22 10:04 . 2008-10-22 10:04 <REP> d-------- F:\Program Files\SuperLogix
2008-10-22 10:04 . 2008-08-07 23:13 1,473,536 --a------ F:\WINDOWS\system32\context.dll
2008-10-22 10:04 . 2008-09-10 22:08 1,400,320 --a------ F:\WINDOWS\system32\vbsbak.dat
2008-10-22 10:04 . 2008-10-22 10:05 269,824 --a------ F:\WINDOWS\system32\supermenuhook.dll
2008-10-22 10:04 . 2008-10-22 10:05 269,824 --a------ F:\WINDOWS\system32\baksm.dat
2008-10-22 10:04 . 2003-10-11 10:24 89,088 --a------ F:\WINDOWS\system32\Shreder.dll
2008-10-22 10:04 . 2003-09-06 22:32 73,728 --a------ F:\WINDOWS\system32\smh.dat
2008-10-22 10:04 . 2007-03-11 21:39 44,000 --a------ F:\WINDOWS\system32\drivers\AFPUni.sys
2008-10-22 10:04 . 2007-03-11 21:39 43,936 --a------ F:\WINDOWS\system32\drivers\AFPAnsi.sys
2008-10-22 10:04 . 2008-02-24 16:17 11,264 --a------ F:\WINDOWS\system32\drivers\supermounter.sys
2008-10-22 10:04 . 2003-10-16 22:56 6,144 --a------ F:\WINDOWS\system32\SuperRes.dll
2008-10-21 09:26 . 2008-10-21 09:26 <REP> d-------- F:\Program Files\Virtual Piano
2008-10-17 16:25 . 2008-10-17 16:25 <REP> d--hs---- F:\FOUND.005
2008-10-13 13:55 . 2008-10-13 13:55 <REP> d-------- F:\Program Files\Smart Projects
2008-10-09 14:14 . 2008-10-24 14:29 4 --a------ F:\WINDOWS\num41.jbd
2008-10-09 14:14 . 2008-10-24 14:29 4 --a------ F:\WINDOWS\info147.sys
2008-10-09 14:13 . 2008-10-09 14:13 <REP> d-------- F:\Program Files\Vg
2008-10-09 14:13 . 2008-10-09 14:13 <REP> d-------- F:\Program Files\Fichiers communs\Totem Shared
2008-10-07 09:34 . 2008-10-07 09:34 <REP> d-------- F:\Program Files\NN Software Collection 12
2008-10-06 10:47 . 2008-10-06 10:47 <REP> d-------- F:\Program Files\ElcomSoft
2008-10-06 10:47 . 2008-10-07 16:58 870 --a------ F:\WINDOWS\ARPR.INI
2008-10-02 16:11 . 2008-10-02 16:11 <REP> d-------- F:\Documents and Settings\user\Application Data\Publish Providers
2008-10-02 16:10 . 2008-10-02 16:10 <REP> d-------- F:\Documents and Settings\user\Application Data\Sony
2008-10-02 15:04 . 2008-10-02 15:04 <REP> d-------- F:\Documents and Settings\user\Application Data\XemiComputers
2008-10-01 15:02 . 2008-10-01 15:02 <REP> d-------- F:\Program Files\Alwil Software
2008-10-01 13:03 . 2008-10-01 13:03 <REP> d--hs---- F:\FOUND.004
2008-10-01 10:28 . 2008-10-01 10:28 45,056 --a------ F:\WINDOWS\NCUNINST.EXE
2008-10-01 10:26 . 2008-04-13 11:39 206,976 --a------ F:\WINDOWS\system32\drivers\Dot4.sys
2008-10-01 10:26 . 2001-08-23 17:11 24,064 --a------ F:\WINDOWS\system32\drivers\Dot4usb.sys
2008-10-01 10:26 . 2001-08-17 21:47 12,928 --a------ F:\WINDOWS\system32\drivers\Dot4Prt.sys
2008-10-01 10:23 . 2008-10-01 10:27 310,922 --a------ F:\WINDOWS\hplj1010.his
2008-10-01 10:23 . 2008-10-01 10:27 19,549 --a------ F:\WINDOWS\hplj1010.ini
2008-10-01 09:59 . 2008-10-01 09:59 268 --ah----- F:\sqmdata00.sqm
2008-10-01 09:59 . 2008-10-01 09:59 244 --ah----- F:\sqmnoopt00.sqm
2008-10-01 09:48 . 2008-10-01 09:48 <REP> d-------- F:\Documents and Settings\user\Application Data\Avira(2)
2008-09-30 10:11 . 2008-09-30 10:11 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Avira
2008-09-30 09:12 . 2008-09-30 09:12 <REP> d--hs---- F:\FOUND.003
2008-09-29 15:11 . 2008-09-29 15:12 <REP> d-------- F:\Program Files\CCleaner
2008-09-29 14:01 . 2008-10-23 14:14 2,442 --a------ F:\WINDOWS\system32\tmp.reg
2008-09-25 13:32 . 2008-06-19 17:24 28,544 --a------ F:\WINDOWS\system32\drivers\pavboot.sys
2008-09-25 13:31 . 2008-09-25 13:31 <REP> d-------- F:\Program Files\Panda Security
2008-09-25 12:49 . 2008-09-25 12:49 <REP> d--hs---- F:\FOUND.002
2008-09-24 14:40 . 2003-08-16 11:07 172,032 --a------ F:\WINDOWS\system32\poweroff.exe
2008-09-24 13:57 . 2008-09-24 13:57 <REP> d-------- F:\WINDOWS\system32\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 06:58 18,030 ----a-w F:\WINDOWS\system32\drivers\DeskLock.sys
2008-10-23 12:05 2,421 ----a-w F:\WINDOWS\kmuusb.sys
2008-10-22 13:10 38,496 ----a-w F:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 13:10 15,504 ----a-w F:\WINDOWS\system32\drivers\mbam.sys
2008-09-22 12:36 --------- d-----w F:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 12:36 --------- d-----w F:\Documents and Settings\user\Application Data\Malwarebytes
2008-09-22 12:36 --------- d-----w F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 10:44 --------- d-----w F:\Documents and Settings\user\Application Data\Radmin Communication Client
2008-09-18 06:54 --------- d-----w F:\Program Files\Runtime Software
2008-09-16 13:59 --------- d-----w F:\Documents and Settings\Administrator\Application Data\Radmin Communication Client
2008-09-16 13:58 --------- d-----w F:\Program Files\Radmin Communication Client 3.0
2008-09-16 13:42 --------- d-----w F:\Program Files\PCNetSoftware
2008-09-16 12:02 --------- d-----w F:\Program Files\UltraVNC
2008-09-09 12:31 --------- d-----w F:\Program Files\VirginMega
2008-09-09 12:11 --------- d-----w F:\Program Files\Windows Media Connect 2
2008-09-08 06:26 --------- d-----w F:\Program Files\Intelore
2008-09-05 13:02 --------- d-----w F:\Documents and Settings\user\Application Data\ZIP RAR ACE Password Recovery
2008-09-05 12:43 --------- d-----w F:\Program Files\RAR Password Cracker
2008-09-05 12:35 --------- d-----w F:\Program Files\Active Data Recovery Software
2008-09-03 13:46 --------- d-----w F:\Documents and Settings\Administrator\Application Data\TopLang
2008-09-02 12:53 --------- d-----w F:\Program Files\Desktop Lock
2008-09-02 12:16 --------- d-----w F:\Documents and Settings\user\Application Data\TopLang
2008-09-02 11:42 --------- d-----w F:\Documents and Settings\All Users\Application Data\MyUSBOnly
2008-09-02 10:45 --------- d-sh--w F:\Documents and Settings\All Users\Application Data\MPK
2008-05-28 11:59 33 ----a-w F:\Documents and Settings\user\Application Data\pwcpsw.dat
2007-12-07 13:51 92,064 ----a-w F:\Documents and Settings\user\mqdmmdm.sys
2007-12-07 13:51 9,232 ----a-w F:\Documents and Settings\user\mqdmmdfl.sys
2007-12-07 13:51 79,328 ----a-w F:\Documents and Settings\user\mqdmserd.sys
2007-12-07 13:51 66,656 ----a-w F:\Documents and Settings\user\mqdmbus.sys
2007-12-07 13:51 6,208 ----a-w F:\Documents and Settings\user\mqdmcmnt.sys
2007-12-07 13:51 5,936 ----a-w F:\Documents and Settings\user\mqdmwhnt.sys
2007-12-07 13:51 4,048 ----a-w F:\Documents and Settings\user\mqdmcr.sys
2007-12-07 13:51 25,600 ----a-w F:\Documents and Settings\user\usbsermptxp.sys
2007-12-07 13:51 22,768 ----a-w F:\Documents and Settings\user\usbsermpt.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PcSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Yahoo! Pager"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"AlcoholAutomount"="F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"USB_FW"="F:\Program Files\Net Studio\USB_FW.exe" [2008-05-21 1299968]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"HP SchedIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-02-19 86016]
"HP AutoIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-02-19 77824]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"COMODO Firewall Pro"="F:\Program Files\Comodo\Firewall\CPF.exe" [2008-01-03 1115728]
"!AVG Anti-Spyware"="F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-06-19 6731312]
"Babylon Client"="F:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 3116768]
"StatusClient"="F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="F:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Desktop Lock Loader"="F:\PROGRA~1\DESKTO~1\TLDL.EXE" [2008-05-02 151552]
"TkBellExe"="F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-18 185896]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

F:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
RAR Password Cracker.lnk - F:\Program Files\RAR Password Cracker\rpc.exe [2004-04-25 157696]
VirtuaGirl2.lnk - F:\Program Files\Vg\VirtuaGirl2.exe [2008-10-09 2654208]

F:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-19 110592]
HP LaserJet Director.lnk - F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe [2007-12-05 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LoginPrompt"= 9E8C8182988584
"NoViewOnDrive"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-10-18 20:47 75064 F:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"F:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 AFPAnsi;Alfa File Protector Ansi;F:\WINDOWS\system32\Drivers\AFPAnsi.sys [2007-03-11 43936]
R0 pavboot;pavboot;F:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 DeskLock;DeskLock;F:\WINDOWS\system32\drivers\DeskLock.sys [2008-10-24 18030]
R1 SuperMounter;SuperMounter;F:\WINDOWS\system32\drivers\SuperMounter.sys [2008-02-24 11264]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112]
R2 Poweroff;Poweroff;F:\WINDOWS\system32\poweroff.exe [2003-08-16 172032]
S2 LMIInfo;LogMeIn Kernel Information Provider;F:\Program Files\LogMeIn\x86\RaInfo.sys [ ]
S3 MiniScanEye;MiniScanEye;F:\WINDOWS\system32\Drivers\minsceye.sys [2005-02-16 14382]
S3 pendfu;PenDfu (pendfu.sys);F:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 32408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Tâches planifiées'

2008-10-23 F:\WINDOWS\Tasks\At1.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At2.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At3.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At4.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At5.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At6.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At7.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At8.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At9.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-24 F:\WINDOWS\Tasks\At10.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-24 F:\WINDOWS\Tasks\At11.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-24 F:\WINDOWS\Tasks\At12.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-24 F:\WINDOWS\Tasks\At13.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-24 F:\WINDOWS\Tasks\At14.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At15.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-24 F:\WINDOWS\Tasks\At16.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At17.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At18.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At19.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At20.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At21.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At22.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At23.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]

2008-10-23 F:\WINDOWS\Tasks\At24.job
- F:\WINDOWS\system32\GWW4c2el.exe [2008-10-23 15:04]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Window Title =
O8 -: E&xporter vers Microsoft Excel - F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Translate with &Babylon - F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O17 -: HKLM\CCS\Interface\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 15:58:37
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\user\LOCALS~1\Temp\mc21.tmp"
.
Heure de fin: 2008-10-24 16:00:23
ComboFix-quarantined-files.txt 2008-10-24 13:00:16

Avant-CF: 1 114 832 896 octets libres
Après-CF: 1,116,577,792 octets libres

259

Utilisateur anonyme · Answer

je regarde

bona_2 · Answer

merci à Shion-ares, je serai de retour lundi.

Utilisateur anonyme · Answer

1- Rends toi sur ce site :

https://www.virustotal.com/gui/

Copies ce qui suit et colles le dans l'espace pour la recherche :

F:\WINDOWS\system32\GWW4c2el.exe

Cliques sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copies le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )




---> postes moi donc le rapport ( en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite 
ou sinon copie les liens et poste les stp...

bona_2 · Answer

rapport de virustotal

http://www.virustotal.com/fr/analisis/c48c2c40dee02263ce0230fe8f0bd039

bona_2 · Answer

rapport virus total

bona_2 · Answer

virus	Version	Dernière mise à jour	Résultat
AhnLab-V3	2008.10.27.2	2008.10.27	-
AntiVir	7.9.0.9	2008.10.27	TR/Dropper.Gen
Authentium	5.1.0.4	2008.10.27	W32/Malware!OC-based
Avast	4.8.1248.0	2008.10.27	Win32:Trojan-gen {Other}
AVG	8.0.0.161	2008.10.27	-
BitDefender	7.2	2008.10.27	-
CAT-QuickHeal	9.50	2008.10.25	-
ClamAV	0.93.1	2008.10.27	-
DrWeb	4.44.0.09170	2008.10.26	-
eSafe	7.0.17.0	2008.10.26	-
eTrust-Vet	31.6.6168	2008.10.25	-
Ewido	4.0	2008.10.26	-
F-Prot	4.4.4.56	2008.10.26	W32/Malware!OC-based
F-Secure	8.0.14332.0	2008.10.27	-
Fortinet	3.113.0.0	2008.10.26	-
GData	19	2008.10.27	Win32:Trojan-gen {Other}
Ikarus	T3.1.1.44.0	2008.10.27	-
K7AntiVirus	7.10.508	2008.10.26	-
Kaspersky	7.0.0.125	2008.10.27	-
McAfee	5415	2008.10.25	-
Microsoft	1.4005	2008.10.27	TrojanDownloader:Win32/Popur.B
NOD32	3557	2008.10.26	a variant of Win32/Kryptik.AY
Norman	5.80.02	2008.10.24	-
Panda	9.0.0.4	2008.10.26	-
PCTools	4.4.2.0	2008.10.26	-
Prevx1	V2	2008.10.27	Malicious Software
Rising	21.00.62.00	2008.10.26	-
SecureWeb-Gateway	6.7.6	2008.10.27	Trojan.Dropper.Gen
Sophos	4.35.0	2008.10.27	Mal/EncPk-CZ
Sunbelt	3.1.1753.1	2008.10.25	-
Symantec	10	2008.10.27	Trojan.Zlob
TheHacker	6.3.1.1.131	2008.10.27	-
TrendMicro	8.700.0.1004	2008.10.27	-
VBA32	3.12.8.8	2008.10.25	-
ViRobot	2008.10.27.1437	2008.10.27	-
VirusBuster	4.5.11.0	2008.10.26	-
Information additionnelle
File size: 54272 bytes
MD5...: b22f8c51a73ba948cac847ce46103a4f
SHA1..: 66ca16de6e274e4c02dd3db5b77510e7eba86537
SHA256: 839795bbf580427a0680d399fe0c9ccac98d93a267de49ba79ac3d2c0d2d2940
SHA512: 7bf765be933c468f6bb4c86059e46171268681497f1304682ecba2f7ecebe3d4
08a7c8e34351f326f1dbb8e1e99f241d5d07043fad985f860bb5fa06f07a06fc
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.2%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
VXD Driver (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4011a1
timedatestamp.....: 0x480c7007 (Mon Apr 21 10:44:23 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xb6c 0xc00 3.75 4f9bbd1e0e667b5825fd5d9202b470ab
.rdata 0x2000 0xe70 0x1000 5.02 4b70b74bad63c70e3b9120382879ca01
.data 0x3000 0x2327b 0xb400 7.33 cd9b66e6ea8f8143a2f0129f757cda0e

( 7 imports ) 
> GDI32.DLL: DeleteDC, CloseMetaFile, GetPixel, AddFontResourceExW, ExcludeClipRect, CopyMetaFileA, AddFontResourceTracking, BeginPath, AddFontResourceW, CloseFigure, GetCurrentPositionEx, GetClipBox, AddFontResourceA, BitBlt, ClearBrushAttributes, GetDCOrgEx, ExtTextOutA, GetBrushOrgEx, CancelDC, ClearBitmapAttributes
> COMCTL32.DLL: ImageList_GetImageCount, InitCommonControls, ImageList_DrawIndirect, ImageList_Create, ImageList_GetImageInfo, ImageList_LoadImageA, ImageList_Remove, ImageList_GetDragImage, ImageList_Merge, ImageList_AddMasked, ImageList_ReplaceIcon, ImageList_BeginDrag, ImageList_AddIcon, ImageList_DragMove, ImageList_Read, ImageList_LoadImage, ImageList_GetIconSize, ImageList_LoadImageW, ImageList_Destroy
> GDI32.DLL: GetClipBox, DeleteDC, RestoreDC, CreateSolidBrush, AddFontResourceA, AddFontResourceW, ExtTextOutA, CloseMetaFile, SetTextColor, DeleteObject, AddFontMemResourceEx, GetDCOrgEx, ExcludeClipRect, AddFontResourceExW, CancelDC, GetPixel
> COMCTL32.DLL: ImageList_LoadImage, ImageList_Copy, ImageList_Remove, ImageList_Replace, ImageList_EndDrag, ImageList_AddMasked, ImageList_GetImageCount, ImageList_DragEnter, ImageList_Merge, ImageList_DragShowNolock, ImageList_GetDragImage, InitCommonControls, ImageList_LoadImageA, ImageList_DragMove, ImageList_BeginDrag, ImageList_DrawIndirect, ImageList_Destroy, ImageList_Create
> GDI32.DLL: CopyMetaFileA, BitBlt, GetPixel, CancelDC, AddFontResourceTracking, AbortPath, CloseFigure, AddFontResourceExW, GetClipBox, AddFontResourceW, DeleteObject, GetDCOrgEx, GetBrushOrgEx, ClearBrushAttributes, ClearBitmapAttributes, DeleteDC, ExcludeClipRect, RestoreDC, ExtTextOutA, GetPixel, CloseMetaFile, AddFontMemResourceEx
> GDI32.DLL: AddFontMemResourceEx, AbortPath, CancelDC, DeleteObject, SetTextColor, GetCurrentPositionEx, AddFontResourceA, BitBlt, AddFontResourceExW, AddFontResourceTracking, AddFontResourceW, GetBrushOrgEx, GetClipBox, DeleteDC, GetPixel, GetBitmapBits, RestoreDC, CopyMetaFileA, ExtTextOutA
> USER32.DLL: LoadCursorA, IsWindow, DrawIcon, DialogBoxParamA, AppendMenuW, CloseWindow, DrawIconEx, BlockInput, GetWindowTextLengthA, DrawTextA, AlignRects, CopyIcon, IsMenu, DrawTextW, GetDlgItem

( 0 exports ) 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=4C2D9225007C8C8FD414009FA8B77D00F6933945
ThreatExpert info: https://www.symantec.com?md5=b22f8c51a73ba948cac847ce46103a4f



 ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

Utilisateur anonyme · Answer

bonjour

je te prepare un texte pour virer cela

Utilisateur anonyme · Answer

pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :







Registry::


File::
F:\WINDOWS\system32\GWW4c2el.exe 

Folder::





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

bona_2 · Answer

Combofx ComboFix 08-10-23.08 - user 2008-10-27 14:19:46.9 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.30 [GMT 3:00] Lancé depuis: F:\Documents and Settings\user\Bureau\ComboFix.exe Commutateurs utilisés :: F:\Documents and Settings\user\Bureau\CFscript.txt * Un nouveau point de restauration a été créé [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] FILE :: F:\WINDOWS\system32\GWW4c2el.exe . Error: Cfiles.dat ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-27 au 2008-10-27 )))))))))))))))))))))))))))))))))))) . 2008-10-27 13:05 . 2008-10-27 13:05 d-------- F:\Documents and Settings\All Users\Application Data\eXPert PDF 5 2008-10-27 13:05 . 2008-10-27 13:39 111 --ah----- F:\sys53997.bin 2008-10-27 11:44 . 2008-10-27 11:44 d-------- F:\Documents and Settings\user\Application Data\eXPert PDF Editor 2008-10-27 11:44 . 2008-10-27 11:44 d-------- F:\Documents and Settings\user\Application Data\eXPert PDF 5 2008-10-27 11:42 . 2008-10-27 11:42 d-------- F:\WINDOWS\My Documents 2008-10-27 11:42 . 2008-10-27 11:42 d-------- F:\Program Files\Visagesoft 2008-10-27 11:42 . 2008-10-27 11:42 d-------- F:\Documents and Settings\All Users\Application Data\eXPert PDF Jobs 2008-10-27 11:42 . 2008-10-27 11:42 d-------- F:\Documents and Settings\All Users\Application Data\eXPert PDF 2008-10-27 11:42 . 2005-06-02 12:40 14,336 --a------ F:\WINDOWS\system32\vsmon1.dll 2008-10-27 11:31 . 2008-10-27 11:31 d-------- F:\Documents and Settings\user\Application Data\Ulead Systems 2008-10-27 11:31 . 2008-10-27 11:31 24 --a------ F:\WINDOWS\system32\DKRNL.JAX 2008-10-27 11:30 . 2008-10-27 11:30 d-------- F:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-10-24 14:56 . 2008-10-24 14:56 d-------- F:\Program Files\Medocs 4.5 2008-10-24 14:51 . 2008-10-24 14:51 d-------- F:\ocs-ng 2008-10-24 14:01 . 2008-10-24 14:01 d--hs---- F:\FOUND.006 2008-10-24 12:48 . 2008-10-24 12:48 d-------- F:\Lop SD 2008-10-24 10:59 . 2008-10-24 10:59 d-------- F:\ToolBar SD 2008-10-24 09:58 . 2008-10-24 09:58 268 --ah----- F:\sqmdata02.sqm 2008-10-24 09:58 . 2008-10-24 09:58 244 --ah----- F:\sqmnoopt02.sqm 2008-10-23 16:29 . 2008-10-23 16:29 d-------- F:\Program Files\Navilog1 2008-10-23 15:53 . 2008-10-23 15:53 230 --a------ F:\WINDOWS\system32\spupdsvc.inf 2008-10-23 15:38 . 2008-10-27 13:47 4 --a------ F:\WINDOWS\data4711.bak 2008-10-23 12:43 . 2008-10-23 12:43 d-------- F:\Program Files\A.C. Element MyUSBOnly 2008-10-22 16:14 . 2008-10-22 16:14 268 --ah----- F:\sqmdata01.sqm 2008-10-22 16:14 . 2008-10-22 16:14 244 --ah----- F:\sqmnoopt01.sqm 2008-10-22 13:30 . 2008-10-22 13:30 d-------- F:\TYVB24h 2008-10-22 13:29 . 2008-10-22 13:29 d--h----- F:\WINDOWS\PIF 2008-10-22 10:05 . 2008-10-22 10:29 80 --a------ F:\WINDOWS\SuperUtil.ini 2008-10-22 10:04 . 2008-10-22 10:04 d-------- F:\Program Files\SuperLogix 2008-10-22 10:04 . 2008-08-07 23:13 1,473,536 --a------ F:\WINDOWS\system32\context.dll 2008-10-22 10:04 . 2008-09-10 22:08 1,400,320 --a------ F:\WINDOWS\system32\vbsbak.dat 2008-10-22 10:04 . 2008-10-22 10:05 269,824 --a------ F:\WINDOWS\system32\supermenuhook.dll 2008-10-22 10:04 . 2008-10-22 10:05 269,824 --a------ F:\WINDOWS\system32\baksm.dat 2008-10-22 10:04 . 2003-10-11 10:24 89,088 --a------ F:\WINDOWS\system32\Shreder.dll 2008-10-22 10:04 . 2003-09-06 22:32 73,728 --a------ F:\WINDOWS\system32\smh.dat 2008-10-22 10:04 . 2007-03-11 21:39 44,000 --a------ F:\WINDOWS\system32\drivers\AFPUni.sys 2008-10-22 10:04 . 2007-03-11 21:39 43,936 --a------ F:\WINDOWS\system32\drivers\AFPAnsi.sys 2008-10-22 10:04 . 2008-02-24 16:17 11,264 --a------ F:\WINDOWS\system32\drivers\supermounter.sys 2008-10-22 10:04 . 2003-10-16 22:56 6,144 --a------ F:\WINDOWS\system32\SuperRes.dll 2008-10-21 09:26 . 2008-10-21 09:26 d-------- F:\Program Files\Virtual Piano 2008-10-17 16:25 . 2008-10-17 16:25 d--hs---- F:\FOUND.005 2008-10-13 13:55 . 2008-10-13 13:55 d-------- F:\Program Files\Smart Projects 2008-10-09 14:14 . 2008-10-27 13:47 4 --a------ F:\WINDOWS um41.jbd 2008-10-09 14:14 . 2008-10-27 13:47 4 --a------ F:\WINDOWS\info147.sys 2008-10-09 14:13 . 2008-10-09 14:13 d-------- F:\Program Files\Vg 2008-10-09 14:13 . 2008-10-09 14:13 d-------- F:\Program Files\Fichiers communs\Totem Shared 2008-10-07 09:34 . 2008-10-07 09:34 d-------- F:\Program Files\NN Software Collection 12 2008-10-06 10:47 . 2008-10-06 10:47 d-------- F:\Program Files\ElcomSoft 2008-10-06 10:47 . 2008-10-07 16:58 870 --a------ F:\WINDOWS\ARPR.INI 2008-10-02 16:11 . 2008-10-02 16:11 d-------- F:\Documents and Settings\user\Application Data\Publish Providers 2008-10-02 16:10 . 2008-10-02 16:10 d-------- F:\Documents and Settings\user\Application Data\Sony 2008-10-02 15:04 . 2008-10-02 15:04 d-------- F:\Documents and Settings\user\Application Data\XemiComputers 2008-10-01 15:02 . 2008-10-01 15:02 d-------- F:\Program Files\Alwil Software 2008-10-01 13:03 . 2008-10-01 13:03 d--hs---- F:\FOUND.004 2008-10-01 10:28 . 2008-10-01 10:28 45,056 --a------ F:\WINDOWS\NCUNINST.EXE 2008-10-01 10:26 . 2008-04-13 11:39 206,976 --a------ F:\WINDOWS\system32\drivers\Dot4.sys 2008-10-01 10:26 . 2001-08-23 17:11 24,064 --a------ F:\WINDOWS\system32\drivers\Dot4usb.sys 2008-10-01 10:26 . 2001-08-17 21:47 12,928 --a------ F:\WINDOWS\system32\drivers\Dot4Prt.sys 2008-10-01 10:23 . 2008-10-01 10:27 310,922 --a------ F:\WINDOWS\hplj1010.his 2008-10-01 10:23 . 2008-10-01 10:27 19,549 --a------ F:\WINDOWS\hplj1010.ini 2008-10-01 09:59 . 2008-10-01 09:59 268 --ah----- F:\sqmdata00.sqm 2008-10-01 09:59 . 2008-10-01 09:59 244 --ah----- F:\sqmnoopt00.sqm 2008-10-01 09:48 . 2008-10-01 09:48 d-------- F:\Documents and Settings\user\Application Data\Avira(2) 2008-09-30 10:11 . 2008-09-30 10:11 d-------- F:\Documents and Settings\All Users\Application Data\Avira 2008-09-30 09:12 . 2008-09-30 09:12 d--hs---- F:\FOUND.003 2008-09-29 15:11 . 2008-09-29 15:12 d-------- F:\Program Files\CCleaner 2008-09-29 14:01 . 2008-10-23 14:14 2,442 --a------ F:\WINDOWS\system32 mp.reg . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-27 10:10 18,030 ----a-w F:\WINDOWS\system32\drivers\DeskLock.sys 2008-10-23 12:05 2,421 ----a-w F:\WINDOWS\kmuusb.sys 2008-10-22 13:10 38,496 ----a-w F:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-22 13:10 15,504 ----a-w F:\WINDOWS\system32\drivers\mbam.sys 2008-09-25 10:31 --------- d-----w F:\Program Files\Panda Security 2008-09-22 12:36 --------- d-----w F:\Program Files\Malwarebytes' Anti-Malware 2008-09-22 12:36 --------- d-----w F:\Documents and Settings\user\Application Data\Malwarebytes 2008-09-22 12:36 --------- d-----w F:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-18 10:44 --------- d-----w F:\Documents and Settings\user\Application Data\Radmin Communication Client 2008-09-18 06:54 --------- d-----w F:\Program Files\Runtime Software 2008-09-16 13:59 --------- d-----w F:\Documents and Settings\Administrator\Application Data\Radmin Communication Client 2008-09-16 13:58 --------- d-----w F:\Program Files\Radmin Communication Client 3.0 2008-09-16 13:42 --------- d-----w F:\Program Files\PCNetSoftware 2008-09-16 12:02 --------- d-----w F:\Program Files\UltraVNC 2008-09-09 12:31 --------- d-----w F:\Program Files\VirginMega 2008-09-09 12:11 --------- d-----w F:\Program Files\Windows Media Connect 2 2008-09-08 06:26 --------- d-----w F:\Program Files\Intelore 2008-09-05 13:02 --------- d-----w F:\Documents and Settings\user\Application Data\ZIP RAR ACE Password Recovery 2008-09-05 12:43 --------- d-----w F:\Program Files\RAR Password Cracker 2008-09-05 12:35 --------- d-----w F:\Program Files\Active Data Recovery Software 2008-09-03 13:46 --------- d-----w F:\Documents and Settings\Administrator\Application Data\TopLang 2008-09-02 12:53 --------- d-----w F:\Program Files\Desktop Lock 2008-09-02 12:16 --------- d-----w F:\Documents and Settings\user\Application Data\TopLang 2008-09-02 11:42 --------- d-----w F:\Documents and Settings\All Users\Application Data\MyUSBOnly 2008-09-02 10:45 --------- d-sh--w F:\Documents and Settings\All Users\Application Data\MPK 2008-05-28 11:59 33 ----a-w F:\Documents and Settings\user\Application Data\pwcpsw.dat 2007-12-07 13:51 92,064 ----a-w F:\Documents and Settings\user\mqdmmdm.sys 2007-12-07 13:51 9,232 ----a-w F:\Documents and Settings\user\mqdmmdfl.sys 2007-12-07 13:51 79,328 ----a-w F:\Documents and Settings\user\mqdmserd.sys 2007-12-07 13:51 66,656 ----a-w F:\Documents and Settings\user\mqdmbus.sys 2007-12-07 13:51 6,208 ----a-w F:\Documents and Settings\user\mqdmcmnt.sys 2007-12-07 13:51 5,936 ----a-w F:\Documents and Settings\user\mqdmwhnt.sys 2007-12-07 13:51 4,048 ----a-w F:\Documents and Settings\user\mqdmcr.sys 2007-12-07 13:51 25,600 ----a-w F:\Documents and Settings\user\usbsermptxp.sys 2007-12-07 13:51 22,768 ----a-w F:\Documents and Settings\user\usbsermpt.sys . ((((((((((((((((((((((((((((( snapshot@2008-10-24_15.59.33,93 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-27 10:10:18 3,066 ----a-w F:\WINDOWS\SoftwareDistribution\EventCache\{E35DCEEC-ACBE-4FD0-9699-9E7E28F05FDF}.bin - 2008-09-29 12:58:10 277,352 ----a-w F:\WINDOWS\system32\FNTCACHE.DAT + 2008-10-27 05:40:10 278,152 ----a-w F:\WINDOWS\system32\FNTCACHE.DAT + 2007-02-18 15:22:02 96,256 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\3\vspdfdrv.dll + 2006-11-02 08:02:12 57,856 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\3\vspdfui.dll + 2008-10-27 10:33:34 16,384 ----a-w F:\WINDOWS\Temp\Perflib_Perfdata_604.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "PcSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984] "Yahoo! Pager"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] "AlcoholAutomount"="F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080] "USB_FW"="F:\Program Files\Net Studio\USB_FW.exe" [2008-05-21 1299968] "SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCSuiteTrayApplication"="F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376] "HP SchedIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-02-19 86016] "HP AutoIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-02-19 77824] "NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "COMODO Firewall Pro"="F:\Program Files\Comodo\Firewall\CPF.exe" [2008-01-03 1115728] "!AVG Anti-Spyware"="F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-10-24 6731312] "Babylon Client"="F:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 3116768] "StatusClient"="F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="F:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648] "Desktop Lock Loader"="F:\PROGRA~1\DESKTO~1\TLDL.EXE" [2008-05-02 151552] "TkBellExe"="F:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2008-06-18 185896] "avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "vspdfprsrv.exe"="F:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-08-08 966656] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360] F:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\ RAR Password Cracker.lnk - F:\Program Files\RAR Password Cracker pc.exe [2004-04-25 157696] VirtuaGirl2.lnk - F:\Program Files\Vg\VirtuaGirl2.exe [2008-10-09 2654208] F:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-19 110592] HP LaserJet Director.lnk - F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe [2007-12-05 212992] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LoginPrompt"= 9E8C8182988584 "NoViewOnDrive"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\LMIinit] 2007-10-18 20:47 75064 F:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "F:\Program Files\Messenger\msmsgs.exe"= "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"= "F:\Program Files\Yahoo!\Messenger\YServer.exe"= "F:\Program Files\Skype\Phone\Skype.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "F:\Program Files\MSN Messenger\MsnMsgr.Exe"= "F:\Program Files\MSN Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 R0 AFPAnsi;Alfa File Protector Ansi;F:\WINDOWS\system32\Drivers\AFPAnsi.sys [2007-03-11 43936] R0 pavboot;pavboot;F:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544] R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 DeskLock;DeskLock;F:\WINDOWS\system32\drivers\DeskLock.sys [2008-10-27 18030] R1 SuperMounter;SuperMounter;F:\WINDOWS\system32\drivers\SuperMounter.sys [2008-02-24 11264] R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112] R2 Poweroff;Poweroff;F:\WINDOWS\system32\poweroff.exe [2003-08-16 172032] S2 LMIInfo;LogMeIn Kernel Information Provider;F:\Program Files\LogMeIn\x86\RaInfo.sys [ ] S3 MiniScanEye;MiniScanEye;F:\WINDOWS\system32\Drivers\minsceye.sys [2005-02-16 14382] S3 pendfu;PenDfu (pendfu.sys);F:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 32408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-27 14:22:41 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv] "ImagePath"="\??\F:\DOCUME~1\user\LOCALS~1\Temp\mc21.tmp" . Heure de fin: 2008-10-27 14:24:25 ComboFix-quarantined-files.txt 2008-10-27 11:24:18 ComboFix2.txt 2008-10-24 13:00:28 Avant-CF: 750 075 904 octets libres Après-CF: 749,174,784 octets libres 220

bona_2 · Answer

hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:30, on 27/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\poweroff.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\Program Files\Comodo\Firewall\CPF.exe
F:\Program Files\Babylon\Babylon-Pro\Babylon.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
F:\PROGRA~1\DESKTO~1\TLDL.EXE
F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
F:\Program Files\Net Studio\USB_FW.exe
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\INTERNAT.EXE
F:\WINDOWS\system32\WISPTIS.EXE
F:\PROGRA~1\FICHIE~1\MICROS~1\MODI\12.0\MSPOCRDC.EXE
F:\WINDOWS\explorer.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Opera\opera.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Trend Micro\HijackThis\eden et valide.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP SchedIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "F:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Babylon Client] F:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [StatusClient] F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] F:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Desktop Lock Loader] F:\PROGRA~1\DESKTO~1\TLDL.EXE /BOOT
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] F:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [USB_FW] F:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RAR Password Cracker.lnk = F:\Program Files\RAR Password Cracker\rpc.exe
O4 - Startup: VirtuaGirl2.lnk = F:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet Director.lnk = F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS3\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS4\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS5\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - F:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Poweroff - Jorgen Bosman - F:\WINDOWS\system32\poweroff.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Utilisateur anonyme · Answer

cela n'a pas fonctionné reposte un rapport de lopsd stp

bona_2 · Answer

--------------------\  Lop S&D 4.2.4-7   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.66GHz )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : user ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 081027-0] 4.8.1229 (Activated)
   Firewall  : COMODO Firewall Pro 2.3.035 (Not Activated)
   C:\ (Local Disk) - FAT32 - Total : 9 Go Free : 1 Go
   D:\ (Local Disk) - FAT32 - Total : 29 Go Free : 12 Go
   E:\ (Local Disk) - FAT32 - Total : 27 Go Free : 6 Go
   F:\ (Local Disk) - FAT32 - Total : 9 Go Free : 0 Go
   G:\ (CD or DVD)
   H:\ (CD or DVD)

   "F:\Lop SD" ( MAJ : 23-10-2008|23:15 )
   Option : [1] ( 27/10/2008|14:57 )
 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [19/11/2007|10:31] F:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [23/11/2007|12:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [30/09/2008|10:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [04/08/2008|14:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
   [07/12/2007|16:51] F:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [19/11/2007|16:34] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
   [04/12/2007|14:49] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
   [27/10/2008|11:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF
   [27/10/2008|13:05] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF 5
   [27/10/2008|11:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF Jobs
   [29/11/2007|15:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [19/11/2007|15:13] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
   [11/02/2008|12:03] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
   [22/09/2008|15:36] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [19/11/2007|10:31] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [19/11/2007|15:39] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
   [02/09/2008|13:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MPK
   [22/11/2007|16:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
   [02/09/2008|14:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MyUSBOnly
   [04/12/2007|14:50] F:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
   [23/04/2008|11:19] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Penpower
   [17/07/2008|12:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [05/12/2007|17:07] F:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
   [04/12/2007|15:40] F:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [27/10/2008|11:30] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [09/09/2008|10:24] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [18/12/2007|13:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

   [23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
   [23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
   [19/11/2007|10:31] F:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
   [10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
   [19/11/2007|10:31] F:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [19/11/2007|15:55] F:\DOCUME~1\user\APPLIC~1\Adobe
   [30/11/2007|16:32] F:\DOCUME~1\user\APPLIC~1\AdobeUM
   [01/10/2008|09:48] F:\DOCUME~1\user\APPLIC~1\Avira(2)
   [04/08/2008|14:45] F:\DOCUME~1\user\APPLIC~1\Babylon
   [19/11/2007|16:34] F:\DOCUME~1\user\APPLIC~1\Comodo
   [04/12/2007|14:58] F:\DOCUME~1\user\APPLIC~1\Datalayer
   [27/10/2008|11:44] F:\DOCUME~1\user\APPLIC~1\eXPert PDF 5
   [27/10/2008|11:44] F:\DOCUME~1\user\APPLIC~1\eXPert PDF Editor
   [24/01/2008|14:00] F:\DOCUME~1\user\APPLIC~1\GetRightToGo
   [29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Google
   [08/02/2008|10:00] F:\DOCUME~1\user\APPLIC~1\Help
   [19/11/2007|10:45] F:\DOCUME~1\user\APPLIC~1\Identities
   [07/12/2007|16:59] F:\DOCUME~1\user\APPLIC~1\InstallShield
   [28/05/2008|10:55] F:\DOCUME~1\user\APPLIC~1\Intelore
   [29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Macromedia
   [22/09/2008|15:36] F:\DOCUME~1\user\APPLIC~1\Malwarebytes
   [19/11/2007|10:31] F:\DOCUME~1\user\APPLIC~1\Microsoft
   [03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Mozilla
   [04/12/2007|14:57] F:\DOCUME~1\user\APPLIC~1\Nokia
   [10/01/2008|11:26] F:\DOCUME~1\user\APPLIC~1\Nokia Multimedia Player
   [03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Nvu
   [29/07/2008|09:42] F:\DOCUME~1\user\APPLIC~1\Opera
   [21/07/2008|13:25] F:\DOCUME~1\user\APPLIC~1\OtakuSoftware
   [04/12/2007|14:50] F:\DOCUME~1\user\APPLIC~1\PC Suite
   [10/07/2008|13:53] F:\DOCUME~1\user\APPLIC~1\PDFCreator
   [02/10/2008|16:11] F:\DOCUME~1\user\APPLIC~1\Publish Providers
   [18/09/2008|13:44] F:\DOCUME~1\user\APPLIC~1\Radmin Communication Client
   [18/06/2008|09:16] F:\DOCUME~1\user\APPLIC~1\Real
   [17/07/2008|12:54] F:\DOCUME~1\user\APPLIC~1\Skype
   [17/07/2008|12:59] F:\DOCUME~1\user\APPLIC~1\skypePM
   [02/10/2008|16:10] F:\DOCUME~1\user\APPLIC~1\Sony
   [10/01/2008|08:27] F:\DOCUME~1\user\APPLIC~1\Teleca
   [02/09/2008|15:16] F:\DOCUME~1\user\APPLIC~1\TopLang
   [27/10/2008|11:31] F:\DOCUME~1\user\APPLIC~1\Ulead Systems
   [21/11/2007|09:04] F:\DOCUME~1\user\APPLIC~1\Visicom Media
   [02/10/2008|16:59] F:\DOCUME~1\user\APPLIC~1\WinRAR
   [02/10/2008|15:04] F:\DOCUME~1\user\APPLIC~1\XemiComputers
   [05/09/2008|16:02] F:\DOCUME~1\user\APPLIC~1\ZIP RAR ACE Password Recovery

   [30/11/2007|13:00] F:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
   [18/08/2008|15:27] F:\DOCUME~1\ADMINI~1\APPLIC~1\Babylon
   [22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Comodo
   [22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [26/12/2007|08:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
   [19/11/2007|10:31] F:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [05/12/2007|08:49] F:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
   [16/09/2008|16:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Radmin Communication Client
   [09/07/2008|09:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Real
   [10/01/2008|13:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Teleca
   [03/09/2008|16:46] F:\DOCUME~1\ADMINI~1\APPLIC~1\TopLang

   [23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Comodo
   [23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Identities
   [19/11/2007|10:31] F:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft

   [29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Comodo
   [29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\Identities
   [19/11/2007|10:31] F:\DOCUME~1\TOKY\APPLIC~1\Microsoft
   [29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\PC Suite
   [29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Teleca
 
   --------------------\  Tâches planifiées dans F:\WINDOWS	asks

   [27/10/2008 14:24][--ah-----] F:\WINDOWS	asks\SA.DAT
   [17/11/2004 13:27][-r-h-----] F:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans F:\Program Files

   [05/08/2008|14:02] F:\Program Files\01-mp3search
   [23/10/2008|12:43] F:\Program Files\A.C. Element MyUSBOnly
   [30/05/2008|15:02] F:\Program Files\Accent OFFICE Password Recovery
   [05/09/2008|15:35] F:\Program Files\Active Data Recovery Software
   [19/11/2007|15:53] F:\Program Files\Adobe
   [27/12/2007|14:24] F:\Program Files\Ahead
   [29/01/2008|09:13] F:\Program Files\Alcohol Soft
   [01/10/2008|15:02] F:\Program Files\Alwil Software
   [28/05/2008|09:19] F:\Program Files\Ashampoo
   [07/12/2007|16:53] F:\Program Files\Avanquest update
   [26/02/2008|11:46] F:\Program Files\AVOne
   [04/08/2008|15:00] F:\Program Files\Babylon
   [29/09/2008|15:12] F:\Program Files\CCleaner
   [03/01/2008|14:12] F:\Program Files\CHANGJIE
   [19/11/2007|16:32] F:\Program Files\Comodo
   [19/11/2007|10:39] F:\Program Files\ComPlus Applications
   [04/08/2008|15:00] F:\Program Files\Conduit
   [02/09/2008|15:53] F:\Program Files\Desktop Lock
   [04/12/2007|14:51] F:\Program Files\DIFX
   [04/12/2007|15:39] F:\Program Files\Easy CD-DA Extractor 11
   [28/11/2007|11:36] F:\Program Files\Easy GIF Animator
   [28/11/2007|11:36] F:\Program Files\Easy Gif Animator Extension
   [08/08/2008|13:57] F:\Program Files\EasyPHP1-8
   [06/10/2008|10:47] F:\Program Files\ElcomSoft
   [29/01/2008|11:41] F:\Program Files\eMule
   [19/11/2007|10:25] F:\Program Files\Fichiers communs
   [29/11/2007|15:53] F:\Program Files\Google
   [11/01/2008|11:06] F:\Program Files\Grisoft
   [22/11/2007|16:21] F:\Program Files\Hewlett-Packard
   [25/02/2008|13:27] F:\Program Files\HP
   [08/08/2008|12:58] F:\Program Files\IDAutomation.com Code 39 Free Font
   [07/12/2007|16:51] F:\Program Files\InstallShield Installation Information
   [08/09/2008|09:26] F:\Program Files\Intelore
   [19/11/2007|10:40] F:\Program Files\Internet Explorer
   [03/01/2008|14:12] F:\Program Files\KOIME
   [23/11/2007|13:25] F:\Program Files\Lauyan
   [03/01/2008|14:09] F:\Program Files\LHSP
   [22/09/2008|15:36] F:\Program Files\Malwarebytes' Anti-Malware
   [24/10/2008|14:56] F:\Program Files\Medocs 4.5
   [19/11/2007|10:38] F:\Program Files\Messenger
   [19/11/2007|10:43] F:\Program Files\microsoft frontpage
   [19/11/2007|15:40] F:\Program Files\Microsoft Office
   [08/08/2008|09:47] F:\Program Files\Microsoft Silverlight
   [19/11/2007|15:45] F:\Program Files\Microsoft Visual Studio
   [19/11/2007|15:45] F:\Program Files\Microsoft Works
   [07/12/2007|16:51] F:\Program Files\Motorola Phone Tools
   [19/11/2007|10:40] F:\Program Files\Movie Maker
   [19/11/2007|15:45] F:\Program Files\MSBuild
   [19/11/2007|10:38] F:\Program Files\MSN
   [19/11/2007|10:38] F:\Program Files\MSN Gaming Zone
   [20/11/2007|08:40] F:\Program Files\MSN Messenger
   [04/08/2008|15:00] F:\Program Files\myBabylon
   [24/01/2008|14:51] F:\Program Files\NASA
   [23/10/2008|16:29] F:\Program Files\Navilog1
   [22/05/2008|11:10] F:\Program Files\Net Studio
   [19/11/2007|10:40] F:\Program Files\NetMeeting
   [07/10/2008|09:34] F:\Program Files\NN Software Collection 12
   [04/12/2007|14:49] F:\Program Files\Nokia
   [03/01/2008|09:30] F:\Program Files\Nvu
   [19/11/2007|10:39] F:\Program Files\Online Services
   [17/12/2007|10:24] F:\Program Files\Ontrack
   [29/07/2008|09:42] F:\Program Files\Opera
   [30/05/2008|15:12] F:\Program Files\OPRW
   [19/11/2007|10:40] F:\Program Files\Outlook Express
   [25/09/2008|13:31] F:\Program Files\Panda Security
   [28/05/2008|09:02] F:\Program Files\PasswordTools
   [16/09/2008|16:42] F:\Program Files\PCNetSoftware
   [20/08/2008|14:30] F:\Program Files\PDF2Word v1.6
   [10/07/2008|13:53] F:\Program Files\PDFCreator
   [27/12/2007|14:38] F:\Program Files\Radio Fr Solo
   [16/09/2008|16:58] F:\Program Files\Radmin Communication Client 3.0
   [05/09/2008|15:43] F:\Program Files\RAR Password Cracker
   [18/09/2008|09:54] F:\Program Files\Runtime Software
   [21/01/2008|10:35] F:\Program Files\Sarkophage
   [27/03/2008|14:21] F:\Program Files\SCC
   [03/01/2008|14:12] F:\Program Files\SCIME
   [19/11/2007|10:41] F:\Program Files\Services en ligne
   [17/07/2008|12:53] F:\Program Files\Skype
   [13/10/2008|13:55] F:\Program Files\Smart Projects
   [29/05/2008|16:54] F:\Program Files\SuperCopier2
   [22/10/2008|10:04] F:\Program Files\SuperLogix
   [03/01/2008|14:12] F:\Program Files\TCIME
   [08/02/2008|14:47] F:\Program Files\Temp
   [24/07/2008|10:49] F:\Program Files\Trend Micro
   [16/09/2008|15:02] F:\Program Files\UltraVNC
   [19/11/2007|10:45] F:\Program Files\Uninstall Information
   [09/10/2008|14:13] F:\Program Files\Vg
   [04/12/2007|15:47] F:\Program Files\VIA Technologies, Inc
   [09/09/2008|15:31] F:\Program Files\VirginMega
   [21/10/2008|09:26] F:\Program Files\Virtual Piano
   [27/10/2008|11:42] F:\Program Files\Visagesoft
   [21/11/2007|09:03] F:\Program Files\Visicom Media
   [06/03/2008|15:01] F:\Program Files\WinAVI Video Converter
   [09/09/2008|15:11] F:\Program Files\Windows Media Connect 2
   [19/11/2007|10:39] F:\Program Files\Windows Media Player
   [19/11/2007|10:38] F:\Program Files\Windows NT
   [19/11/2007|10:41] F:\Program Files\WindowsUpdate
   [07/12/2007|13:40] F:\Program Files\WinRAR
   [07/12/2007|13:41] F:\Program Files\WinZip
   [30/05/2008|13:35] F:\Program Files\XaviWare Password Recovery .MDB
   [19/11/2007|10:43] F:\Program Files\xerox
   [18/12/2007|13:03] F:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans F:\Program Files\Fichiers communs

   [19/11/2007|15:53] F:\Program Files\Fichiers communs\Adobe
   [27/12/2007|14:24] F:\Program Files\Fichiers communs\Ahead
   [19/11/2007|15:45] F:\Program Files\Fichiers communs\DESIGNER
   [07/12/2007|16:50] F:\Program Files\Fichiers communs\InstallShield
   [03/01/2008|14:09] F:\Program Files\Fichiers communs\L&H Shared
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\Microsoft Shared
   [18/12/2007|10:40] F:\Program Files\Fichiers communs\Motorola Shared
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\MSSoap
   [27/12/2007|14:26] F:\Program Files\Fichiers communs\Nero
   [04/12/2007|14:50] F:\Program Files\Fichiers communs\Nokia
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\ODBC
   [04/12/2007|14:50] F:\Program Files\Fichiers communs\PCSuite
   [18/06/2008|09:17] F:\Program Files\Fichiers communs\Real
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\Services
   [17/07/2008|12:53] F:\Program Files\Fichiers communs\Skype
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\SpeechEngines
   [04/02/2008|14:20] F:\Program Files\Fichiers communs\SWF Studio
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\System
   [10/01/2008|08:25] F:\Program Files\Fichiers communs\Teleca Shared
   [09/10/2008|14:13] F:\Program Files\Fichiers communs\Totem Shared
   [19/11/2007|15:20] F:\Program Files\Fichiers communs\Wise Installation Wizard
   [18/06/2008|09:20] F:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 50 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   F:\DOCUME~1\user\Favoris\aina\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download page 10.url
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6[1].02_Incl._Keygen_FRENCH-BS.RAR
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs-we60a.zip
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs.nfo
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\file_id.diz
   F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\keygenfr.exe


   [F:4][D:2]-> F:\DOCUME~1\user\LOCALS~1\Temp
   [F:17][D:0]-> F:\DOCUME~1\user\Cookies
   [F:12][D:4]-> F:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5
   [F:2][D:0]-> F:\Recycled

   1 - "F:\Lop SD\LopR_1.txt" - 24/10/2008|12:52 - Option : [1]
   2 - "F:\Lop SD\LopR_2.txt" - 24/10/2008|15:18 - Option : [2]
   3 - "F:\Lop SD\LopR_3.txt" - 27/10/2008|15:01 - Option : [1]

   --------------------\  Fin du rapport a 15:01:35

Utilisateur anonyme · Answer

desolé je me suis tromper c'est un log de toolbar

je regarde le rapport de combo pour voir ce qu'il ne va pas

bona_2 · Answer

--------------------\  Lop S&D 4.2.4-7   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.66GHz )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : user ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 081027-0] 4.8.1229 (Activated)
   Firewall  : COMODO Firewall Pro 2.3.035 (Not Activated)
   C:\ (Local Disk) - FAT32 - Total : 9 Go Free : 1 Go
   D:\ (Local Disk) - FAT32 - Total : 29 Go Free : 12 Go
   E:\ (Local Disk) - FAT32 - Total : 27 Go Free : 6 Go
   F:\ (Local Disk) - FAT32 - Total : 9 Go Free : 0 Go
   G:\ (CD or DVD)
   H:\ (CD or DVD)

   "F:\Lop SD" ( MAJ : 23-10-2008|23:15 )
   Option : [2] ( 27/10/2008|16:02 )

 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [19/11/2007|10:31] F:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [23/11/2007|12:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [30/09/2008|10:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [04/08/2008|14:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
   [07/12/2007|16:51] F:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [19/11/2007|16:34] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
   [04/12/2007|14:49] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
   [27/10/2008|11:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF
   [27/10/2008|13:05] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF 5
   [27/10/2008|11:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF Jobs
   [29/11/2007|15:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [19/11/2007|15:13] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
   [11/02/2008|12:03] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
   [22/09/2008|15:36] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [19/11/2007|10:31] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [19/11/2007|15:39] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
   [02/09/2008|13:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MPK
   [22/11/2007|16:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
   [02/09/2008|14:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MyUSBOnly
   [04/12/2007|14:50] F:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
   [23/04/2008|11:19] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Penpower
   [17/07/2008|12:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [05/12/2007|17:07] F:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
   [04/12/2007|15:40] F:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [27/10/2008|11:30] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [09/09/2008|10:24] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [18/12/2007|13:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

   [23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
   [23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
   [19/11/2007|10:31] F:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
   [10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
   [19/11/2007|10:31] F:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [19/11/2007|15:55] F:\DOCUME~1\user\APPLIC~1\Adobe
   [30/11/2007|16:32] F:\DOCUME~1\user\APPLIC~1\AdobeUM
   [01/10/2008|09:48] F:\DOCUME~1\user\APPLIC~1\Avira(2)
   [04/08/2008|14:45] F:\DOCUME~1\user\APPLIC~1\Babylon
   [19/11/2007|16:34] F:\DOCUME~1\user\APPLIC~1\Comodo
   [04/12/2007|14:58] F:\DOCUME~1\user\APPLIC~1\Datalayer
   [27/10/2008|11:44] F:\DOCUME~1\user\APPLIC~1\eXPert PDF 5
   [27/10/2008|11:44] F:\DOCUME~1\user\APPLIC~1\eXPert PDF Editor
   [24/01/2008|14:00] F:\DOCUME~1\user\APPLIC~1\GetRightToGo
   [29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Google
   [08/02/2008|10:00] F:\DOCUME~1\user\APPLIC~1\Help
   [19/11/2007|10:45] F:\DOCUME~1\user\APPLIC~1\Identities
   [07/12/2007|16:59] F:\DOCUME~1\user\APPLIC~1\InstallShield
   [28/05/2008|10:55] F:\DOCUME~1\user\APPLIC~1\Intelore
   [29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Macromedia
   [22/09/2008|15:36] F:\DOCUME~1\user\APPLIC~1\Malwarebytes
   [19/11/2007|10:31] F:\DOCUME~1\user\APPLIC~1\Microsoft
   [03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Mozilla
   [04/12/2007|14:57] F:\DOCUME~1\user\APPLIC~1\Nokia
   [10/01/2008|11:26] F:\DOCUME~1\user\APPLIC~1\Nokia Multimedia Player
   [03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Nvu
   [29/07/2008|09:42] F:\DOCUME~1\user\APPLIC~1\Opera
   [21/07/2008|13:25] F:\DOCUME~1\user\APPLIC~1\OtakuSoftware
   [04/12/2007|14:50] F:\DOCUME~1\user\APPLIC~1\PC Suite
   [10/07/2008|13:53] F:\DOCUME~1\user\APPLIC~1\PDFCreator
   [02/10/2008|16:11] F:\DOCUME~1\user\APPLIC~1\Publish Providers
   [18/09/2008|13:44] F:\DOCUME~1\user\APPLIC~1\Radmin Communication Client
   [18/06/2008|09:16] F:\DOCUME~1\user\APPLIC~1\Real
   [17/07/2008|12:54] F:\DOCUME~1\user\APPLIC~1\Skype
   [17/07/2008|12:59] F:\DOCUME~1\user\APPLIC~1\skypePM
   [02/10/2008|16:10] F:\DOCUME~1\user\APPLIC~1\Sony
   [10/01/2008|08:27] F:\DOCUME~1\user\APPLIC~1\Teleca
   [02/09/2008|15:16] F:\DOCUME~1\user\APPLIC~1\TopLang
   [27/10/2008|11:31] F:\DOCUME~1\user\APPLIC~1\Ulead Systems
   [21/11/2007|09:04] F:\DOCUME~1\user\APPLIC~1\Visicom Media
   [02/10/2008|16:59] F:\DOCUME~1\user\APPLIC~1\WinRAR
   [02/10/2008|15:04] F:\DOCUME~1\user\APPLIC~1\XemiComputers
   [05/09/2008|16:02] F:\DOCUME~1\user\APPLIC~1\ZIP RAR ACE Password Recovery

   [30/11/2007|13:00] F:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
   [18/08/2008|15:27] F:\DOCUME~1\ADMINI~1\APPLIC~1\Babylon
   [22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Comodo
   [22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [26/12/2007|08:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
   [19/11/2007|10:31] F:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [05/12/2007|08:49] F:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
   [16/09/2008|16:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Radmin Communication Client
   [09/07/2008|09:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Real
   [10/01/2008|13:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Teleca
   [03/09/2008|16:46] F:\DOCUME~1\ADMINI~1\APPLIC~1\TopLang

   [23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Comodo
   [23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Identities
   [19/11/2007|10:31] F:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft

   [29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Comodo
   [29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\Identities
   [19/11/2007|10:31] F:\DOCUME~1\TOKY\APPLIC~1\Microsoft
   [29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\PC Suite
   [29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Teleca
 
   --------------------\  Tâches planifiées dans F:\WINDOWS	asks

   [27/10/2008 15:22][--ah-----] F:\WINDOWS	asks\SA.DAT
   [17/11/2004 13:27][-r-h-----] F:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans F:\Program Files

   [05/08/2008|14:02] F:\Program Files\01-mp3search
   [23/10/2008|12:43] F:\Program Files\A.C. Element MyUSBOnly
   [30/05/2008|15:02] F:\Program Files\Accent OFFICE Password Recovery
   [05/09/2008|15:35] F:\Program Files\Active Data Recovery Software
   [19/11/2007|15:53] F:\Program Files\Adobe
   [27/12/2007|14:24] F:\Program Files\Ahead
   [29/01/2008|09:13] F:\Program Files\Alcohol Soft
   [01/10/2008|15:02] F:\Program Files\Alwil Software
   [28/05/2008|09:19] F:\Program Files\Ashampoo
   [07/12/2007|16:53] F:\Program Files\Avanquest update
   [26/02/2008|11:46] F:\Program Files\AVOne
   [04/08/2008|15:00] F:\Program Files\Babylon
   [29/09/2008|15:12] F:\Program Files\CCleaner
   [03/01/2008|14:12] F:\Program Files\CHANGJIE
   [19/11/2007|16:32] F:\Program Files\Comodo
   [19/11/2007|10:39] F:\Program Files\ComPlus Applications
   [04/08/2008|15:00] F:\Program Files\Conduit
   [02/09/2008|15:53] F:\Program Files\Desktop Lock
   [04/12/2007|14:51] F:\Program Files\DIFX
   [04/12/2007|15:39] F:\Program Files\Easy CD-DA Extractor 11
   [28/11/2007|11:36] F:\Program Files\Easy GIF Animator
   [28/11/2007|11:36] F:\Program Files\Easy Gif Animator Extension
   [08/08/2008|13:57] F:\Program Files\EasyPHP1-8
   [06/10/2008|10:47] F:\Program Files\ElcomSoft
   [29/01/2008|11:41] F:\Program Files\eMule
   [19/11/2007|10:25] F:\Program Files\Fichiers communs
   [29/11/2007|15:53] F:\Program Files\Google
   [11/01/2008|11:06] F:\Program Files\Grisoft
   [22/11/2007|16:21] F:\Program Files\Hewlett-Packard
   [25/02/2008|13:27] F:\Program Files\HP
   [08/08/2008|12:58] F:\Program Files\IDAutomation.com Code 39 Free Font
   [07/12/2007|16:51] F:\Program Files\InstallShield Installation Information
   [08/09/2008|09:26] F:\Program Files\Intelore
   [19/11/2007|10:40] F:\Program Files\Internet Explorer
   [03/01/2008|14:12] F:\Program Files\KOIME
   [23/11/2007|13:25] F:\Program Files\Lauyan
   [03/01/2008|14:09] F:\Program Files\LHSP
   [22/09/2008|15:36] F:\Program Files\Malwarebytes' Anti-Malware
   [19/11/2007|10:38] F:\Program Files\Messenger
   [19/11/2007|10:43] F:\Program Files\microsoft frontpage
   [19/11/2007|15:40] F:\Program Files\Microsoft Office
   [08/08/2008|09:47] F:\Program Files\Microsoft Silverlight
   [19/11/2007|15:45] F:\Program Files\Microsoft Visual Studio
   [19/11/2007|15:45] F:\Program Files\Microsoft Works
   [07/12/2007|16:51] F:\Program Files\Motorola Phone Tools
   [19/11/2007|10:40] F:\Program Files\Movie Maker
   [19/11/2007|15:45] F:\Program Files\MSBuild
   [19/11/2007|10:38] F:\Program Files\MSN
   [19/11/2007|10:38] F:\Program Files\MSN Gaming Zone
   [20/11/2007|08:40] F:\Program Files\MSN Messenger
   [04/08/2008|15:00] F:\Program Files\myBabylon
   [24/01/2008|14:51] F:\Program Files\NASA
   [23/10/2008|16:29] F:\Program Files\Navilog1
   [22/05/2008|11:10] F:\Program Files\Net Studio
   [19/11/2007|10:40] F:\Program Files\NetMeeting
   [07/10/2008|09:34] F:\Program Files\NN Software Collection 12
   [04/12/2007|14:49] F:\Program Files\Nokia
   [03/01/2008|09:30] F:\Program Files\Nvu
   [19/11/2007|10:39] F:\Program Files\Online Services
   [17/12/2007|10:24] F:\Program Files\Ontrack
   [29/07/2008|09:42] F:\Program Files\Opera
   [30/05/2008|15:12] F:\Program Files\OPRW
   [19/11/2007|10:40] F:\Program Files\Outlook Express
   [25/09/2008|13:31] F:\Program Files\Panda Security
   [28/05/2008|09:02] F:\Program Files\PasswordTools
   [16/09/2008|16:42] F:\Program Files\PCNetSoftware
   [20/08/2008|14:30] F:\Program Files\PDF2Word v1.6
   [10/07/2008|13:53] F:\Program Files\PDFCreator
   [27/12/2007|14:38] F:\Program Files\Radio Fr Solo
   [16/09/2008|16:58] F:\Program Files\Radmin Communication Client 3.0
   [05/09/2008|15:43] F:\Program Files\RAR Password Cracker
   [18/09/2008|09:54] F:\Program Files\Runtime Software
   [21/01/2008|10:35] F:\Program Files\Sarkophage
   [27/03/2008|14:21] F:\Program Files\SCC
   [03/01/2008|14:12] F:\Program Files\SCIME
   [19/11/2007|10:41] F:\Program Files\Services en ligne
   [17/07/2008|12:53] F:\Program Files\Skype
   [13/10/2008|13:55] F:\Program Files\Smart Projects
   [29/05/2008|16:54] F:\Program Files\SuperCopier2
   [22/10/2008|10:04] F:\Program Files\SuperLogix
   [03/01/2008|14:12] F:\Program Files\TCIME
   [08/02/2008|14:47] F:\Program Files\Temp
   [24/07/2008|10:49] F:\Program Files\Trend Micro
   [16/09/2008|15:02] F:\Program Files\UltraVNC
   [19/11/2007|10:45] F:\Program Files\Uninstall Information
   [09/10/2008|14:13] F:\Program Files\Vg
   [04/12/2007|15:47] F:\Program Files\VIA Technologies, Inc
   [09/09/2008|15:31] F:\Program Files\VirginMega
   [27/10/2008|11:42] F:\Program Files\Visagesoft
   [21/11/2007|09:03] F:\Program Files\Visicom Media
   [06/03/2008|15:01] F:\Program Files\WinAVI Video Converter
   [09/09/2008|15:11] F:\Program Files\Windows Media Connect 2
   [19/11/2007|10:39] F:\Program Files\Windows Media Player
   [19/11/2007|10:38] F:\Program Files\Windows NT
   [19/11/2007|10:41] F:\Program Files\WindowsUpdate
   [07/12/2007|13:40] F:\Program Files\WinRAR
   [07/12/2007|13:41] F:\Program Files\WinZip
   [30/05/2008|13:35] F:\Program Files\XaviWare Password Recovery .MDB
   [19/11/2007|10:43] F:\Program Files\xerox
   [18/12/2007|13:03] F:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans F:\Program Files\Fichiers communs

   [19/11/2007|15:53] F:\Program Files\Fichiers communs\Adobe
   [27/12/2007|14:24] F:\Program Files\Fichiers communs\Ahead
   [19/11/2007|15:45] F:\Program Files\Fichiers communs\DESIGNER
   [07/12/2007|16:50] F:\Program Files\Fichiers communs\InstallShield
   [03/01/2008|14:09] F:\Program Files\Fichiers communs\L&H Shared
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\Microsoft Shared
   [18/12/2007|10:40] F:\Program Files\Fichiers communs\Motorola Shared
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\MSSoap
   [27/12/2007|14:26] F:\Program Files\Fichiers communs\Nero
   [04/12/2007|14:50] F:\Program Files\Fichiers communs\Nokia
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\ODBC
   [04/12/2007|14:50] F:\Program Files\Fichiers communs\PCSuite
   [18/06/2008|09:17] F:\Program Files\Fichiers communs\Real
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\Services
   [17/07/2008|12:53] F:\Program Files\Fichiers communs\Skype
   [19/11/2007|10:25] F:\Program Files\Fichiers communs\SpeechEngines
   [04/02/2008|14:20] F:\Program Files\Fichiers communs\SWF Studio
   [19/11/2007|10:40] F:\Program Files\Fichiers communs\System
   [10/01/2008|08:25] F:\Program Files\Fichiers communs\Teleca Shared
   [09/10/2008|14:13] F:\Program Files\Fichiers communs\Totem Shared
   [19/11/2007|15:20] F:\Program Files\Fichiers communs\Wise Installation Wizard
   [18/06/2008|09:20] F:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 46 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-10-27 16:06:53
   Windows 5.1.2600 Service Pack 3 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   F:\DOCUME~1\user\Favoris\aina\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download page 10.url


   [F:8][D:3]-> F:\DOCUME~1\user\LOCALS~1\Temp
   [F:17][D:0]-> F:\DOCUME~1\user\Cookies
   [F:62][D:4]-> F:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5
   [F:2][D:0]-> F:\Recycled

   1 - "F:\Lop SD\LopR_1.txt" - 24/10/2008|12:52 - Option : [1]
   2 - "F:\Lop SD\LopR_2.txt" - 24/10/2008|15:18 - Option : [2]
   3 - "F:\Lop SD\LopR_3.txt" - 27/10/2008|15:01 - Option : [1]
   4 - "F:\Lop SD\LopR_4.txt" - 27/10/2008|16:07 - Option : [2]

   --------------------\  Fin du rapport a 16:07:51

Utilisateur anonyme · Answer

je te conseil de virer tout cela si tu ne veux pas te refaire infecter 

F:\DOCUME~1\user\Favoris\aina\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download page 10.url
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6[1].02_Incl._Keygen_FRENCH-BS.RAR
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs-we60a.zip
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs.nfo
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\file_id.diz
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\keygenfr.exe 

ainsi que ca aussi 

O4 - Startup: RAR Password Cracker.lnk = F:\Program Files\RAR Password Cracker\rpc.exe

feelgood · Answer

L'autres conseil est de virer IE6 pour revenir a IE7, je comprends pas pourquoi tu as viré IE7 d'ailleurs!

bona_2 · Answer

ok, j'ai tout viré les fichiers suspects

Utilisateur anonyme · Answer

maintenant poste un rapport de toolbar option 1 

je voudrais verifier un truc stp

bona_2 · Answer

-----------\  ToolBar S&D 1.2.3   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.66GHz )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : user ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 081027-0] 4.8.1229 (Activated)
   Firewall  : COMODO Firewall Pro 2.3.035 (Not Activated)
   C:\ (Local Disk) - FAT32 - Total : 9 Go Free : 1 Go
   D:\ (Local Disk) - FAT32 - Total : 29 Go Free : 12 Go
   E:\ (Local Disk) - FAT32 - Total : 27 Go Free : 6 Go
   F:\ (Local Disk) - FAT32 - Total : 9 Go Free : 0 Go
   G:\ (CD or DVD)
   H:\ (CD or DVD)

   "F:\ToolBar SD" ( MAJ : 23-10-2008|0:25 )
   Option : [1] ( 27/10/2008|16:38 )

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="F:\windows\system32\blank.htm"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "F:\ToolBar SD\TB_1.txt" - 24/10/2008|11:02 - Option : [1]
   2 - "F:\ToolBar SD\TB_2.txt" - 24/10/2008|11:21 - Option : [2]
   3 - "F:\ToolBar SD\TB_3.txt" - 27/10/2008|16:39 - Option : [1]

   -----------\  Fin du rapport a 16:39:18,07

Utilisateur anonyme · Answer

ok 

repsote un log hijackthis

comment va ton pc ?

bona_2 · Answer

Maintenant ça va, mais j'ai pas encore utiliser IE, je poste un log hijackthis

Utilisateur anonyme · Answer

je te propose de changer d'antivirus comme tu a pu le voir avast n'a pas ete capable de nettoyer tu fait comme tu veux 1)Télécharge Avira antivir -- Télécharge Avira antivir PersonalEdition Classic a partir de ce lien : https://www.avira.com/ sur ton Bureau. -- Télécharge le désinstalleur d Avast sur ton Bureau https://www.avast.com/fr-fr/uninstall-utility 2) Désinstallation d'avast! Mets toi hors connexion, puis désinstalle avast! via Démarrer / Paramètres /Panneau de configuration et dans Ajout/ Suppression de programmes , navigue jusqu'à avast! et clique sur Supprimer puis choisis Désinstaller. Redémarre ton PC comme demandé et supprime le dossier C:\Program Files\Alwils Software Ou bien tu peux utiliser le désinstalleur d'avast! si tu préfères. 3) Installe et paramètre puis mets a jour Antivir Double-clique sur son set up sur ton Bureau pour lancer l’installation. Une fois celui ci installé, Reconnecte toi afin d’ effectuer sa mise a jour et le paramétrer. Ferme le scan qui s'est lancé de manière automatique. Paramètre le comme indiqué ici : http://speedweb1.free.fr/frames2.php?page=tuto5 ou la : https://www.malekal.com/avira-free-security-antivirus-gratuit/

bona_2 · Answer

Bonjour,
Merci pour votre aide, mais un ptit problème j'ai déjà installé Avira sur mon pc mais je ne sais pas ce qui se passe mais il bloque mon port réseaux, après j'ai désisntallé puis revenir à avast.

Utilisateur anonyme · Answer

bonjour

voici un tuto pour bien configurer antivir 

https://www.malekal.com/avira-free-security-antivirus-gratuit/

bona_2 · Answer

Merci,
J'ai déjà utilisé IE mais la version 6 pas de problème jusque là, je réinstalle à nouveau la version 7 après et on va voir 
merci encore.

bona_2 · Answer

Merci à tous, à shion-ares, problème résolu
A+

Utilisateur anonyme · Answer

poste un log hijackthis et on termine

bona_2 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:06, on 28/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\poweroff.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\Program Files\Comodo\Firewall\CPF.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Babylon\Babylon-Pro\Babylon.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
F:\PROGRA~1\DESKTO~1\TLDL.EXE
F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
F:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
F:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
F:\Program Files\Net Studio\USB_FW.exe
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\WINDOWS\system32\INTERNAT.EXE
F:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
F:\Program Files\Opera\opera.exe
F:\Program Files\Trend Micro\HijackThis\eden et valide.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP SchedIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "F:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Babylon Client] F:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [StatusClient] F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] F:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Desktop Lock Loader] F:\PROGRA~1\DESKTO~1\TLDL.EXE /BOOT
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [vspdfprsrv.exe] F:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [USB_FW] F:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtuaGirl2.lnk = F:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet Director.lnk = F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS3\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS4\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS5\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - F:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Poweroff - Jorgen Bosman - F:\WINDOWS\system32\poweroff.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Utilisateur anonyme · Answer

ok 

passe quand a internet explorer 7

* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

bona_2 · Answer

[ Rapport ToolsCleaner version 2.2.4 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

F:\Combofix.txt: trouvé !
F:\fixnavi.txt: trouvé !
F:\lopR.txt: trouvé !
F:\TB.txt: trouvé !
F:\Lop SD: trouvé !
F:\Qoobox: trouvé !
F:\Toolbar SD: trouvé !
F:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
F:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
F:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
F:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
F:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
F:\Documents and Settings\user\Bureau\HijackThis.lnk: trouvé !
F:\Documents and Settings\user\Bureau\LopSD.exe: trouvé !
F:\Documents and Settings\user\Bureau\Navilog1.exe: trouvé !
F:\Documents and Settings\user\Bureau\ComboFix.exe: trouvé !
F:\Documents and Settings\user\Bureau\HJTInstall.exe: trouvé !
F:\Documents and Settings\user\Bureau\ToolBarSD.exe: trouvé !
F:\Documents and Settings\user\Bureau\rapport de test virus\hijackthis.log: trouvé !
F:\Documents and Settings\user\Bureau\rapport de test virus\fixnavi.txt: trouvé !
F:\Documents and Settings\user\Bureau\rapport de test virus\lopR.txt: trouvé !
F:\Documents and Settings\user\Bureau\rapport de test virus\TB.txt: trouvé !
F:\Program Files\Navilog1: trouvé !
F:\Program Files\Trend Micro\HijackThis: trouvé !
F:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
F:\Program Files\Navilog1\Navilog1.bat: trouvé !

---------------------------------
-->- Suppression: 

F:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
F:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
F:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
F:\Documents and Settings\user\Bureau\HijackThis.lnk: supprimé !
F:\Documents and Settings\user\Bureau\LopSD.exe: supprimé !
F:\Documents and Settings\user\Bureau\Navilog1.exe: supprimé !
F:\Documents and Settings\user\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
F:\Documents and Settings\user\Bureau\HJTInstall.exe: supprimé !
F:\Documents and Settings\user\Bureau\ToolBarSD.exe: supprimé !
F:\Program Files\Navilog1\Navilog1.bat: supprimé !
F:\Combofix.txt: supprimé !
F:\fixnavi.txt: supprimé !
F:\lopR.txt: supprimé !
F:\TB.txt: supprimé !
F:\Documents and Settings\user\Bureau\rapport de test virus\hijackthis.log: supprimé !
F:\Documents and Settings\user\Bureau\rapport de test virus\fixnavi.txt: supprimé !
F:\Documents and Settings\user\Bureau\rapport de test virus\lopR.txt: supprimé !
F:\Documents and Settings\user\Bureau\rapport de test virus\TB.txt: supprimé !
F:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
F:\Lop SD: supprimé !
F:\Qoobox: supprimé !
F:\Toolbar SD: supprimé !
F:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
F:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
F:\Program Files\Navilog1: supprimé !
F:\Program Files\Trend Micro\HijackThis: supprimé !

Utilisateur anonyme · Answer

ok

bonne journée et bon surf

un peu de lecture

* Le P2P ( l'utilisation de logiciels comme eMule, Sharazaa, LimeWire, Bit torrent):

Les conséquences du P2P : https://forum.zebulon.fr/topic/85544-pr%C3%A9vention-le-p2p-et-ses-cons%C3%A9quences/

Pourquoi éviter le P2P : http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=1793
https://lexpansion.lexpress.fr/actualite-economique/

bona_2 · Answer

OK! Merci

bona_2 · Answer

bonjour,

Mon antivir ne peut pas être mis à jour???

SOS
Merci

Utilisateur anonyme · Answer

bonjour

ah je vais voir et demandé si il y a un probleme avec les mises a jour de antivir

bona_2 · Answer

ok!

Utilisateur anonyme · Answer

j'ai posé la question si il y a une reponse je te tient au courant

bona_2 · Answer

OK, Merci!

Utilisateur anonyme · Answer

re 

essaye ceci

https://www.avira.com/en/support-vdf-update-info

bona_2 · Answer

OK, merci à tous, je suis maintenant entrain de faire la mise à jour
A+

bona_2 · Answer

bonjour à tous,
Petit problème, sur windows live messenger et yahoo messenger, après la mise à jour de antivir je ne peut plus  me connecter avec ces 2, même en accedant à hotmail pour le mail et yahoo mail (Page non disponible), par rapport à d'autres site qui s'ouvre normalement.

Merci.

bona_2 · Answer

Pbm Windows live messenger et yahoo messenger
depuis  la mise à jour de antivir ou la mise à jour de IE 7 et Windows XP j'ai plus accès à ce deux logiciel idem pour le mail dans IE7, mais ça marche sur Opera
Merci 
a+

Utilisateur anonyme · Answer

bonjour

as tu mis Windows live messenger a jours ? tu  quelle version ?

Utilisateur anonyme · Answer

re 

sinon pose ta question sur le forum  messagerie/ chat peut être qu'il y a une solution

bona_2 · Answer

Je suis sur windows live messenger 8.0.1(même probleme pour yahoomessenger), le problème est apparu entre la mise à jour soit de antivir soit de mon windows XP et IE7

bona_2 · Answer

Ok, merci shion-ares j'ai déjà posté sur messagerie et chat
A+

Utilisateur anonyme · Answer

re

windows live messenger il me semble que maintenant c'est 8.5

bona_2 · Answer

oui, mais j'ai pas encore utilise la version 8.5 mais c'est 8.1 plutôt, je suis bloqué sur un "ports principaux" que j'entre sur option de windows live messenger,c'est la qu'il ya un problème.

Internet explorer de nouveau infecté

72 réponses

Discussions similaires