Bonjour, J'ai de nouveau un problème avec internet explorer, car au démarrage il semble qu'il marche bien, puis pendant la telechargement de page, il affiche un page blanche et puis apparaitre une fenetre qui me dit que votre systeme est infecté des virus veuiller télecharger l'antivirus ci-après. Dépuis j'ai desinstallé IE7. et j suis maintenant sur IE6 mais le problème persiste encore. De l'aide à nouveau Mrci

bonjour à lire jusqu'en bas Clique sur ce lien http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe pour télécharger le fichier d'installation d'HijackThis. Enregistre HJTInstall.exe sur ton bureau. Double-clique sur HJTInstall.exe pour lancer le programme Par défaut, il s'installera là : C:\Program Files\Trend Micro\HijackThis Accepte la license en cliquant sur le bouton "I Accept" Choisis l'option "Do a system scan and save a log file" Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport Colle le rapport que tu viens de copier sur ce forum Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement IMPORTANT Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier et choisis "renommer" : tapes eden et valide . FAIRE AVANT TOUT LANCEMENT DE HIJACKTHIS Tutoriaux : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm (ne fixe rien pour le moment !!) http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

Internet explorer de nouveau infecté

Réponse 21 / 72

bona_2

rapport de virustotal

http://www.virustotal.com/fr/analisis/c48c2c40dee02263ce0230fe8f0bd039

Réponse 22 / 72

bona_2

rapport virus total

Réponse 23 / 72

bona_2

virus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.27.2 2008.10.27 -
AntiVir 7.9.0.9 2008.10.27 TR/Dropper.Gen
Authentium 5.1.0.4 2008.10.27 W32/Malware!OC-based
Avast 4.8.1248.0 2008.10.27 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.27 -
BitDefender 7.2 2008.10.27 -
CAT-QuickHeal 9.50 2008.10.25 -
ClamAV 0.93.1 2008.10.27 -
DrWeb 4.44.0.09170 2008.10.26 -
eSafe 7.0.17.0 2008.10.26 -
eTrust-Vet 31.6.6168 2008.10.25 -
Ewido 4.0 2008.10.26 -
F-Prot 4.4.4.56 2008.10.26 W32/Malware!OC-based
F-Secure 8.0.14332.0 2008.10.27 -
Fortinet 3.113.0.0 2008.10.26 -
GData 19 2008.10.27 Win32:Trojan-gen {Other}
Ikarus T3.1.1.44.0 2008.10.27 -
K7AntiVirus 7.10.508 2008.10.26 -
Kaspersky 7.0.0.125 2008.10.27 -
McAfee 5415 2008.10.25 -
Microsoft 1.4005 2008.10.27 TrojanDownloader:Win32/Popur.B
NOD32 3557 2008.10.26 a variant of Win32/Kryptik.AY
Norman 5.80.02 2008.10.24 -
Panda 9.0.0.4 2008.10.26 -
PCTools 4.4.2.0 2008.10.26 -
Prevx1 V2 2008.10.27 Malicious Software
Rising 21.00.62.00 2008.10.26 -
SecureWeb-Gateway 6.7.6 2008.10.27 Trojan.Dropper.Gen
Sophos 4.35.0 2008.10.27 Mal/EncPk-CZ
Sunbelt 3.1.1753.1 2008.10.25 -
Symantec 10 2008.10.27 Trojan.Zlob
TheHacker 6.3.1.1.131 2008.10.27 -
TrendMicro 8.700.0.1004 2008.10.27 -
VBA32 3.12.8.8 2008.10.25 -
ViRobot 2008.10.27.1437 2008.10.27 -
VirusBuster 4.5.11.0 2008.10.26 -
Information additionnelle
File size: 54272 bytes
MD5...: b22f8c51a73ba948cac847ce46103a4f
SHA1..: 66ca16de6e274e4c02dd3db5b77510e7eba86537
SHA256: 839795bbf580427a0680d399fe0c9ccac98d93a267de49ba79ac3d2c0d2d2940
SHA512: 7bf765be933c468f6bb4c86059e46171268681497f1304682ecba2f7ecebe3d4
08a7c8e34351f326f1dbb8e1e99f241d5d07043fad985f860bb5fa06f07a06fc
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.2%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
VXD Driver (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4011a1
timedatestamp.....: 0x480c7007 (Mon Apr 21 10:44:23 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xb6c 0xc00 3.75 4f9bbd1e0e667b5825fd5d9202b470ab
.rdata 0x2000 0xe70 0x1000 5.02 4b70b74bad63c70e3b9120382879ca01
.data 0x3000 0x2327b 0xb400 7.33 cd9b66e6ea8f8143a2f0129f757cda0e

( 7 imports )
> GDI32.DLL: DeleteDC, CloseMetaFile, GetPixel, AddFontResourceExW, ExcludeClipRect, CopyMetaFileA, AddFontResourceTracking, BeginPath, AddFontResourceW, CloseFigure, GetCurrentPositionEx, GetClipBox, AddFontResourceA, BitBlt, ClearBrushAttributes, GetDCOrgEx, ExtTextOutA, GetBrushOrgEx, CancelDC, ClearBitmapAttributes
> COMCTL32.DLL: ImageList_GetImageCount, InitCommonControls, ImageList_DrawIndirect, ImageList_Create, ImageList_GetImageInfo, ImageList_LoadImageA, ImageList_Remove, ImageList_GetDragImage, ImageList_Merge, ImageList_AddMasked, ImageList_ReplaceIcon, ImageList_BeginDrag, ImageList_AddIcon, ImageList_DragMove, ImageList_Read, ImageList_LoadImage, ImageList_GetIconSize, ImageList_LoadImageW, ImageList_Destroy
> GDI32.DLL: GetClipBox, DeleteDC, RestoreDC, CreateSolidBrush, AddFontResourceA, AddFontResourceW, ExtTextOutA, CloseMetaFile, SetTextColor, DeleteObject, AddFontMemResourceEx, GetDCOrgEx, ExcludeClipRect, AddFontResourceExW, CancelDC, GetPixel
> COMCTL32.DLL: ImageList_LoadImage, ImageList_Copy, ImageList_Remove, ImageList_Replace, ImageList_EndDrag, ImageList_AddMasked, ImageList_GetImageCount, ImageList_DragEnter, ImageList_Merge, ImageList_DragShowNolock, ImageList_GetDragImage, InitCommonControls, ImageList_LoadImageA, ImageList_DragMove, ImageList_BeginDrag, ImageList_DrawIndirect, ImageList_Destroy, ImageList_Create
> GDI32.DLL: CopyMetaFileA, BitBlt, GetPixel, CancelDC, AddFontResourceTracking, AbortPath, CloseFigure, AddFontResourceExW, GetClipBox, AddFontResourceW, DeleteObject, GetDCOrgEx, GetBrushOrgEx, ClearBrushAttributes, ClearBitmapAttributes, DeleteDC, ExcludeClipRect, RestoreDC, ExtTextOutA, GetPixel, CloseMetaFile, AddFontMemResourceEx
> GDI32.DLL: AddFontMemResourceEx, AbortPath, CancelDC, DeleteObject, SetTextColor, GetCurrentPositionEx, AddFontResourceA, BitBlt, AddFontResourceExW, AddFontResourceTracking, AddFontResourceW, GetBrushOrgEx, GetClipBox, DeleteDC, GetPixel, GetBitmapBits, RestoreDC, CopyMetaFileA, ExtTextOutA
> USER32.DLL: LoadCursorA, IsWindow, DrawIcon, DialogBoxParamA, AppendMenuW, CloseWindow, DrawIconEx, BlockInput, GetWindowTextLengthA, DrawTextA, AlignRects, CopyIcon, IsMenu, DrawTextW, GetDlgItem

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=4C2D9225007C8C8FD414009FA8B77D00F6933945
ThreatExpert info: https://www.symantec.com?md5=b22f8c51a73ba948cac847ce46103a4f

ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

Réponse 24 / 72

Utilisateur anonyme

bonjour

je te prepare un texte pour virer cela

Réponse 25 / 72

Utilisateur anonyme

pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Registry::

File::
F:\WINDOWS\system32\GWW4c2el.exe

Folder::

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Réponse 26 / 72

bona_2

Combofx
ComboFix 08-10-23.08 - user 2008-10-27 14:19:46.9 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.30 [GMT 3:00]
Lancé depuis: F:\Documents and Settings\user\Bureau\ComboFix.exe
Commutateurs utilisés :: F:\Documents and Settings\user\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
F:\WINDOWS\system32\GWW4c2el.exe
.
Error: Cfiles.dat

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-27 au 2008-10-27 ))))))))))))))))))))))))))))))))))))
.

2008-10-27 13:05 . 2008-10-27 13:05 <REP> d-------- F:\Documents and Settings\All Users\Application Data\eXPert PDF 5
2008-10-27 13:05 . 2008-10-27 13:39 111 --ah----- F:\sys53997.bin
2008-10-27 11:44 . 2008-10-27 11:44 <REP> d-------- F:\Documents and Settings\user\Application Data\eXPert PDF Editor
2008-10-27 11:44 . 2008-10-27 11:44 <REP> d-------- F:\Documents and Settings\user\Application Data\eXPert PDF 5
2008-10-27 11:42 . 2008-10-27 11:42 <REP> d-------- F:\WINDOWS\My Documents
2008-10-27 11:42 . 2008-10-27 11:42 <REP> d-------- F:\Program Files\Visagesoft
2008-10-27 11:42 . 2008-10-27 11:42 <REP> d-------- F:\Documents and Settings\All Users\Application Data\eXPert PDF Jobs
2008-10-27 11:42 . 2008-10-27 11:42 <REP> d-------- F:\Documents and Settings\All Users\Application Data\eXPert PDF
2008-10-27 11:42 . 2005-06-02 12:40 14,336 --a------ F:\WINDOWS\system32\vsmon1.dll
2008-10-27 11:31 . 2008-10-27 11:31 <REP> d-------- F:\Documents and Settings\user\Application Data\Ulead Systems
2008-10-27 11:31 . 2008-10-27 11:31 24 --a------ F:\WINDOWS\system32\DKRNL.JAX
2008-10-27 11:30 . 2008-10-27 11:30 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-10-24 14:56 . 2008-10-24 14:56 <REP> d-------- F:\Program Files\Medocs 4.5
2008-10-24 14:51 . 2008-10-24 14:51 <REP> d-------- F:\ocs-ng
2008-10-24 14:01 . 2008-10-24 14:01 <REP> d--hs---- F:\FOUND.006
2008-10-24 12:48 . 2008-10-24 12:48 <REP> d-------- F:\Lop SD
2008-10-24 10:59 . 2008-10-24 10:59 <REP> d-------- F:\ToolBar SD
2008-10-24 09:58 . 2008-10-24 09:58 268 --ah----- F:\sqmdata02.sqm
2008-10-24 09:58 . 2008-10-24 09:58 244 --ah----- F:\sqmnoopt02.sqm
2008-10-23 16:29 . 2008-10-23 16:29 <REP> d-------- F:\Program Files\Navilog1
2008-10-23 15:53 . 2008-10-23 15:53 230 --a------ F:\WINDOWS\system32\spupdsvc.inf
2008-10-23 15:38 . 2008-10-27 13:47 4 --a------ F:\WINDOWS\data4711.bak
2008-10-23 12:43 . 2008-10-23 12:43 <REP> d-------- F:\Program Files\A.C. Element MyUSBOnly
2008-10-22 16:14 . 2008-10-22 16:14 268 --ah----- F:\sqmdata01.sqm
2008-10-22 16:14 . 2008-10-22 16:14 244 --ah----- F:\sqmnoopt01.sqm
2008-10-22 13:30 . 2008-10-22 13:30 <REP> d-------- F:\TYVB24h
2008-10-22 13:29 . 2008-10-22 13:29 <REP> d--h----- F:\WINDOWS\PIF
2008-10-22 10:05 . 2008-10-22 10:29 80 --a------ F:\WINDOWS\SuperUtil.ini
2008-10-22 10:04 . 2008-10-22 10:04 <REP> d-------- F:\Program Files\SuperLogix
2008-10-22 10:04 . 2008-08-07 23:13 1,473,536 --a------ F:\WINDOWS\system32\context.dll
2008-10-22 10:04 . 2008-09-10 22:08 1,400,320 --a------ F:\WINDOWS\system32\vbsbak.dat
2008-10-22 10:04 . 2008-10-22 10:05 269,824 --a------ F:\WINDOWS\system32\supermenuhook.dll
2008-10-22 10:04 . 2008-10-22 10:05 269,824 --a------ F:\WINDOWS\system32\baksm.dat
2008-10-22 10:04 . 2003-10-11 10:24 89,088 --a------ F:\WINDOWS\system32\Shreder.dll
2008-10-22 10:04 . 2003-09-06 22:32 73,728 --a------ F:\WINDOWS\system32\smh.dat
2008-10-22 10:04 . 2007-03-11 21:39 44,000 --a------ F:\WINDOWS\system32\drivers\AFPUni.sys
2008-10-22 10:04 . 2007-03-11 21:39 43,936 --a------ F:\WINDOWS\system32\drivers\AFPAnsi.sys
2008-10-22 10:04 . 2008-02-24 16:17 11,264 --a------ F:\WINDOWS\system32\drivers\supermounter.sys
2008-10-22 10:04 . 2003-10-16 22:56 6,144 --a------ F:\WINDOWS\system32\SuperRes.dll
2008-10-21 09:26 . 2008-10-21 09:26 <REP> d-------- F:\Program Files\Virtual Piano
2008-10-17 16:25 . 2008-10-17 16:25 <REP> d--hs---- F:\FOUND.005
2008-10-13 13:55 . 2008-10-13 13:55 <REP> d-------- F:\Program Files\Smart Projects
2008-10-09 14:14 . 2008-10-27 13:47 4 --a------ F:\WINDOWS\num41.jbd
2008-10-09 14:14 . 2008-10-27 13:47 4 --a------ F:\WINDOWS\info147.sys
2008-10-09 14:13 . 2008-10-09 14:13 <REP> d-------- F:\Program Files\Vg
2008-10-09 14:13 . 2008-10-09 14:13 <REP> d-------- F:\Program Files\Fichiers communs\Totem Shared
2008-10-07 09:34 . 2008-10-07 09:34 <REP> d-------- F:\Program Files\NN Software Collection 12
2008-10-06 10:47 . 2008-10-06 10:47 <REP> d-------- F:\Program Files\ElcomSoft
2008-10-06 10:47 . 2008-10-07 16:58 870 --a------ F:\WINDOWS\ARPR.INI
2008-10-02 16:11 . 2008-10-02 16:11 <REP> d-------- F:\Documents and Settings\user\Application Data\Publish Providers
2008-10-02 16:10 . 2008-10-02 16:10 <REP> d-------- F:\Documents and Settings\user\Application Data\Sony
2008-10-02 15:04 . 2008-10-02 15:04 <REP> d-------- F:\Documents and Settings\user\Application Data\XemiComputers
2008-10-01 15:02 . 2008-10-01 15:02 <REP> d-------- F:\Program Files\Alwil Software
2008-10-01 13:03 . 2008-10-01 13:03 <REP> d--hs---- F:\FOUND.004
2008-10-01 10:28 . 2008-10-01 10:28 45,056 --a------ F:\WINDOWS\NCUNINST.EXE
2008-10-01 10:26 . 2008-04-13 11:39 206,976 --a------ F:\WINDOWS\system32\drivers\Dot4.sys
2008-10-01 10:26 . 2001-08-23 17:11 24,064 --a------ F:\WINDOWS\system32\drivers\Dot4usb.sys
2008-10-01 10:26 . 2001-08-17 21:47 12,928 --a------ F:\WINDOWS\system32\drivers\Dot4Prt.sys
2008-10-01 10:23 . 2008-10-01 10:27 310,922 --a------ F:\WINDOWS\hplj1010.his
2008-10-01 10:23 . 2008-10-01 10:27 19,549 --a------ F:\WINDOWS\hplj1010.ini
2008-10-01 09:59 . 2008-10-01 09:59 268 --ah----- F:\sqmdata00.sqm
2008-10-01 09:59 . 2008-10-01 09:59 244 --ah----- F:\sqmnoopt00.sqm
2008-10-01 09:48 . 2008-10-01 09:48 <REP> d-------- F:\Documents and Settings\user\Application Data\Avira(2)
2008-09-30 10:11 . 2008-09-30 10:11 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Avira
2008-09-30 09:12 . 2008-09-30 09:12 <REP> d--hs---- F:\FOUND.003
2008-09-29 15:11 . 2008-09-29 15:12 <REP> d-------- F:\Program Files\CCleaner
2008-09-29 14:01 . 2008-10-23 14:14 2,442 --a------ F:\WINDOWS\system32\tmp.reg

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 10:10 18,030 ----a-w F:\WINDOWS\system32\drivers\DeskLock.sys
2008-10-23 12:05 2,421 ----a-w F:\WINDOWS\kmuusb.sys
2008-10-22 13:10 38,496 ----a-w F:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 13:10 15,504 ----a-w F:\WINDOWS\system32\drivers\mbam.sys
2008-09-25 10:31 --------- d-----w F:\Program Files\Panda Security
2008-09-22 12:36 --------- d-----w F:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 12:36 --------- d-----w F:\Documents and Settings\user\Application Data\Malwarebytes
2008-09-22 12:36 --------- d-----w F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 10:44 --------- d-----w F:\Documents and Settings\user\Application Data\Radmin Communication Client
2008-09-18 06:54 --------- d-----w F:\Program Files\Runtime Software
2008-09-16 13:59 --------- d-----w F:\Documents and Settings\Administrator\Application Data\Radmin Communication Client
2008-09-16 13:58 --------- d-----w F:\Program Files\Radmin Communication Client 3.0
2008-09-16 13:42 --------- d-----w F:\Program Files\PCNetSoftware
2008-09-16 12:02 --------- d-----w F:\Program Files\UltraVNC
2008-09-09 12:31 --------- d-----w F:\Program Files\VirginMega
2008-09-09 12:11 --------- d-----w F:\Program Files\Windows Media Connect 2
2008-09-08 06:26 --------- d-----w F:\Program Files\Intelore
2008-09-05 13:02 --------- d-----w F:\Documents and Settings\user\Application Data\ZIP RAR ACE Password Recovery
2008-09-05 12:43 --------- d-----w F:\Program Files\RAR Password Cracker
2008-09-05 12:35 --------- d-----w F:\Program Files\Active Data Recovery Software
2008-09-03 13:46 --------- d-----w F:\Documents and Settings\Administrator\Application Data\TopLang
2008-09-02 12:53 --------- d-----w F:\Program Files\Desktop Lock
2008-09-02 12:16 --------- d-----w F:\Documents and Settings\user\Application Data\TopLang
2008-09-02 11:42 --------- d-----w F:\Documents and Settings\All Users\Application Data\MyUSBOnly
2008-09-02 10:45 --------- d-sh--w F:\Documents and Settings\All Users\Application Data\MPK
2008-05-28 11:59 33 ----a-w F:\Documents and Settings\user\Application Data\pwcpsw.dat
2007-12-07 13:51 92,064 ----a-w F:\Documents and Settings\user\mqdmmdm.sys
2007-12-07 13:51 9,232 ----a-w F:\Documents and Settings\user\mqdmmdfl.sys
2007-12-07 13:51 79,328 ----a-w F:\Documents and Settings\user\mqdmserd.sys
2007-12-07 13:51 66,656 ----a-w F:\Documents and Settings\user\mqdmbus.sys
2007-12-07 13:51 6,208 ----a-w F:\Documents and Settings\user\mqdmcmnt.sys
2007-12-07 13:51 5,936 ----a-w F:\Documents and Settings\user\mqdmwhnt.sys
2007-12-07 13:51 4,048 ----a-w F:\Documents and Settings\user\mqdmcr.sys
2007-12-07 13:51 25,600 ----a-w F:\Documents and Settings\user\usbsermptxp.sys
2007-12-07 13:51 22,768 ----a-w F:\Documents and Settings\user\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-24_15.59.33,93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-27 10:10:18 3,066 ----a-w F:\WINDOWS\SoftwareDistribution\EventCache\{E35DCEEC-ACBE-4FD0-9699-9E7E28F05FDF}.bin
- 2008-09-29 12:58:10 277,352 ----a-w F:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-27 05:40:10 278,152 ----a-w F:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-02-18 15:22:02 96,256 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\3\vspdfdrv.dll
+ 2006-11-02 08:02:12 57,856 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\3\vspdfui.dll
+ 2008-10-27 10:33:34 16,384 ----a-w F:\WINDOWS\Temp\Perflib_Perfdata_604.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PcSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Yahoo! Pager"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"AlcoholAutomount"="F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"USB_FW"="F:\Program Files\Net Studio\USB_FW.exe" [2008-05-21 1299968]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"HP SchedIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-02-19 86016]
"HP AutoIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-02-19 77824]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"COMODO Firewall Pro"="F:\Program Files\Comodo\Firewall\CPF.exe" [2008-01-03 1115728]
"!AVG Anti-Spyware"="F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-10-24 6731312]
"Babylon Client"="F:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 3116768]
"StatusClient"="F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="F:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Desktop Lock Loader"="F:\PROGRA~1\DESKTO~1\TLDL.EXE" [2008-05-02 151552]
"TkBellExe"="F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-18 185896]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"vspdfprsrv.exe"="F:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-08-08 966656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

F:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
RAR Password Cracker.lnk - F:\Program Files\RAR Password Cracker\rpc.exe [2004-04-25 157696]
VirtuaGirl2.lnk - F:\Program Files\Vg\VirtuaGirl2.exe [2008-10-09 2654208]

F:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-19 110592]
HP LaserJet Director.lnk - F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe [2007-12-05 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LoginPrompt"= 9E8C8182988584
"NoViewOnDrive"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-10-18 20:47 75064 F:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"F:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 AFPAnsi;Alfa File Protector Ansi;F:\WINDOWS\system32\Drivers\AFPAnsi.sys [2007-03-11 43936]
R0 pavboot;pavboot;F:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 DeskLock;DeskLock;F:\WINDOWS\system32\drivers\DeskLock.sys [2008-10-27 18030]
R1 SuperMounter;SuperMounter;F:\WINDOWS\system32\drivers\SuperMounter.sys [2008-02-24 11264]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112]
R2 Poweroff;Poweroff;F:\WINDOWS\system32\poweroff.exe [2003-08-16 172032]
S2 LMIInfo;LogMeIn Kernel Information Provider;F:\Program Files\LogMeIn\x86\RaInfo.sys [ ]
S3 MiniScanEye;MiniScanEye;F:\WINDOWS\system32\Drivers\minsceye.sys [2005-02-16 14382]
S3 pendfu;PenDfu (pendfu.sys);F:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 32408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 14:22:41
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\user\LOCALS~1\Temp\mc21.tmp"
.
Heure de fin: 2008-10-27 14:24:25
ComboFix-quarantined-files.txt 2008-10-27 11:24:18
ComboFix2.txt 2008-10-24 13:00:28

Avant-CF: 750 075 904 octets libres
Après-CF: 749,174,784 octets libres

220

Réponse 27 / 72

bona_2

hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:30, on 27/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\poweroff.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\Program Files\Comodo\Firewall\CPF.exe
F:\Program Files\Babylon\Babylon-Pro\Babylon.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
F:\PROGRA~1\DESKTO~1\TLDL.EXE
F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
F:\Program Files\Net Studio\USB_FW.exe
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\INTERNAT.EXE
F:\WINDOWS\system32\WISPTIS.EXE
F:\PROGRA~1\FICHIE~1\MICROS~1\MODI\12.0\MSPOCRDC.EXE
F:\WINDOWS\explorer.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Opera\opera.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Trend Micro\HijackThis\eden et valide.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP SchedIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "F:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Babylon Client] F:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [StatusClient] F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] F:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Desktop Lock Loader] F:\PROGRA~1\DESKTO~1\TLDL.EXE /BOOT
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] F:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [USB_FW] F:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RAR Password Cracker.lnk = F:\Program Files\RAR Password Cracker\rpc.exe
O4 - Startup: VirtuaGirl2.lnk = F:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet Director.lnk = F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS3\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS4\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS5\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - F:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Poweroff - Jorgen Bosman - F:\WINDOWS\system32\poweroff.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Réponse 28 / 72

Utilisateur anonyme

cela n'a pas fonctionné reposte un rapport de lopsd stp

Réponse 29 / 72

bona_2

--------------------\\ Lop S&D 4.2.4-7 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081027-0] 4.8.1229 (Activated)
Firewall : COMODO Firewall Pro 2.3.035 (Not Activated)
C:\ (Local Disk) - FAT32 - Total : 9 Go Free : 1 Go
D:\ (Local Disk) - FAT32 - Total : 29 Go Free : 12 Go
E:\ (Local Disk) - FAT32 - Total : 27 Go Free : 6 Go
F:\ (Local Disk) - FAT32 - Total : 9 Go Free : 0 Go
G:\ (CD or DVD)
H:\ (CD or DVD)

"F:\Lop SD" ( MAJ : 23-10-2008|23:15 )
Option : [1] ( 27/10/2008|14:57 )

--------------------\\ Listing des dossiers dans APPLIC~1

[19/11/2007|10:31] F:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[23/11/2007|12:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[30/09/2008|10:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[04/08/2008|14:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
[07/12/2007|16:51] F:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[19/11/2007|16:34] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
[04/12/2007|14:49] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[27/10/2008|11:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF
[27/10/2008|13:05] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF 5
[27/10/2008|11:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF Jobs
[29/11/2007|15:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[19/11/2007|15:13] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[11/02/2008|12:03] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[22/09/2008|15:36] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/11/2007|10:31] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[19/11/2007|15:39] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[02/09/2008|13:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MPK
[22/11/2007|16:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[02/09/2008|14:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MyUSBOnly
[04/12/2007|14:50] F:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[23/04/2008|11:19] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Penpower
[17/07/2008|12:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[05/12/2007|17:07] F:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[04/12/2007|15:40] F:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[27/10/2008|11:30] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[09/09/2008|10:24] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/12/2007|13:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[19/11/2007|10:31] F:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[19/11/2007|10:31] F:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[19/11/2007|15:55] F:\DOCUME~1\user\APPLIC~1\Adobe
[30/11/2007|16:32] F:\DOCUME~1\user\APPLIC~1\AdobeUM
[01/10/2008|09:48] F:\DOCUME~1\user\APPLIC~1\Avira(2)
[04/08/2008|14:45] F:\DOCUME~1\user\APPLIC~1\Babylon
[19/11/2007|16:34] F:\DOCUME~1\user\APPLIC~1\Comodo
[04/12/2007|14:58] F:\DOCUME~1\user\APPLIC~1\Datalayer
[27/10/2008|11:44] F:\DOCUME~1\user\APPLIC~1\eXPert PDF 5
[27/10/2008|11:44] F:\DOCUME~1\user\APPLIC~1\eXPert PDF Editor
[24/01/2008|14:00] F:\DOCUME~1\user\APPLIC~1\GetRightToGo
[29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Google
[08/02/2008|10:00] F:\DOCUME~1\user\APPLIC~1\Help
[19/11/2007|10:45] F:\DOCUME~1\user\APPLIC~1\Identities
[07/12/2007|16:59] F:\DOCUME~1\user\APPLIC~1\InstallShield
[28/05/2008|10:55] F:\DOCUME~1\user\APPLIC~1\Intelore
[29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Macromedia
[22/09/2008|15:36] F:\DOCUME~1\user\APPLIC~1\Malwarebytes
[19/11/2007|10:31] F:\DOCUME~1\user\APPLIC~1\Microsoft
[03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Mozilla
[04/12/2007|14:57] F:\DOCUME~1\user\APPLIC~1\Nokia
[10/01/2008|11:26] F:\DOCUME~1\user\APPLIC~1\Nokia Multimedia Player
[03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Nvu
[29/07/2008|09:42] F:\DOCUME~1\user\APPLIC~1\Opera
[21/07/2008|13:25] F:\DOCUME~1\user\APPLIC~1\OtakuSoftware
[04/12/2007|14:50] F:\DOCUME~1\user\APPLIC~1\PC Suite
[10/07/2008|13:53] F:\DOCUME~1\user\APPLIC~1\PDFCreator
[02/10/2008|16:11] F:\DOCUME~1\user\APPLIC~1\Publish Providers
[18/09/2008|13:44] F:\DOCUME~1\user\APPLIC~1\Radmin Communication Client
[18/06/2008|09:16] F:\DOCUME~1\user\APPLIC~1\Real
[17/07/2008|12:54] F:\DOCUME~1\user\APPLIC~1\Skype
[17/07/2008|12:59] F:\DOCUME~1\user\APPLIC~1\skypePM
[02/10/2008|16:10] F:\DOCUME~1\user\APPLIC~1\Sony
[10/01/2008|08:27] F:\DOCUME~1\user\APPLIC~1\Teleca
[02/09/2008|15:16] F:\DOCUME~1\user\APPLIC~1\TopLang
[27/10/2008|11:31] F:\DOCUME~1\user\APPLIC~1\Ulead Systems
[21/11/2007|09:04] F:\DOCUME~1\user\APPLIC~1\Visicom Media
[02/10/2008|16:59] F:\DOCUME~1\user\APPLIC~1\WinRAR
[02/10/2008|15:04] F:\DOCUME~1\user\APPLIC~1\XemiComputers
[05/09/2008|16:02] F:\DOCUME~1\user\APPLIC~1\ZIP RAR ACE Password Recovery

[30/11/2007|13:00] F:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[18/08/2008|15:27] F:\DOCUME~1\ADMINI~1\APPLIC~1\Babylon
[22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Comodo
[22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[26/12/2007|08:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[19/11/2007|10:31] F:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[05/12/2007|08:49] F:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
[16/09/2008|16:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Radmin Communication Client
[09/07/2008|09:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[10/01/2008|13:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Teleca
[03/09/2008|16:46] F:\DOCUME~1\ADMINI~1\APPLIC~1\TopLang

[23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Comodo
[23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Identities
[19/11/2007|10:31] F:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft

[29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Comodo
[29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\Identities
[19/11/2007|10:31] F:\DOCUME~1\TOKY\APPLIC~1\Microsoft
[29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\PC Suite
[29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Teleca

--------------------\\ Tâches planifiées dans F:\WINDOWS\tasks

[27/10/2008 14:24][--ah-----] F:\WINDOWS\tasks\SA.DAT
[17/11/2004 13:27][-r-h-----] F:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans F:\Program Files

[05/08/2008|14:02] F:\Program Files\01-mp3search
[23/10/2008|12:43] F:\Program Files\A.C. Element MyUSBOnly
[30/05/2008|15:02] F:\Program Files\Accent OFFICE Password Recovery
[05/09/2008|15:35] F:\Program Files\Active Data Recovery Software
[19/11/2007|15:53] F:\Program Files\Adobe
[27/12/2007|14:24] F:\Program Files\Ahead
[29/01/2008|09:13] F:\Program Files\Alcohol Soft
[01/10/2008|15:02] F:\Program Files\Alwil Software
[28/05/2008|09:19] F:\Program Files\Ashampoo
[07/12/2007|16:53] F:\Program Files\Avanquest update
[26/02/2008|11:46] F:\Program Files\AVOne
[04/08/2008|15:00] F:\Program Files\Babylon
[29/09/2008|15:12] F:\Program Files\CCleaner
[03/01/2008|14:12] F:\Program Files\CHANGJIE
[19/11/2007|16:32] F:\Program Files\Comodo
[19/11/2007|10:39] F:\Program Files\ComPlus Applications
[04/08/2008|15:00] F:\Program Files\Conduit
[02/09/2008|15:53] F:\Program Files\Desktop Lock
[04/12/2007|14:51] F:\Program Files\DIFX
[04/12/2007|15:39] F:\Program Files\Easy CD-DA Extractor 11
[28/11/2007|11:36] F:\Program Files\Easy GIF Animator
[28/11/2007|11:36] F:\Program Files\Easy Gif Animator Extension
[08/08/2008|13:57] F:\Program Files\EasyPHP1-8
[06/10/2008|10:47] F:\Program Files\ElcomSoft
[29/01/2008|11:41] F:\Program Files\eMule
[19/11/2007|10:25] F:\Program Files\Fichiers communs
[29/11/2007|15:53] F:\Program Files\Google
[11/01/2008|11:06] F:\Program Files\Grisoft
[22/11/2007|16:21] F:\Program Files\Hewlett-Packard
[25/02/2008|13:27] F:\Program Files\HP
[08/08/2008|12:58] F:\Program Files\IDAutomation.com Code 39 Free Font
[07/12/2007|16:51] F:\Program Files\InstallShield Installation Information
[08/09/2008|09:26] F:\Program Files\Intelore
[19/11/2007|10:40] F:\Program Files\Internet Explorer
[03/01/2008|14:12] F:\Program Files\KOIME
[23/11/2007|13:25] F:\Program Files\Lauyan
[03/01/2008|14:09] F:\Program Files\LHSP
[22/09/2008|15:36] F:\Program Files\Malwarebytes' Anti-Malware
[24/10/2008|14:56] F:\Program Files\Medocs 4.5
[19/11/2007|10:38] F:\Program Files\Messenger
[19/11/2007|10:43] F:\Program Files\microsoft frontpage
[19/11/2007|15:40] F:\Program Files\Microsoft Office
[08/08/2008|09:47] F:\Program Files\Microsoft Silverlight
[19/11/2007|15:45] F:\Program Files\Microsoft Visual Studio
[19/11/2007|15:45] F:\Program Files\Microsoft Works
[07/12/2007|16:51] F:\Program Files\Motorola Phone Tools
[19/11/2007|10:40] F:\Program Files\Movie Maker
[19/11/2007|15:45] F:\Program Files\MSBuild
[19/11/2007|10:38] F:\Program Files\MSN
[19/11/2007|10:38] F:\Program Files\MSN Gaming Zone
[20/11/2007|08:40] F:\Program Files\MSN Messenger
[04/08/2008|15:00] F:\Program Files\myBabylon
[24/01/2008|14:51] F:\Program Files\NASA
[23/10/2008|16:29] F:\Program Files\Navilog1
[22/05/2008|11:10] F:\Program Files\Net Studio
[19/11/2007|10:40] F:\Program Files\NetMeeting
[07/10/2008|09:34] F:\Program Files\NN Software Collection 12
[04/12/2007|14:49] F:\Program Files\Nokia
[03/01/2008|09:30] F:\Program Files\Nvu
[19/11/2007|10:39] F:\Program Files\Online Services
[17/12/2007|10:24] F:\Program Files\Ontrack
[29/07/2008|09:42] F:\Program Files\Opera
[30/05/2008|15:12] F:\Program Files\OPRW
[19/11/2007|10:40] F:\Program Files\Outlook Express
[25/09/2008|13:31] F:\Program Files\Panda Security
[28/05/2008|09:02] F:\Program Files\PasswordTools
[16/09/2008|16:42] F:\Program Files\PCNetSoftware
[20/08/2008|14:30] F:\Program Files\PDF2Word v1.6
[10/07/2008|13:53] F:\Program Files\PDFCreator
[27/12/2007|14:38] F:\Program Files\Radio Fr Solo
[16/09/2008|16:58] F:\Program Files\Radmin Communication Client 3.0
[05/09/2008|15:43] F:\Program Files\RAR Password Cracker
[18/09/2008|09:54] F:\Program Files\Runtime Software
[21/01/2008|10:35] F:\Program Files\Sarkophage
[27/03/2008|14:21] F:\Program Files\SCC
[03/01/2008|14:12] F:\Program Files\SCIME
[19/11/2007|10:41] F:\Program Files\Services en ligne
[17/07/2008|12:53] F:\Program Files\Skype
[13/10/2008|13:55] F:\Program Files\Smart Projects
[29/05/2008|16:54] F:\Program Files\SuperCopier2
[22/10/2008|10:04] F:\Program Files\SuperLogix
[03/01/2008|14:12] F:\Program Files\TCIME
[08/02/2008|14:47] F:\Program Files\Temp
[24/07/2008|10:49] F:\Program Files\Trend Micro
[16/09/2008|15:02] F:\Program Files\UltraVNC
[19/11/2007|10:45] F:\Program Files\Uninstall Information
[09/10/2008|14:13] F:\Program Files\Vg
[04/12/2007|15:47] F:\Program Files\VIA Technologies, Inc
[09/09/2008|15:31] F:\Program Files\VirginMega
[21/10/2008|09:26] F:\Program Files\Virtual Piano
[27/10/2008|11:42] F:\Program Files\Visagesoft
[21/11/2007|09:03] F:\Program Files\Visicom Media
[06/03/2008|15:01] F:\Program Files\WinAVI Video Converter
[09/09/2008|15:11] F:\Program Files\Windows Media Connect 2
[19/11/2007|10:39] F:\Program Files\Windows Media Player
[19/11/2007|10:38] F:\Program Files\Windows NT
[19/11/2007|10:41] F:\Program Files\WindowsUpdate
[07/12/2007|13:40] F:\Program Files\WinRAR
[07/12/2007|13:41] F:\Program Files\WinZip
[30/05/2008|13:35] F:\Program Files\XaviWare Password Recovery .MDB
[19/11/2007|10:43] F:\Program Files\xerox
[18/12/2007|13:03] F:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans F:\Program Files\Fichiers communs

[19/11/2007|15:53] F:\Program Files\Fichiers communs\Adobe
[27/12/2007|14:24] F:\Program Files\Fichiers communs\Ahead
[19/11/2007|15:45] F:\Program Files\Fichiers communs\DESIGNER
[07/12/2007|16:50] F:\Program Files\Fichiers communs\InstallShield
[03/01/2008|14:09] F:\Program Files\Fichiers communs\L&H Shared
[19/11/2007|10:25] F:\Program Files\Fichiers communs\Microsoft Shared
[18/12/2007|10:40] F:\Program Files\Fichiers communs\Motorola Shared
[19/11/2007|10:40] F:\Program Files\Fichiers communs\MSSoap
[27/12/2007|14:26] F:\Program Files\Fichiers communs\Nero
[04/12/2007|14:50] F:\Program Files\Fichiers communs\Nokia
[19/11/2007|10:25] F:\Program Files\Fichiers communs\ODBC
[04/12/2007|14:50] F:\Program Files\Fichiers communs\PCSuite
[18/06/2008|09:17] F:\Program Files\Fichiers communs\Real
[19/11/2007|10:40] F:\Program Files\Fichiers communs\Services
[17/07/2008|12:53] F:\Program Files\Fichiers communs\Skype
[19/11/2007|10:25] F:\Program Files\Fichiers communs\SpeechEngines
[04/02/2008|14:20] F:\Program Files\Fichiers communs\SWF Studio
[19/11/2007|10:40] F:\Program Files\Fichiers communs\System
[10/01/2008|08:25] F:\Program Files\Fichiers communs\Teleca Shared
[09/10/2008|14:13] F:\Program Files\Fichiers communs\Totem Shared
[19/11/2007|15:20] F:\Program Files\Fichiers communs\Wise Installation Wizard
[18/06/2008|09:20] F:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 50 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

F:\DOCUME~1\user\Favoris\aina\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download page 10.url
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6[1].02_Incl._Keygen_FRENCH-BS.RAR
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs-we60a.zip
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs.nfo
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\file_id.diz
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\keygenfr.exe

[F:4][D:2]-> F:\DOCUME~1\user\LOCALS~1\Temp
[F:17][D:0]-> F:\DOCUME~1\user\Cookies
[F:12][D:4]-> F:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> F:\Recycled

1 - "F:\Lop SD\LopR_1.txt" - 24/10/2008|12:52 - Option : [1]
2 - "F:\Lop SD\LopR_2.txt" - 24/10/2008|15:18 - Option : [2]
3 - "F:\Lop SD\LopR_3.txt" - 27/10/2008|15:01 - Option : [1]

--------------------\\ Fin du rapport a 15:01:35

Réponse 30 / 72

Utilisateur anonyme

desolé je me suis tromper c'est un log de toolbar

je regarde le rapport de combo pour voir ce qu'il ne va pas

Réponse 31 / 72

bona_2

--------------------\\ Lop S&D 4.2.4-7 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081027-0] 4.8.1229 (Activated)
Firewall : COMODO Firewall Pro 2.3.035 (Not Activated)
C:\ (Local Disk) - FAT32 - Total : 9 Go Free : 1 Go
D:\ (Local Disk) - FAT32 - Total : 29 Go Free : 12 Go
E:\ (Local Disk) - FAT32 - Total : 27 Go Free : 6 Go
F:\ (Local Disk) - FAT32 - Total : 9 Go Free : 0 Go
G:\ (CD or DVD)
H:\ (CD or DVD)

"F:\Lop SD" ( MAJ : 23-10-2008|23:15 )
Option : [2] ( 27/10/2008|16:02 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[19/11/2007|10:31] F:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[23/11/2007|12:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[30/09/2008|10:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[04/08/2008|14:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
[07/12/2007|16:51] F:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[19/11/2007|16:34] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
[04/12/2007|14:49] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[27/10/2008|11:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF
[27/10/2008|13:05] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF 5
[27/10/2008|11:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\eXPert PDF Jobs
[29/11/2007|15:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[19/11/2007|15:13] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[11/02/2008|12:03] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[22/09/2008|15:36] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/11/2007|10:31] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[19/11/2007|15:39] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[02/09/2008|13:45] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MPK
[22/11/2007|16:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[02/09/2008|14:42] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MyUSBOnly
[04/12/2007|14:50] F:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[23/04/2008|11:19] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Penpower
[17/07/2008|12:53] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[05/12/2007|17:07] F:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[04/12/2007|15:40] F:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[27/10/2008|11:30] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[09/09/2008|10:24] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/12/2007|13:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[23/10/2008|13:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[19/11/2007|10:31] F:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[10/07/2008|14:00] F:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[19/11/2007|10:31] F:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[19/11/2007|15:55] F:\DOCUME~1\user\APPLIC~1\Adobe
[30/11/2007|16:32] F:\DOCUME~1\user\APPLIC~1\AdobeUM
[01/10/2008|09:48] F:\DOCUME~1\user\APPLIC~1\Avira(2)
[04/08/2008|14:45] F:\DOCUME~1\user\APPLIC~1\Babylon
[19/11/2007|16:34] F:\DOCUME~1\user\APPLIC~1\Comodo
[04/12/2007|14:58] F:\DOCUME~1\user\APPLIC~1\Datalayer
[27/10/2008|11:44] F:\DOCUME~1\user\APPLIC~1\eXPert PDF 5
[27/10/2008|11:44] F:\DOCUME~1\user\APPLIC~1\eXPert PDF Editor
[24/01/2008|14:00] F:\DOCUME~1\user\APPLIC~1\GetRightToGo
[29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Google
[08/02/2008|10:00] F:\DOCUME~1\user\APPLIC~1\Help
[19/11/2007|10:45] F:\DOCUME~1\user\APPLIC~1\Identities
[07/12/2007|16:59] F:\DOCUME~1\user\APPLIC~1\InstallShield
[28/05/2008|10:55] F:\DOCUME~1\user\APPLIC~1\Intelore
[29/11/2007|15:58] F:\DOCUME~1\user\APPLIC~1\Macromedia
[22/09/2008|15:36] F:\DOCUME~1\user\APPLIC~1\Malwarebytes
[19/11/2007|10:31] F:\DOCUME~1\user\APPLIC~1\Microsoft
[03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Mozilla
[04/12/2007|14:57] F:\DOCUME~1\user\APPLIC~1\Nokia
[10/01/2008|11:26] F:\DOCUME~1\user\APPLIC~1\Nokia Multimedia Player
[03/01/2008|09:30] F:\DOCUME~1\user\APPLIC~1\Nvu
[29/07/2008|09:42] F:\DOCUME~1\user\APPLIC~1\Opera
[21/07/2008|13:25] F:\DOCUME~1\user\APPLIC~1\OtakuSoftware
[04/12/2007|14:50] F:\DOCUME~1\user\APPLIC~1\PC Suite
[10/07/2008|13:53] F:\DOCUME~1\user\APPLIC~1\PDFCreator
[02/10/2008|16:11] F:\DOCUME~1\user\APPLIC~1\Publish Providers
[18/09/2008|13:44] F:\DOCUME~1\user\APPLIC~1\Radmin Communication Client
[18/06/2008|09:16] F:\DOCUME~1\user\APPLIC~1\Real
[17/07/2008|12:54] F:\DOCUME~1\user\APPLIC~1\Skype
[17/07/2008|12:59] F:\DOCUME~1\user\APPLIC~1\skypePM
[02/10/2008|16:10] F:\DOCUME~1\user\APPLIC~1\Sony
[10/01/2008|08:27] F:\DOCUME~1\user\APPLIC~1\Teleca
[02/09/2008|15:16] F:\DOCUME~1\user\APPLIC~1\TopLang
[27/10/2008|11:31] F:\DOCUME~1\user\APPLIC~1\Ulead Systems
[21/11/2007|09:04] F:\DOCUME~1\user\APPLIC~1\Visicom Media
[02/10/2008|16:59] F:\DOCUME~1\user\APPLIC~1\WinRAR
[02/10/2008|15:04] F:\DOCUME~1\user\APPLIC~1\XemiComputers
[05/09/2008|16:02] F:\DOCUME~1\user\APPLIC~1\ZIP RAR ACE Password Recovery

[30/11/2007|13:00] F:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[18/08/2008|15:27] F:\DOCUME~1\ADMINI~1\APPLIC~1\Babylon
[22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Comodo
[22/11/2007|16:13] F:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[26/12/2007|08:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[19/11/2007|10:31] F:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[05/12/2007|08:49] F:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
[16/09/2008|16:59] F:\DOCUME~1\ADMINI~1\APPLIC~1\Radmin Communication Client
[09/07/2008|09:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[10/01/2008|13:07] F:\DOCUME~1\ADMINI~1\APPLIC~1\Teleca
[03/09/2008|16:46] F:\DOCUME~1\ADMINI~1\APPLIC~1\TopLang

[23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Comodo
[23/11/2007|09:01] F:\DOCUME~1\ADMINI~2\APPLIC~1\Identities
[19/11/2007|10:31] F:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft

[29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Comodo
[29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\Identities
[19/11/2007|10:31] F:\DOCUME~1\TOKY\APPLIC~1\Microsoft
[29/05/2008|15:31] F:\DOCUME~1\TOKY\APPLIC~1\PC Suite
[29/05/2008|15:32] F:\DOCUME~1\TOKY\APPLIC~1\Teleca

--------------------\\ Tâches planifiées dans F:\WINDOWS\tasks

[27/10/2008 15:22][--ah-----] F:\WINDOWS\tasks\SA.DAT
[17/11/2004 13:27][-r-h-----] F:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans F:\Program Files

[05/08/2008|14:02] F:\Program Files\01-mp3search
[23/10/2008|12:43] F:\Program Files\A.C. Element MyUSBOnly
[30/05/2008|15:02] F:\Program Files\Accent OFFICE Password Recovery
[05/09/2008|15:35] F:\Program Files\Active Data Recovery Software
[19/11/2007|15:53] F:\Program Files\Adobe
[27/12/2007|14:24] F:\Program Files\Ahead
[29/01/2008|09:13] F:\Program Files\Alcohol Soft
[01/10/2008|15:02] F:\Program Files\Alwil Software
[28/05/2008|09:19] F:\Program Files\Ashampoo
[07/12/2007|16:53] F:\Program Files\Avanquest update
[26/02/2008|11:46] F:\Program Files\AVOne
[04/08/2008|15:00] F:\Program Files\Babylon
[29/09/2008|15:12] F:\Program Files\CCleaner
[03/01/2008|14:12] F:\Program Files\CHANGJIE
[19/11/2007|16:32] F:\Program Files\Comodo
[19/11/2007|10:39] F:\Program Files\ComPlus Applications
[04/08/2008|15:00] F:\Program Files\Conduit
[02/09/2008|15:53] F:\Program Files\Desktop Lock
[04/12/2007|14:51] F:\Program Files\DIFX
[04/12/2007|15:39] F:\Program Files\Easy CD-DA Extractor 11
[28/11/2007|11:36] F:\Program Files\Easy GIF Animator
[28/11/2007|11:36] F:\Program Files\Easy Gif Animator Extension
[08/08/2008|13:57] F:\Program Files\EasyPHP1-8
[06/10/2008|10:47] F:\Program Files\ElcomSoft
[29/01/2008|11:41] F:\Program Files\eMule
[19/11/2007|10:25] F:\Program Files\Fichiers communs
[29/11/2007|15:53] F:\Program Files\Google
[11/01/2008|11:06] F:\Program Files\Grisoft
[22/11/2007|16:21] F:\Program Files\Hewlett-Packard
[25/02/2008|13:27] F:\Program Files\HP
[08/08/2008|12:58] F:\Program Files\IDAutomation.com Code 39 Free Font
[07/12/2007|16:51] F:\Program Files\InstallShield Installation Information
[08/09/2008|09:26] F:\Program Files\Intelore
[19/11/2007|10:40] F:\Program Files\Internet Explorer
[03/01/2008|14:12] F:\Program Files\KOIME
[23/11/2007|13:25] F:\Program Files\Lauyan
[03/01/2008|14:09] F:\Program Files\LHSP
[22/09/2008|15:36] F:\Program Files\Malwarebytes' Anti-Malware
[19/11/2007|10:38] F:\Program Files\Messenger
[19/11/2007|10:43] F:\Program Files\microsoft frontpage
[19/11/2007|15:40] F:\Program Files\Microsoft Office
[08/08/2008|09:47] F:\Program Files\Microsoft Silverlight
[19/11/2007|15:45] F:\Program Files\Microsoft Visual Studio
[19/11/2007|15:45] F:\Program Files\Microsoft Works
[07/12/2007|16:51] F:\Program Files\Motorola Phone Tools
[19/11/2007|10:40] F:\Program Files\Movie Maker
[19/11/2007|15:45] F:\Program Files\MSBuild
[19/11/2007|10:38] F:\Program Files\MSN
[19/11/2007|10:38] F:\Program Files\MSN Gaming Zone
[20/11/2007|08:40] F:\Program Files\MSN Messenger
[04/08/2008|15:00] F:\Program Files\myBabylon
[24/01/2008|14:51] F:\Program Files\NASA
[23/10/2008|16:29] F:\Program Files\Navilog1
[22/05/2008|11:10] F:\Program Files\Net Studio
[19/11/2007|10:40] F:\Program Files\NetMeeting
[07/10/2008|09:34] F:\Program Files\NN Software Collection 12
[04/12/2007|14:49] F:\Program Files\Nokia
[03/01/2008|09:30] F:\Program Files\Nvu
[19/11/2007|10:39] F:\Program Files\Online Services
[17/12/2007|10:24] F:\Program Files\Ontrack
[29/07/2008|09:42] F:\Program Files\Opera
[30/05/2008|15:12] F:\Program Files\OPRW
[19/11/2007|10:40] F:\Program Files\Outlook Express
[25/09/2008|13:31] F:\Program Files\Panda Security
[28/05/2008|09:02] F:\Program Files\PasswordTools
[16/09/2008|16:42] F:\Program Files\PCNetSoftware
[20/08/2008|14:30] F:\Program Files\PDF2Word v1.6
[10/07/2008|13:53] F:\Program Files\PDFCreator
[27/12/2007|14:38] F:\Program Files\Radio Fr Solo
[16/09/2008|16:58] F:\Program Files\Radmin Communication Client 3.0
[05/09/2008|15:43] F:\Program Files\RAR Password Cracker
[18/09/2008|09:54] F:\Program Files\Runtime Software
[21/01/2008|10:35] F:\Program Files\Sarkophage
[27/03/2008|14:21] F:\Program Files\SCC
[03/01/2008|14:12] F:\Program Files\SCIME
[19/11/2007|10:41] F:\Program Files\Services en ligne
[17/07/2008|12:53] F:\Program Files\Skype
[13/10/2008|13:55] F:\Program Files\Smart Projects
[29/05/2008|16:54] F:\Program Files\SuperCopier2
[22/10/2008|10:04] F:\Program Files\SuperLogix
[03/01/2008|14:12] F:\Program Files\TCIME
[08/02/2008|14:47] F:\Program Files\Temp
[24/07/2008|10:49] F:\Program Files\Trend Micro
[16/09/2008|15:02] F:\Program Files\UltraVNC
[19/11/2007|10:45] F:\Program Files\Uninstall Information
[09/10/2008|14:13] F:\Program Files\Vg
[04/12/2007|15:47] F:\Program Files\VIA Technologies, Inc
[09/09/2008|15:31] F:\Program Files\VirginMega
[27/10/2008|11:42] F:\Program Files\Visagesoft
[21/11/2007|09:03] F:\Program Files\Visicom Media
[06/03/2008|15:01] F:\Program Files\WinAVI Video Converter
[09/09/2008|15:11] F:\Program Files\Windows Media Connect 2
[19/11/2007|10:39] F:\Program Files\Windows Media Player
[19/11/2007|10:38] F:\Program Files\Windows NT
[19/11/2007|10:41] F:\Program Files\WindowsUpdate
[07/12/2007|13:40] F:\Program Files\WinRAR
[07/12/2007|13:41] F:\Program Files\WinZip
[30/05/2008|13:35] F:\Program Files\XaviWare Password Recovery .MDB
[19/11/2007|10:43] F:\Program Files\xerox
[18/12/2007|13:03] F:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans F:\Program Files\Fichiers communs

[19/11/2007|15:53] F:\Program Files\Fichiers communs\Adobe
[27/12/2007|14:24] F:\Program Files\Fichiers communs\Ahead
[19/11/2007|15:45] F:\Program Files\Fichiers communs\DESIGNER
[07/12/2007|16:50] F:\Program Files\Fichiers communs\InstallShield
[03/01/2008|14:09] F:\Program Files\Fichiers communs\L&H Shared
[19/11/2007|10:25] F:\Program Files\Fichiers communs\Microsoft Shared
[18/12/2007|10:40] F:\Program Files\Fichiers communs\Motorola Shared
[19/11/2007|10:40] F:\Program Files\Fichiers communs\MSSoap
[27/12/2007|14:26] F:\Program Files\Fichiers communs\Nero
[04/12/2007|14:50] F:\Program Files\Fichiers communs\Nokia
[19/11/2007|10:25] F:\Program Files\Fichiers communs\ODBC
[04/12/2007|14:50] F:\Program Files\Fichiers communs\PCSuite
[18/06/2008|09:17] F:\Program Files\Fichiers communs\Real
[19/11/2007|10:40] F:\Program Files\Fichiers communs\Services
[17/07/2008|12:53] F:\Program Files\Fichiers communs\Skype
[19/11/2007|10:25] F:\Program Files\Fichiers communs\SpeechEngines
[04/02/2008|14:20] F:\Program Files\Fichiers communs\SWF Studio
[19/11/2007|10:40] F:\Program Files\Fichiers communs\System
[10/01/2008|08:25] F:\Program Files\Fichiers communs\Teleca Shared
[09/10/2008|14:13] F:\Program Files\Fichiers communs\Totem Shared
[19/11/2007|15:20] F:\Program Files\Fichiers communs\Wise Installation Wizard
[18/06/2008|09:20] F:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 46 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 16:06:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

F:\DOCUME~1\user\Favoris\aina\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download page 10.url

[F:8][D:3]-> F:\DOCUME~1\user\LOCALS~1\Temp
[F:17][D:0]-> F:\DOCUME~1\user\Cookies
[F:62][D:4]-> F:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> F:\Recycled

1 - "F:\Lop SD\LopR_1.txt" - 24/10/2008|12:52 - Option : [1]
2 - "F:\Lop SD\LopR_2.txt" - 24/10/2008|15:18 - Option : [2]
3 - "F:\Lop SD\LopR_3.txt" - 27/10/2008|15:01 - Option : [1]
4 - "F:\Lop SD\LopR_4.txt" - 27/10/2008|16:07 - Option : [2]

--------------------\\ Fin du rapport a 16:07:51

Réponse 32 / 72

Utilisateur anonyme

je te conseil de virer tout cela si tu ne veux pas te refaire infecter

F:\DOCUME~1\user\Favoris\aina\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download page 10.url
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6[1].02_Incl._Keygen_FRENCH-BS.RAR
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs-we60a.zip
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\bs.nfo
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\file_id.diz
F:\DOCUME~1\user\Bureau\web_test\WEBEXPERT\WebExpert_v6.02_Incl._Keygen_FRENCH-BS\keygenfr.exe

ainsi que ca aussi

O4 - Startup: RAR Password Cracker.lnk = F:\Program Files\RAR Password Cracker\rpc.exe

Réponse 33 / 72

feelgood

L'autres conseil est de virer IE6 pour revenir a IE7, je comprends pas pourquoi tu as viré IE7 d'ailleurs!

Réponse 34 / 72

bona_2

ok, j'ai tout viré les fichiers suspects

Réponse 35 / 72

Utilisateur anonyme

maintenant poste un rapport de toolbar option 1

je voudrais verifier un truc stp

Réponse 36 / 72

bona_2

-----------\\ ToolBar S&D 1.2.3 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081027-0] 4.8.1229 (Activated)
Firewall : COMODO Firewall Pro 2.3.035 (Not Activated)
C:\ (Local Disk) - FAT32 - Total : 9 Go Free : 1 Go
D:\ (Local Disk) - FAT32 - Total : 29 Go Free : 12 Go
E:\ (Local Disk) - FAT32 - Total : 27 Go Free : 6 Go
F:\ (Local Disk) - FAT32 - Total : 9 Go Free : 0 Go
G:\ (CD or DVD)
H:\ (CD or DVD)

"F:\ToolBar SD" ( MAJ : 23-10-2008|0:25 )
Option : [1] ( 27/10/2008|16:38 )

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="F:\\windows\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "F:\ToolBar SD\TB_1.txt" - 24/10/2008|11:02 - Option : [1]
2 - "F:\ToolBar SD\TB_2.txt" - 24/10/2008|11:21 - Option : [2]
3 - "F:\ToolBar SD\TB_3.txt" - 27/10/2008|16:39 - Option : [1]

-----------\\ Fin du rapport a 16:39:18,07

Réponse 37 / 72

Utilisateur anonyme

ok

repsote un log hijackthis

comment va ton pc ?

Réponse 38 / 72

bona_2

Maintenant ça va, mais j'ai pas encore utiliser IE, je poste un log hijackthis

bona_2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:57, on 27/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\poweroff.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\Program Files\Comodo\Firewall\CPF.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Babylon\Babylon-Pro\Babylon.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
F:\PROGRA~1\DESKTO~1\TLDL.EXE
F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
F:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Net Studio\USB_FW.exe
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\WINDOWS\system32\INTERNAT.EXE
F:\Program Files\Trend Micro\HijackThis\eden et valide.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - F:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP SchedIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "F:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Babylon Client] F:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [StatusClient] F:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] F:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Desktop Lock Loader] F:\PROGRA~1\DESKTO~1\TLDL.EXE /BOOT
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] F:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [USB_FW] F:\Program Files\Net Studio\USB_FW.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtuaGirl2.lnk = F:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet Director.lnk = F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS3\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS4\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O17 - HKLM\System\CS5\Services\Tcpip\..\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - F:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Poweroff - Jorgen Bosman - F:\WINDOWS\system32\poweroff.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Réponse 39 / 72

Utilisateur anonyme

je te propose de changer d'antivirus comme tu a pu le voir avast n'a pas ete capable de nettoyer

tu fait comme tu veux

1)Télécharge Avira antivir

-- Télécharge Avira antivir PersonalEdition Classic a partir de ce lien :
https://www.avira.com/ sur ton Bureau.

-- Télécharge le désinstalleur d Avast sur ton Bureau https://www.avast.com/fr-fr/uninstall-utility

2) Désinstallation d'avast!

Mets toi hors connexion, puis désinstalle avast! via Démarrer / Paramètres /Panneau de configuration et dans Ajout/ Suppression de programmes , navigue jusqu'à avast! et clique sur </gras>Supprimer</gras> puis choisis </gras>Désinstaller</gras>.
Redémarre ton PC comme demandé et supprime le dossier C:\Program Files\Alwils Software

Ou bien tu peux utiliser le désinstalleur d'avast! si tu préfères.

3) Installe et paramètre puis mets a jour Antivir

Double-clique sur son set up sur ton Bureau pour lancer l’installation.

Une fois celui ci installé,

Reconnecte toi afin d’ effectuer sa mise a jour et le paramétrer.
Ferme le scan qui s'est lancé de manière automatique.

Paramètre le comme indiqué ici :
http://speedweb1.free.fr/frames2.php?page=tuto5
ou la : https://www.malekal.com/avira-free-security-antivirus-gratuit/

Réponse 40 / 72

bona_2

Bonjour,
Merci pour votre aide, mais un ptit problème j'ai déjà installé Avira sur mon pc mais je ne sais pas ce qui se passe mais il bloque mon port réseaux, après j'ai désisntallé puis revenir à avast.

Internet explorer de nouveau infecté

72 réponses

Votre réponse

Discussions similaires

Newsletters