Alerte possible virus

Question

Bonjour,
Je vous explique le souci que j'ai.
J'ai nettoyer mon pc avec ccleaner puis glairies utilities et j'ai fait tourner avast.
Mais je trouve que mon pc ram encore beaucoup et en plus j'ai beaucoup de pub qui s'ouvre quand je suis sur internet.
Donc il se peut que j'ai un petit virus mais je ne suis pas sur.
c'est pour sa que j'ai besoin de votre aide 
merci a tous

Zpoupette · Answer

Fais un scan via un anti-virus en ligne (BitDefender ou TrendMicro) et recherche les malwares/spyware avec Malwarebytes Anti-malware après l'avoir mis à jour et en faisant un scan COMPLET de ton PC.
Mets aussi à jour tous tes logiciels.
Tu peux voir lesquels en ont besoin en allant sur le site de Secunia.

Destrio5 · Answer

Salut,

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

Anthony02P · Answer

Voila le premier rapport log.txt


Logfile of random's system information tool 1.04 (written by random/random)
Run by but at 2008-11-07 09:20:03
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 24 GB (46%) free of 52 GB
Total RAM: 1790 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:20:27, on 07/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32undll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32	askeng.exe
C:\Windows\System32undll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\but\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\but\Desktop\RSIT.exe
C:\Program Files	rend micro\but.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Bags Else Hole Lite] "C:\ProgramData\sect type spam.qxhp9x"
O4 - HKCU\..\Run: [Deaf Thunk] "C:\ProgramData\64SoftwareSoftware.27vg9y6"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Anthony02P · Answer

Voila le deuxieme rapport info txt


info.txt logfile of random's system information tool 1.04 2008-11-07 09:20:31

======Uninstall list======

-->C:\Program Files\OrangeHSS\Uninstall\Bas_Debit_CustoUpdate\Shell.exe MainUninstall.shl
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe"  -uninst 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe"  -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe"  -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe"  -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe"  -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe"  -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe"  -uninstall
Acer Crystal Eye Webcam Video Class Camera -->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x040c -removeonly -u
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe"  -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c  -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c  -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c  -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c  -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c  -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c  -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c  -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c  -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Big Kahuna Reef 2-->"C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log"
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dynasty-->"C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
FBrowsingAdvisor-->"C:\Program Files\FBrowsingAdvisor\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Glary Utilities 2.4-->"C:\Program Files\Glary Utilities\unins000.exe"
Gruntz-->C:\Windows\unin040c.exe -fC:\Games\Gruntz\DeIsL1.isu
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -Ic:\Release\Foxconn\51338\AcrZUn32z.inf
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Imikimi Plugin-->"C:\Program Files\Imikimi\uninstall.exe"
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
LimeWire 4.16.7-->"C:\Program Files\LimeWire\uninstall.exe"
Luxor 2-->"C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Mystery Case Files - Prime Suspects-->"C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log"
Mystery Case Files Ravenhearst-->"C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log"
Navigateur Orange-->C:\Program Files\OrangeHSS\Uninstall\Browser\Shell.exe MainUninstall.shl
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly 
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerProducer 3.72-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE"  -uninstall
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Scooby-Doo-->C:\PROGRA~1\SOUTHP~1\SCOOBY~1\UNWISE.EXE E:\
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SmartEnhancer-->C:\Program Files\SmartEnhancer\uninstall.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stand O Food-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9306271-9A8D-4A46-8EC9-4F5A88EE2556}\Setup.exe" -l0x40c 
Star Defender 3-->"C:\Program Files\Acer GameZone\Star Defender 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Star Defender 3\install.log"
SurfingEnhancer-->C:\Program Files\SurfingEnhancer\uninstall.exe
Treasures of the Deep-->"C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\common\unyt.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

======Hosts File======

127.0.0.1	007guard.com
127.0.0.1	www.007guard.com
127.0.0.1	008i.com
127.0.0.1	008k.com
127.0.0.1	www.008k.com
127.0.0.1	00hq.com
127.0.0.1	www.00hq.com
127.0.0.1	010402.com
127.0.0.1	032439.com
127.0.0.1	www.032439.com

======Security center information======

AV: avast! antivirus 4.8.1201 [VPS 081106-0]
AV: Norton Internet Security (disabled) (outdated)
FW: Norton Internet Security (disabled)
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender
AS: Norton Internet Security (outdated)
AS: avast! antivirus 4.8.1201 [VPS 081106-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4c02
"NUMBER_OF_PROCESSORS"=1

-----------------EOF-----------------

Destrio5 · Answer

Infection Lop (D'où les pubs CiD).

---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac

---> Télécharge Lop S&D sur ton Bureau.
---> Double-clique dessus pour lancer l'installation.
---> Clique droit sur le raccourci Lop S&D présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.
---> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
---> Patiente jusqu'à la fin du scan.
---> Poste le rapport généré (C:\lopR.txt).

Anthony02P · Answer

Bon voila a toi de jouer
merci de m'aider

Destrio5 · Answer

Non, à toi de jouer.

Voir mon message précédent.

Anthony02P · Answer

Est ce que je peut remettre mais parametre d'administrateur pour éviter les logiciels malveillants ????

Voila le rapport :


   --------------------\  Lop S&D 4.2.4-9c   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Mobile AMD Sempron(tm) Processor 3600+ )
   BIOS : PhoenixBIOS 4.0 Release 6.1     
   USER : but ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton Internet Security 2007 (Not Activated)
   Firewall  : Norton Internet Security 2007 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:51 Go (Free:23 Go)
   D:\ (Local Disk) - NTFS - Total:50 Go (Free:50 Go)
   E:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
   Option : [1] ( 07/11/2008| 9:50 )

   [ UAC => 0 ]
 
   --------------------\  Listing des dossiers dans Local

   [01/06/2008|19:06] C:\Users\but\AppData\Local\Acer Arcade Deluxe
   [17/11/2007|17:34] C:\Users\but\AppData\Local\acer eNM
   [07/11/2008|08:38] C:\Users\but\AppData\Local\Adobe
   [17/11/2007|17:32] C:\Users\but\AppData\Local\Application Data 
   [03/11/2008|09:06] C:\Users\but\AppData\Local\d3d9caps.dat
   [04/11/2008|22:06] C:\Users\but\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [07/11/2008|09:38] C:\Users\but\AppData\Local\GDIPFONTCACHEV1.DAT
   [03/11/2008|13:26] C:\Users\but\AppData\Local\Google
   [17/11/2007|17:32] C:\Users\but\AppData\Local\Historique 
   [07/11/2008|09:44] C:\Users\but\AppData\Local\IconCache.db
   [10/07/2008|07:49] C:\Users\but\AppData\Local\IM
   [07/11/2008|09:38] C:\Users\but\AppData\Local\Microsoft
   [10/12/2007|23:28] C:\Users\but\AppData\Local\Microsoft Games
   [10/02/2008|18:11] C:\Users\but\AppData\Local\Mozilla
   [11/12/2007|15:15] C:\Users\but\AppData\Local\PowerCinema
   [07/11/2008|09:46] C:\Users\but\AppData\Local\Temp
   [17/11/2007|17:32] C:\Users\but\AppData\Local\Temporary Internet Files 
   [11/12/2007|15:16] C:\Users\but\AppData\Local\VideoMagician
   [10/12/2007|23:18] C:\Users\but\AppData\Local\VirtualStore
   [11/01/2008|19:37] C:\Users\but\AppData\Local\Windows Live Writer
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [10/12/2007 19:49][--a------] C:\Windows	asks\V‚rifier les mises … jour de Windows Live Toolbar.job
   [07/11/2008 09:45][--ah-----] C:\Windows	asks\SA.DAT
   [07/11/2008 09:44][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [26/07/2007|03:43] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
   [02/09/2008|11:04] C:\ProgramData\64SoftwareSoftware.04gk5ra
   [02/09/2008|11:04] C:\ProgramData\64SoftwareSoftware.27vg9y6
   [29/04/2008|08:07] C:\ProgramData\64SoftwareSoftware.4udujd
   [21/06/2008|14:00] C:\ProgramData\64SoftwareSoftware.8738sf7
   [31/03/2008|21:08] C:\ProgramData\64SoftwareSoftware.rh0mit
   [27/05/2008|10:30] C:\ProgramData\64SoftwareSoftware.t7xdcc
   [25/02/2008|21:06] C:\ProgramData\64SoftwareSoftware.xxf8j
   [30/10/2008|17:40] C:\ProgramData\Adobe
   [02/11/2006|14:02] C:\ProgramData\Application Data 
   [17/11/2007|17:28] C:\ProgramData\Bureau 
   [29/04/2008|08:08] C:\ProgramData\creative roam joy.t0pgn
   [22/02/2008|09:44] C:\ProgramData\CyberLink
   [21/06/2008|14:00] C:\ProgramData\Dead Sign User.m8iexfr
   [02/11/2006|14:02] C:\ProgramData\Desktop 
   [02/11/2006|14:02] C:\ProgramData\Documents 
   [17/11/2007|17:28] C:\ProgramData\Favoris 
   [02/11/2006|14:02] C:\ProgramData\Favorites 
   [11/12/2007|10:39] C:\ProgramData\Forge of Games
   [07/11/2008|08:38] C:\ProgramData\Google Updater
   [10/07/2008|07:47] C:\ProgramData\IM
   [10/07/2008|07:46] C:\ProgramData\IncrediMail
   [29/10/2008|17:20] C:\ProgramData\Iso Web Bags Else
   [17/11/2007|17:28] C:\ProgramData\Menu D‚marrer 
   [10/12/2007|20:02] C:\ProgramData\Messenger Plus!
   [07/11/2008|08:38] C:\ProgramData\Microsoft
   [29/10/2008|18:09] C:\ProgramData\Microsoft Help
   [17/11/2007|17:28] C:\ProgramData\ModŠles 
   [02/09/2008|11:05] C:\ProgramData\sect type spam.qxhp9x
   [07/11/2008|08:38] C:\ProgramData\Spybot - Search & Destroy
   [02/11/2006|14:02] C:\ProgramData\Start Menu 
   [27/05/2008|10:30] C:\ProgramData\start test mfcd.kl2ekgx
   [10/12/2007|19:23] C:\ProgramData\Symantec
   [02/11/2006|14:02] C:\ProgramData\Templates 
   [10/12/2007|19:35] C:\ProgramData\WLInstaller
   [07/11/2008|08:59] C:\ProgramData\Yahoo! Companion

   --------------------\  Listing des dossiers dans C:\Program Files

   [28/09/2007|09:00] C:\Program Files\Acer Arcade Deluxe
   [28/09/2007|09:14] C:\Program Files\ACER Crystal Eye webcam
   [03/11/2008|13:19] C:\Program Files\Acer GameZone
   [11/01/2008|18:29] C:\Program Files\Acer Inc
   [26/07/2007|03:43] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
   [02/01/2008|19:46] C:\Program Files\Activision
   [30/10/2008|17:40] C:\Program Files\Adobe
   [01/06/2008|18:20] C:\Program Files\Alwil Software
   [28/09/2007|09:15] C:\Program Files\Apoint2K
   [26/11/2007|23:56] C:\Program Files\but2002
   [07/11/2008|08:30] C:\Program Files\CCleaner
   [02/09/2008|11:04] C:\Program Files\Circle Developement
   [04/11/2008|20:21] C:\Program Files\Common Files
   [26/07/2007|02:29] C:\Program Files\CONEXANT
   [26/07/2007|03:13] C:\Program Files\CyberLink
   [02/06/2008|17:59] C:\Program Files\FBrowsingAdvisor
   [17/11/2007|17:28] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [11/01/2008|18:20] C:\Program Files\Glary Utilities
   [22/02/2008|09:27] C:\Program Files\Google
   [13/06/2008|21:20] C:\Program Files\Imikimi
   [11/07/2008|08:21] C:\Program Files\IncrediMail
   [03/11/2008|13:21] C:\Program Files\Infogrames
   [03/11/2008|13:23] C:\Program Files\InstallShield Installation Information
   [08/06/2008|19:40] C:\Program Files\Internet Explorer
   [10/12/2007|18:19] C:\Program Files\Inventel
   [28/07/2008|17:05] C:\Program Files\Java
   [28/09/2007|08:58] C:\Program Files\Launch Manager
   [24/04/2008|20:25] C:\Program Files\LimeWire
   [29/10/2008|16:42] C:\Program Files\Messenger Plus! Live
   [21/06/2008|14:28] C:\Program Files\Micro Application
   [11/12/2007|10:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [02/11/2006|13:37] C:\Program Files\Microsoft Games
   [26/07/2007|03:43] C:\Program Files\Microsoft Office
   [10/09/2008|13:27] C:\Program Files\Microsoft Works
   [26/07/2007|03:40] C:\Program Files\Microsoft.NET
   [08/06/2008|19:40] C:\Program Files\Movie Maker
   [07/11/2008|08:46] C:\Program Files\Mozilla Firefox
   [02/11/2006|13:37] C:\Program Files\MSBuild
   [26/07/2007|03:11] C:\Program Files\NewTech Infosystems
   [10/12/2007|18:36] C:\Program Files\OrangeHSS
   [04/05/2008|19:37] C:\Program Files\PhotoFiltre
   [28/09/2007|09:01] C:\Program Files\Realtek
   [02/11/2006|13:37] C:\Program Files\Reference Assemblies
   [24/05/2008|12:37] C:\Program Files\SmartEnhancer
   [30/12/2007|22:47] C:\Program Files\SouthPeak Interactive
   [10/12/2007|19:34] C:\Program Files\Spybot - Search & Destroy
   [28/07/2008|17:05] C:\Program Files\Sun
   [26/05/2008|18:21] C:\Program Files\SurfingEnhancer
   [07/11/2008|09:20] C:\Program Files	rend micro
   [02/11/2006|14:01] C:\Program Files\Uninstall Information
   [08/06/2008|19:40] C:\Program Files\Windows Calendar
   [08/06/2008|19:40] C:\Program Files\Windows Collaboration
   [08/06/2008|19:40] C:\Program Files\Windows Defender
   [08/06/2008|19:40] C:\Program Files\Windows Journal
   [28/02/2008|18:26] C:\Program Files\Windows Live
   [10/12/2007|19:49] C:\Program Files\Windows Live Toolbar
   [29/10/2008|18:14] C:\Program Files\Windows Mail
   [08/06/2008|19:40] C:\Program Files\Windows Media Player
   [17/11/2007|17:28] C:\Program Files\Windows NT
   [08/06/2008|19:40] C:\Program Files\Windows Photo Gallery
   [08/06/2008|19:40] C:\Program Files\Windows Sidebar
   [17/11/2007|17:32] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [30/10/2008|17:41] C:\Program Files\Common Files\Adobe
   [07/09/2008|18:40] C:\Program Files\Common Files\DESIGNER
   [10/12/2007|18:33] C:\Program Files\Common Files\France Telecom
   [26/07/2007|03:13] C:\Program Files\Common Files\InstallShield
   [24/04/2008|20:30] C:\Program Files\Common Files\Java
   [26/07/2007|03:11] C:\Program Files\Common Files\LightScribe
   [07/09/2008|18:41] C:\Program Files\Common Files\microsoft shared
   [26/07/2007|03:11] C:\Program Files\Common Files\muvee Technologies
   [26/07/2007|03:11] C:\Program Files\Common Files\NewTech Infosystems
   [26/07/2007|03:49] C:\Program Files\Common Files\Oberon Media
   [02/11/2006|12:18] C:\Program Files\Common Files\Services
   [28/09/2007|09:12] C:\Program Files\Common Files\snp2uvc
   [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
   [10/12/2007|19:24] C:\Program Files\Common Files\Symantec Shared
   [08/06/2008|19:40] C:\Program Files\Common Files\System
   [10/12/2007|19:41] C:\Program Files\Common Files\WindowsLiveInstaller

   --------------------\  Process

   ( 78 Processes )

   iexplore.exe ~ [PID:3448]

   --------------------\  Recherche avec S_Lop

   C:\ProgramData\64SoftwareSoftware.xxf8j
   C:\ProgramData\creative roam joy.t0pgn
   C:\ProgramData\64SoftwareSoftware.4udujd
   C:\ProgramData\64SoftwareSoftware.rh0mit
   C:\ProgramData\64SoftwareSoftware.t7xdcc
   C:\ProgramData\sect type spam.qxhp9x
   C:\ProgramData\64SoftwareSoftware.04gk5ra
   C:\ProgramData\64SoftwareSoftware.27vg9y6
   C:\ProgramData\64SoftwareSoftware.8738sf7
   C:\ProgramData\Dead Sign User.m8iexfr
   C:\ProgramData\start test mfcd.kl2ekgx
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\ProgramData\Iso Web Bags Else
   C:\ProgramData\Iso Web Bags Else\DOG SECOND.exe
   C:\Program Files\Circle Developement
   C:\Program Files\Circle Developement\Uninstall.exe
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
   "Deaf Thunk"="\"C:\ProgramData\64SoftwareSoftware.27vg9y6\""
   "Bags Else Hole Lite"="\"C:\ProgramData\sect type spam.qxhp9x\""

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-11-07 09:50:39
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   C:\Windows\System32\wbem\Performance\WmiApRpl_new.h 3953 bytes
   scan completed successfully
   hidden processes: 0
   hidden files: 220
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:10][D:7]-> C:\Users\but\AppData\Local\Temp
   [F:11][D:1]-> C:\Users\but\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:16][D:5]-> C:\Users\but\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:88][D:2]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 07/11/2008| 9:51 - Option : [1]

   --------------------\  Fin du rapport a  9:51:41
   [ UAC => 1 ]

Destrio5 · Answer

"Est ce que je peut remettre mais parametre d'administrateur pour éviter les logiciels malveillants ???? "
---> Tu parles de l'UAC ?

Anthony02P · Answer

oui je parle de sa;
puis indique moi la manière de le faire

Destrio5 · Answer

Laisse-le désactiver pour l'instant, tu ne risques rien.

---> Clique droit sur Lop S&D et choisis Exécuter en tant qu'administrateur.
---> Choisis cette fois-ci l'option 2 (Suppression).
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt).

Anthony02P · Answer

Voila le rapport :


   --------------------\  Lop S&D 4.2.4-9c   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Mobile AMD Sempron(tm) Processor 3600+ )
   BIOS : PhoenixBIOS 4.0 Release 6.1     
   USER : but ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton Internet Security 2007 (Not Activated)
   Firewall  : Norton Internet Security 2007 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:51 Go (Free:23 Go)
   D:\ (Local Disk) - NTFS - Total:50 Go (Free:50 Go)
   E:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
   Option : [2] ( 07/11/2008|10:04 )

   [ UAC => 1 ]


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\ProgramData\Iso Web Bags Else\DOG SECOND.exe
   Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
   Supprime! - C:\ProgramData\64SoftwareSoftware.xxf8j
   Supprime! - C:\ProgramData\creative roam joy.t0pgn
   Supprime! - C:\ProgramData\64SoftwareSoftware.4udujd
   Supprime! - C:\ProgramData\64SoftwareSoftware.rh0mit
   Supprime! - C:\ProgramData\64SoftwareSoftware.t7xdcc
   Supprime! - C:\ProgramData\sect type spam.qxhp9x
   Supprime! - C:\ProgramData\64SoftwareSoftware.04gk5ra
   Supprime! - C:\ProgramData\64SoftwareSoftware.27vg9y6
   Supprime! - C:\ProgramData\64SoftwareSoftware.8738sf7
   Supprime! - C:\ProgramData\Dead Sign User.m8iexfr
   Supprime! - C:\ProgramData\start test mfcd.kl2ekgx
   Supprime! - C:\ProgramData\Iso Web Bags Else
   Supprime! - C:\Program Files\Circle Developement
   -
   [ Fichier Hosts ] .. Restaure!
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans Local

   [01/06/2008|19:06] C:\Users\but\AppData\Local\Acer Arcade Deluxe
   [17/11/2007|17:34] C:\Users\but\AppData\Local\acer eNM
   [07/11/2008|08:38] C:\Users\but\AppData\Local\Adobe
   [17/11/2007|17:32] C:\Users\but\AppData\Local\Application Data 
   [03/11/2008|09:06] C:\Users\but\AppData\Local\d3d9caps.dat
   [04/11/2008|22:06] C:\Users\but\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [07/11/2008|09:38] C:\Users\but\AppData\Local\GDIPFONTCACHEV1.DAT
   [03/11/2008|13:26] C:\Users\but\AppData\Local\Google
   [17/11/2007|17:32] C:\Users\but\AppData\Local\Historique 
   [07/11/2008|09:44] C:\Users\but\AppData\Local\IconCache.db
   [10/07/2008|07:49] C:\Users\but\AppData\Local\IM
   [07/11/2008|09:38] C:\Users\but\AppData\Local\Microsoft
   [10/12/2007|23:28] C:\Users\but\AppData\Local\Microsoft Games
   [10/02/2008|18:11] C:\Users\but\AppData\Local\Mozilla
   [11/12/2007|15:15] C:\Users\but\AppData\Local\PowerCinema
   [07/11/2008|10:04] C:\Users\but\AppData\Local\Temp
   [17/11/2007|17:32] C:\Users\but\AppData\Local\Temporary Internet Files 
   [11/12/2007|15:16] C:\Users\but\AppData\Local\VideoMagician
   [10/12/2007|23:18] C:\Users\but\AppData\Local\VirtualStore
   [11/01/2008|19:37] C:\Users\but\AppData\Local\Windows Live Writer
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [10/12/2007 19:49][--a------] C:\Windows	asks\V‚rifier les mises … jour de Windows Live Toolbar.job
   [07/11/2008 09:45][--ah-----] C:\Windows	asks\SA.DAT
   [07/11/2008 09:44][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [26/07/2007|03:43] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
   [30/10/2008|17:40] C:\ProgramData\Adobe
   [02/11/2006|14:02] C:\ProgramData\Application Data 
   [17/11/2007|17:28] C:\ProgramData\Bureau 
   [22/02/2008|09:44] C:\ProgramData\CyberLink
   [02/11/2006|14:02] C:\ProgramData\Desktop 
   [02/11/2006|14:02] C:\ProgramData\Documents 
   [17/11/2007|17:28] C:\ProgramData\Favoris 
   [02/11/2006|14:02] C:\ProgramData\Favorites 
   [11/12/2007|10:39] C:\ProgramData\Forge of Games
   [07/11/2008|08:38] C:\ProgramData\Google Updater
   [10/07/2008|07:47] C:\ProgramData\IM
   [10/07/2008|07:46] C:\ProgramData\IncrediMail
   [17/11/2007|17:28] C:\ProgramData\Menu D‚marrer 
   [10/12/2007|20:02] C:\ProgramData\Messenger Plus!
   [07/11/2008|08:38] C:\ProgramData\Microsoft
   [29/10/2008|18:09] C:\ProgramData\Microsoft Help
   [17/11/2007|17:28] C:\ProgramData\ModŠles 
   [07/11/2008|08:38] C:\ProgramData\Spybot - Search & Destroy
   [02/11/2006|14:02] C:\ProgramData\Start Menu 
   [10/12/2007|19:23] C:\ProgramData\Symantec
   [02/11/2006|14:02] C:\ProgramData\Templates 
   [10/12/2007|19:35] C:\ProgramData\WLInstaller
   [07/11/2008|08:59] C:\ProgramData\Yahoo! Companion

   --------------------\  Listing des dossiers dans C:\Program Files

   [28/09/2007|09:00] C:\Program Files\Acer Arcade Deluxe
   [28/09/2007|09:14] C:\Program Files\ACER Crystal Eye webcam
   [03/11/2008|13:19] C:\Program Files\Acer GameZone
   [11/01/2008|18:29] C:\Program Files\Acer Inc
   [26/07/2007|03:43] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
   [02/01/2008|19:46] C:\Program Files\Activision
   [30/10/2008|17:40] C:\Program Files\Adobe
   [01/06/2008|18:20] C:\Program Files\Alwil Software
   [28/09/2007|09:15] C:\Program Files\Apoint2K
   [26/11/2007|23:56] C:\Program Files\but2002
   [07/11/2008|08:30] C:\Program Files\CCleaner
   [04/11/2008|20:21] C:\Program Files\Common Files
   [26/07/2007|02:29] C:\Program Files\CONEXANT
   [26/07/2007|03:13] C:\Program Files\CyberLink
   [02/06/2008|17:59] C:\Program Files\FBrowsingAdvisor
   [17/11/2007|17:28] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [11/01/2008|18:20] C:\Program Files\Glary Utilities
   [22/02/2008|09:27] C:\Program Files\Google
   [13/06/2008|21:20] C:\Program Files\Imikimi
   [11/07/2008|08:21] C:\Program Files\IncrediMail
   [03/11/2008|13:21] C:\Program Files\Infogrames
   [03/11/2008|13:23] C:\Program Files\InstallShield Installation Information
   [08/06/2008|19:40] C:\Program Files\Internet Explorer
   [10/12/2007|18:19] C:\Program Files\Inventel
   [28/07/2008|17:05] C:\Program Files\Java
   [28/09/2007|08:58] C:\Program Files\Launch Manager
   [24/04/2008|20:25] C:\Program Files\LimeWire
   [29/10/2008|16:42] C:\Program Files\Messenger Plus! Live
   [21/06/2008|14:28] C:\Program Files\Micro Application
   [11/12/2007|10:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [02/11/2006|13:37] C:\Program Files\Microsoft Games
   [26/07/2007|03:43] C:\Program Files\Microsoft Office
   [10/09/2008|13:27] C:\Program Files\Microsoft Works
   [26/07/2007|03:40] C:\Program Files\Microsoft.NET
   [08/06/2008|19:40] C:\Program Files\Movie Maker
   [07/11/2008|08:46] C:\Program Files\Mozilla Firefox
   [02/11/2006|13:37] C:\Program Files\MSBuild
   [26/07/2007|03:11] C:\Program Files\NewTech Infosystems
   [10/12/2007|18:36] C:\Program Files\OrangeHSS
   [04/05/2008|19:37] C:\Program Files\PhotoFiltre
   [28/09/2007|09:01] C:\Program Files\Realtek
   [02/11/2006|13:37] C:\Program Files\Reference Assemblies
   [24/05/2008|12:37] C:\Program Files\SmartEnhancer
   [30/12/2007|22:47] C:\Program Files\SouthPeak Interactive
   [10/12/2007|19:34] C:\Program Files\Spybot - Search & Destroy
   [28/07/2008|17:05] C:\Program Files\Sun
   [26/05/2008|18:21] C:\Program Files\SurfingEnhancer
   [07/11/2008|09:20] C:\Program Files	rend micro
   [02/11/2006|14:01] C:\Program Files\Uninstall Information
   [08/06/2008|19:40] C:\Program Files\Windows Calendar
   [08/06/2008|19:40] C:\Program Files\Windows Collaboration
   [08/06/2008|19:40] C:\Program Files\Windows Defender
   [08/06/2008|19:40] C:\Program Files\Windows Journal
   [28/02/2008|18:26] C:\Program Files\Windows Live
   [10/12/2007|19:49] C:\Program Files\Windows Live Toolbar
   [29/10/2008|18:14] C:\Program Files\Windows Mail
   [08/06/2008|19:40] C:\Program Files\Windows Media Player
   [17/11/2007|17:28] C:\Program Files\Windows NT
   [08/06/2008|19:40] C:\Program Files\Windows Photo Gallery
   [08/06/2008|19:40] C:\Program Files\Windows Sidebar
   [17/11/2007|17:32] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [30/10/2008|17:41] C:\Program Files\Common Files\Adobe
   [07/09/2008|18:40] C:\Program Files\Common Files\DESIGNER
   [10/12/2007|18:33] C:\Program Files\Common Files\France Telecom
   [26/07/2007|03:13] C:\Program Files\Common Files\InstallShield
   [24/04/2008|20:30] C:\Program Files\Common Files\Java
   [26/07/2007|03:11] C:\Program Files\Common Files\LightScribe
   [07/09/2008|18:41] C:\Program Files\Common Files\microsoft shared
   [26/07/2007|03:11] C:\Program Files\Common Files\muvee Technologies
   [26/07/2007|03:11] C:\Program Files\Common Files\NewTech Infosystems
   [26/07/2007|03:49] C:\Program Files\Common Files\Oberon Media
   [02/11/2006|12:18] C:\Program Files\Common Files\Services
   [28/09/2007|09:12] C:\Program Files\Common Files\snp2uvc
   [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
   [10/12/2007|19:24] C:\Program Files\Common Files\Symantec Shared
   [08/06/2008|19:40] C:\Program Files\Common Files\System
   [10/12/2007|19:41] C:\Program Files\Common Files\WindowsLiveInstaller

   --------------------\  Process

   ( 72 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\Users\but\AppData\Roaming\MICROS~1\Windows\Cookies\but@adopt.euroclick[1].txt
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-11-07 10:04:57
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 219
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:10][D:7]-> C:\Users\but\AppData\Local\Temp
   [F:17][D:1]-> C:\Users\but\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:196][D:5]-> C:\Users\but\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:88][D:2]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 07/11/2008| 9:51 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 07/11/2008|10:05 - Option : [2]

   --------------------\  Fin du rapport a 10:05:51
   [ UAC => 1 ]


Ensuite ???

Destrio5 · Answer

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Anthony02P · Answer

Voila le rapport :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1371
Windows 6.0.6001 Service Pack 1

07/11/2008 10:24:13
mbam-log-2008-11-07 (10-24-13).txt

Type de recherche: Examen rapide
Eléments examinés: 43339
Temps écoulé: 3 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smartenhancer (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer (Trojan.BHO) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db-journal (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\pcre3.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Destrio5 · Answer

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp

---> Refais un scan RSIT et poste le rapport log.txt

Anthony02P · Answer

Voila le log txt :

Logfile of random's system information tool 1.04 (written by random/random)
Run by but at 2008-11-07 10:38:58
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 24 GB (46%) free of 52 GB
Total RAM: 1790 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:07, on 07/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32undll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32	askeng.exe
C:\Windows\System32undll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\but\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\but\Desktop\RSIT.exe
C:\Program Files	rend micro\but.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Destrio5 · Answer

---> Supprime RSIT et Lop S&D.

---> Supprime les dossiers RSIT et Lop SD situés dans C:\

---> Supprime les traces de Norton avec ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

---> Réactive l'UAC.

---> Mets à jour Adobe Reader :
https://get2.adobe.com/reader/otherversions/

As-tu encore des problèmes ou on peut passer à la dernière étape ?

Anthony02P · Answer

J'ai supprimer les dossiers
j'ai remis l ' UAC
j'ai virer norton ( quand j'ai rouvert mozilla ya cet page la qui c'est rouvert mais j'ai quitter)
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20070329102208924?OpenDocument&seg=hho&src=_mi&product=SymNRT&version=2009.0&language=french&module=2009&error=0&build=Symantec
j'ai mis a jour adobe
Est ce que je peut garder malwerbebytes ou je doit le désinstaller ???
Ensuite ???

Anthony02P · Answer

J' ai supprimer les dossiers RSIT et LOG
J'ai désinstaller les composants norton.(Après la désinstalation j'ai eu page norton qui c'est ouvert mais j'ai quitter)
J'ai remis l' UAC
J'ai mis a jour adobe 
Par contre est ce que je peut garder malwerbytes ou je doit le désinstaller?
Ensuite pour la dernière étape???

Destrio5 · Answer

"Par contre est ce que je peut garder malwerbytes ou je doit le désinstaller?"
---> Tu peux le garder.

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. 
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs sans sauvegarder la base de registre.

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://forums.cnetfrance.fr

---> Je te conseille également de remplacer Avast par Antivir.

Anthony02P · Answer

Bon voila j'ai fait ce que tu ma dit
pour mon avast je vais voir sa.
ya t-il autre chose a faire?

Anthony02P · Answer

J'ai fait ce que tu ma dit
pour mon avast je vais voir sa
ya til autre chose a faire??

Anthony02P · Answer

J'ai fait ce que tu ma dit
pour mon avast je vais voir sa
ya til autre chose a faire??

Anthony02P · Answer

J'ai fait ce que tu ma dit
pour mon avast je vais voir sa
ya til autre chose a faire??
sinon merci de mavoir aider

Destrio5 · Answer

Des questions ?

Alerte possible virus

25 réponses

Votre réponse

Discussions similaires

Newsletters