Bonjour,mon ordinateur a été infecté par le virus antivirus2009. Voici le rapport: Search Navipromo version 3.6.9 commencé le 10/11/2008 à 20:24:21,68 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Mr Ballu" Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Mr Ballu\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\HgUpTkl\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\TDGEZC~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Mr Ballu\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\HgUpTkl\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\TDGEZC~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Mr Ballu\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\HgUpTkl\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\TDGEZC~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\Mr Ballu\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\HgUpTkl\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\TDGEZC~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\Mr Ballu\locals~1\applic~1" : * Dans "C:\DOCUME~1\HgUpTkl\locals~1\applic~1" : * Dans "C:\DOCUME~1\TDGEZC~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 10/11/2008 à 20:33:48,51 *** Est ce que quelqu'un peut m'aider ? Merci.

Antivirus2009

Réponse 21 / 32

Gawet Messages postés 15 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
13 nov. 2008 à 16:38

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Mr Ballu ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Not Activated)
Firewall : Bitdefender Firewall 8.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:149 Go (Free:147 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 13/11/2008|16:33 )

--------------------\\ Listing des dossiers dans APPLIC~1

[17/03/2008|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[02/07/2007|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[01/01/2007|14:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04/10/2006|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
[20/01/2007|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Binsavetoolsoap
[04/04/2007|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
[07/10/2006|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[30/06/2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\cvcrytun
[30/09/2006|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[18/09/2008|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[27/06/2007|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Exetender
[13/07/2007|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/11/2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[18/03/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[24/08/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[05/03/2007|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[13/11/2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[21/11/2006|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[10/11/2008|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03/10/2007|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[04/07/2008|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[05/12/2006|12:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[16/09/2007|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[13/09/2007|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[05/12/2006|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[05/12/2006|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[13/09/2007|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[30/06/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[20/01/2007|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/10/2006|21:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[07/12/2007|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[29/10/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser

[14/02/2008|09:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[01/01/2006|00:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[13/10/2006|17:55] C:\DOCUME~1\HgUpTkl\APPLIC~1\Microsoft

[10/11/2008|15:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[20/01/2007|18:08] C:\DOCUME~1\MRBALL~1\APPLIC~1\about itch road
[11/02/2008|12:16] C:\DOCUME~1\MRBALL~1\APPLIC~1\Adobe
[23/01/2007|13:19] C:\DOCUME~1\MRBALL~1\APPLIC~1\AdobeUM
[07/04/2008|14:59] C:\DOCUME~1\MRBALL~1\APPLIC~1\Apple Computer
[21/12/2006|08:50] C:\DOCUME~1\MRBALL~1\APPLIC~1\ArcSoft
[23/01/2007|10:55] C:\DOCUME~1\MRBALL~1\APPLIC~1\Babylon
[31/12/2006|15:17] C:\DOCUME~1\MRBALL~1\APPLIC~1\Bitdefender
[20/10/2008|13:03] C:\DOCUME~1\MRBALL~1\APPLIC~1\Canon
[30/09/2006|17:59] C:\DOCUME~1\MRBALL~1\APPLIC~1\CyberLink
[18/10/2006|16:26] C:\DOCUME~1\MRBALL~1\APPLIC~1\DivX
[09/11/2008|02:59] C:\DOCUME~1\MRBALL~1\APPLIC~1\Google
[29/05/2007|22:25] C:\DOCUME~1\MRBALL~1\APPLIC~1\Help
[01/01/2006|00:52] C:\DOCUME~1\MRBALL~1\APPLIC~1\Identities
[18/03/2008|16:11] C:\DOCUME~1\MRBALL~1\APPLIC~1\InstallShield
[06/02/2007|20:34] C:\DOCUME~1\MRBALL~1\APPLIC~1\Lavasoft
[24/08/2008|18:00] C:\DOCUME~1\MRBALL~1\APPLIC~1\Leadertech
[04/10/2006|19:03] C:\DOCUME~1\MRBALL~1\APPLIC~1\Macromedia
[13/11/2008|14:23] C:\DOCUME~1\MRBALL~1\APPLIC~1\Malwarebytes
[02/10/2008|12:53] C:\DOCUME~1\MRBALL~1\APPLIC~1\Microsoft
[19/08/2008|14:10] C:\DOCUME~1\MRBALL~1\APPLIC~1\Mozilla
[09/08/2007|10:20] C:\DOCUME~1\MRBALL~1\APPLIC~1\NCH Swift Sound
[10/01/2007|00:45] C:\DOCUME~1\MRBALL~1\APPLIC~1\Real
[07/10/2006|16:51] C:\DOCUME~1\MRBALL~1\APPLIC~1\ScanSoft
[31/03/2007|01:38] C:\DOCUME~1\MRBALL~1\APPLIC~1\Screenshot Sender
[17/10/2007|22:10] C:\DOCUME~1\MRBALL~1\APPLIC~1\SecuROM
[21/08/2008|01:25] C:\DOCUME~1\MRBALL~1\APPLIC~1\Skype
[21/08/2008|00:22] C:\DOCUME~1\MRBALL~1\APPLIC~1\skypePM
[19/05/2007|11:43] C:\DOCUME~1\MRBALL~1\APPLIC~1\Snapfish
[13/09/2007|10:29] C:\DOCUME~1\MRBALL~1\APPLIC~1\Sony Ericsson
[28/09/2007|10:15] C:\DOCUME~1\MRBALL~1\APPLIC~1\Sun
[13/09/2007|10:30] C:\DOCUME~1\MRBALL~1\APPLIC~1\Teleca
[01/10/2008|22:15] C:\DOCUME~1\MRBALL~1\APPLIC~1\utorrent
[29/10/2008|12:47] C:\DOCUME~1\MRBALL~1\APPLIC~1\ZoomBrowser EX

[14/09/2007|13:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[10/10/2006|22:41] C:\DOCUME~1\TDGEZC~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[13/11/2008 15:28][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[13/11/2008 16:00][--ah-----] C:\WINDOWS\tasks\AEA59E7F91620F2F.job
[04/08/2008 06:54][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[13/11/2008 16:16][--a------] C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
[13/11/2008 16:15][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AEA59E7F91620F2F.job )=( c:\docume~1\mrball~1\applic~1\abouti~1\SoapRuleIso.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[09/01/2007|22:41] C:\Program Files\about itch road
[17/03/2008|09:43] C:\Program Files\Adobe
[20/01/2007|18:12] C:\Program Files\Adverts
[01/01/2006|15:31] C:\Program Files\Ahead
[09/10/2007|11:26] C:\Program Files\Apple Software Update
[07/10/2006|16:49] C:\Program Files\ArcSoft
[08/11/2008|21:32] C:\Program Files\a-squared Free
[11/05/2007|15:36] C:\Program Files\ATI Technologies
[12/10/2006|17:24] C:\Program Files\AVI MPEG RM WMV Joiner
[04/10/2006|19:12] C:\Program Files\Babylon
[18/03/2007|19:20] C:\Program Files\Canon
[15/01/2008|22:44] C:\Program Files\Circle Developement
[01/01/2006|00:29] C:\Program Files\ComPlus Applications
[21/02/2007|09:43] C:\Program Files\Cradle Of Rome
[01/01/2006|15:34] C:\Program Files\CyberLink
[13/09/2007|11:03] C:\Program Files\Disc2Phone
[19/08/2008|22:50] C:\Program Files\DivX
[12/11/2008|04:36] C:\Program Files\eMule
[30/06/2008|15:37] C:\Program Files\Enigma Software Group
[22/05/2008|09:54] C:\Program Files\Everest Poker
[27/05/2008|22:36] C:\Program Files\Fichiers communs
[04/07/2008|11:47] C:\Program Files\Free Audio Pack
[13/11/2008|13:23] C:\Program Files\Google
[18/03/2008|16:12] C:\Program Files\InstallShield Installation Information
[30/09/2006|17:38] C:\Program Files\InterActual
[15/10/2008|21:03] C:\Program Files\Internet Explorer
[09/10/2006|17:54] C:\Program Files\Inventel
[07/04/2008|14:09] C:\Program Files\iPod
[07/04/2008|14:09] C:\Program Files\iTunes
[16/07/2008|09:08] C:\Program Files\Java
[04/10/2006|19:01] C:\Program Files\Larousse
[06/02/2007|20:32] C:\Program Files\Lavasoft
[16/02/2007|19:37] C:\Program Files\Lexa software
[24/08/2008|17:54] C:\Program Files\Logitech
[13/11/2008|14:23] C:\Program Files\Malwarebytes' Anti-Malware
[13/08/2008|09:14] C:\Program Files\Messenger
[03/09/2008|18:41] C:\Program Files\Messenger Plus! Live
[08/08/2007|13:07] C:\Program Files\Metronome
[11/05/2007|15:52] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[01/01/2006|00:32] C:\Program Files\microsoft frontpage
[22/01/2007|19:27] C:\Program Files\Microsoft Office
[07/12/2007|18:24] C:\Program Files\Microsoft SQL Server Compact Edition
[24/01/2007|12:24] C:\Program Files\Microsoft Works
[22/01/2007|19:28] C:\Program Files\Microsoft.NET
[01/01/2006|00:30] C:\Program Files\Movie Maker
[05/09/2008|15:04] C:\Program Files\Mozilla Firefox
[04/10/2006|19:17] C:\Program Files\MSN
[01/01/2006|00:28] C:\Program Files\MSN Gaming Zone
[27/12/2006|18:17] C:\Program Files\MSXML 4.0
[10/11/2008|20:34] C:\Program Files\Navilog1
[09/08/2007|10:20] C:\Program Files\NCH Swift Sound
[28/11/2006|20:10] C:\Program Files\NetMeeting
[01/01/2006|00:29] C:\Program Files\Online Services
[12/02/2007|19:10] C:\Program Files\orange
[13/06/2007|18:02] C:\Program Files\Outlook Express
[27/06/2007|19:00] C:\Program Files\Player Metaboli
[07/11/2006|13:14] C:\Program Files\Plus!
[07/04/2008|14:06] C:\Program Files\QuickTime
[18/03/2008|16:12] C:\Program Files\Reallusion
[30/06/2008|12:17] C:\Program Files\RogueRemover FREE
[07/04/2008|14:17] C:\Program Files\Safari
[07/10/2006|16:51] C:\Program Files\ScanSoft
[09/10/2006|20:47] C:\Program Files\Securitoo
[01/01/2006|00:31] C:\Program Files\Services en ligne
[25/06/2008|00:13] C:\Program Files\Skype
[01/01/2006|15:20] C:\Program Files\Softwin
[13/09/2007|10:22] C:\Program Files\Sony Ericsson
[16/07/2008|09:09] C:\Program Files\Sun
[12/11/2008|01:06] C:\Program Files\Trend Micro
[17/10/2007|20:48] C:\Program Files\Ubisoft
[01/01/2006|00:52] C:\Program Files\Uninstall Information
[24/02/2007|11:08] C:\Program Files\utorrent
[18/09/2008|16:53] C:\Program Files\VirginMega
[04/01/2007|18:30] C:\Program Files\Wanadoo
[02/10/2008|12:53] C:\Program Files\Windows Live
[30/11/2007|06:30] C:\Program Files\Windows Live Toolbar
[20/01/2007|14:01] C:\Program Files\Windows Media Connect 2
[18/09/2008|16:50] C:\Program Files\Windows Media Player
[01/01/2006|00:28] C:\Program Files\Windows NT
[01/01/2006|00:31] C:\Program Files\WindowsUpdate
[12/10/2006|19:45] C:\Program Files\WinRAR
[01/01/2006|00:32] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[17/03/2008|09:43] C:\Program Files\Fichiers communs\Adobe
[01/01/2006|15:31] C:\Program Files\Fichiers communs\Ahead
[02/07/2007|11:55] C:\Program Files\Fichiers communs\Apple
[18/03/2007|19:19] C:\Program Files\Fichiers communs\Canon
[22/01/2007|19:27] C:\Program Files\Fichiers communs\DESIGNER
[18/03/2008|16:12] C:\Program Files\Fichiers communs\InstallShield
[28/09/2007|10:10] C:\Program Files\Fichiers communs\Java
[24/08/2008|17:58] C:\Program Files\Fichiers communs\LogiShrd
[26/12/2006|17:42] C:\Program Files\Fichiers communs\Logitech
[07/12/2007|18:19] C:\Program Files\Fichiers communs\Microsoft Shared
[01/01/2006|00:30] C:\Program Files\Fichiers communs\MSSoap
[01/01/2006|15:32] C:\Program Files\Fichiers communs\Nero
[01/01/2006|01:18] C:\Program Files\Fichiers communs\ODBC
[07/10/2006|16:51] C:\Program Files\Fichiers communs\ScanSoft Shared
[30/06/2008|12:29] C:\Program Files\Fichiers communs\Services
[27/05/2008|22:36] C:\Program Files\Fichiers communs\Skype
[31/12/2006|15:12] C:\Program Files\Fichiers communs\Softwin
[13/09/2007|10:23] C:\Program Files\Fichiers communs\Sony Ericsson Shared
[01/01/2006|01:18] C:\Program Files\Fichiers communs\SpeechEngines
[30/06/2008|12:29] C:\Program Files\Fichiers communs\System
[13/09/2007|10:23] C:\Program Files\Fichiers communs\Teleca Shared
[07/12/2007|18:18] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 53 Processes )

iexplore.exe ~ [PID:4260]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\MRBALL~1\APPLIC~1\abouti~1
C:\Program Files\abouti~1
C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\msgpl_0928.tmp
C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\msgpl_1924.tmp
C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\msgpl_1a10.tmp
C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\msgpl_d396.tmp
C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\nse40.tmp
C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\nss14B.tmp
C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\nsy157.tmp
C:\Program Files\Adverts
C:\Program Files\Circle Developement
C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@d2.advertserve[1].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@advertstream[1].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@imagevenue.advertserve[2].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@adultfriendfinder[2].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@advertising[2].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@bigpoint[1].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@fr.thepimps.bigpoint[1].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@fr1.darkorbit.bigpoint[2].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@banner.casinoking[2].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@casinoking[1].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@banner.cotedazurpalace[2].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@cotedazurpalace[1].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@adopt.euroclick[2].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@partygaming.122.2o7[1].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@partypoker[2].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@888[1].txt
C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@888[2].txt
C:\WINDOWS\Tasks\AEA59E7F91620F2F.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SIZE SURF"="C:\\DOCUME~1\\MRBALL~1\\APPLIC~1\\ABOUTI~1\\Safe Bold License.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 16:35:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:1371][D:303]-> C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp
[F:1982][D:0]-> C:\DOCUME~1\MRBALL~1\Cookies
[F:6870][D:25]-> C:\DOCUME~1\MRBALL~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13/11/2008|16:37 - Option : [1]

--------------------\\ Fin du rapport a 16:37:19

Réponse 22 / 32

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 16:41

ok maintenant :

▶ Relance Lop S&D

▶ Choisis cette fois-ci l'option 2 (Suppression)

▶ Ne ferme pas la fenêtre lors de la suppression !

▶ Poste le rapport généré (C:\lopR.txt)

* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

et ensuite refais un nouveau rapport hijackthis stp

Gawet Messages postés 15 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
13 nov. 2008 à 16:52

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Mr Ballu ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Not Activated)
Firewall : Bitdefender Firewall 8.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:149 Go (Free:147 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 13/11/2008|16:44 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\msgpl_0928.tmp
Supprime! - C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\msgpl_1924.tmp
Supprime! - C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\msgpl_1a10.tmp
Supprime! - C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\msgpl_d396.tmp
Supprime! - C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\nse40.tmp
Supprime! - C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\nss14B.tmp
Supprime! - C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp\nsy157.tmp
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@d2.advertserve[1].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@advertstream[1].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@imagevenue.advertserve[2].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@adultfriendfinder[2].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@advertising[2].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@bigpoint[1].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@fr.thepimps.bigpoint[1].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@fr1.darkorbit.bigpoint[2].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@banner.casinoking[2].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@casinoking[1].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@partygaming.122.2o7[1].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr_ballu@partypoker[2].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@888[1].txt
Supprime! - C:\DOCUME~1\MRBALL~1\Cookies\mr ballu@888[2].txt
Supprime! - C:\WINDOWS\Tasks\AEA59E7F91620F2F.job
Supprime! - C:\DOCUME~1\MRBALL~1\APPLIC~1\abouti~1
Supprime! - C:\Program Files\abouti~1
Supprime! - C:\Program Files\Adverts
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[17/03/2008|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[02/07/2007|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[01/01/2007|14:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04/10/2006|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
[20/01/2007|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Binsavetoolsoap
[04/04/2007|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
[07/10/2006|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[30/06/2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\cvcrytun
[30/09/2006|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[18/09/2008|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[27/06/2007|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Exetender
[13/07/2007|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/11/2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[18/03/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[24/08/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[05/03/2007|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[13/11/2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[21/11/2006|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[10/11/2008|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03/10/2007|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[04/07/2008|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[05/12/2006|12:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[16/09/2007|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[13/09/2007|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[05/12/2006|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[05/12/2006|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[13/09/2007|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[30/06/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[20/01/2007|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/10/2006|21:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[07/12/2007|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[29/10/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser

[14/02/2008|09:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[01/01/2006|00:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[13/10/2006|17:55] C:\DOCUME~1\HgUpTkl\APPLIC~1\Microsoft

[10/11/2008|15:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[11/02/2008|12:16] C:\DOCUME~1\MRBALL~1\APPLIC~1\Adobe
[23/01/2007|13:19] C:\DOCUME~1\MRBALL~1\APPLIC~1\AdobeUM
[07/04/2008|14:59] C:\DOCUME~1\MRBALL~1\APPLIC~1\Apple Computer
[21/12/2006|08:50] C:\DOCUME~1\MRBALL~1\APPLIC~1\ArcSoft
[23/01/2007|10:55] C:\DOCUME~1\MRBALL~1\APPLIC~1\Babylon
[31/12/2006|15:17] C:\DOCUME~1\MRBALL~1\APPLIC~1\Bitdefender
[20/10/2008|13:03] C:\DOCUME~1\MRBALL~1\APPLIC~1\Canon
[30/09/2006|17:59] C:\DOCUME~1\MRBALL~1\APPLIC~1\CyberLink
[18/10/2006|16:26] C:\DOCUME~1\MRBALL~1\APPLIC~1\DivX
[09/11/2008|02:59] C:\DOCUME~1\MRBALL~1\APPLIC~1\Google
[29/05/2007|22:25] C:\DOCUME~1\MRBALL~1\APPLIC~1\Help
[01/01/2006|00:52] C:\DOCUME~1\MRBALL~1\APPLIC~1\Identities
[18/03/2008|16:11] C:\DOCUME~1\MRBALL~1\APPLIC~1\InstallShield
[06/02/2007|20:34] C:\DOCUME~1\MRBALL~1\APPLIC~1\Lavasoft
[24/08/2008|18:00] C:\DOCUME~1\MRBALL~1\APPLIC~1\Leadertech
[04/10/2006|19:03] C:\DOCUME~1\MRBALL~1\APPLIC~1\Macromedia
[13/11/2008|14:23] C:\DOCUME~1\MRBALL~1\APPLIC~1\Malwarebytes
[02/10/2008|12:53] C:\DOCUME~1\MRBALL~1\APPLIC~1\Microsoft
[19/08/2008|14:10] C:\DOCUME~1\MRBALL~1\APPLIC~1\Mozilla
[09/08/2007|10:20] C:\DOCUME~1\MRBALL~1\APPLIC~1\NCH Swift Sound
[10/01/2007|00:45] C:\DOCUME~1\MRBALL~1\APPLIC~1\Real
[07/10/2006|16:51] C:\DOCUME~1\MRBALL~1\APPLIC~1\ScanSoft
[31/03/2007|01:38] C:\DOCUME~1\MRBALL~1\APPLIC~1\Screenshot Sender
[17/10/2007|22:10] C:\DOCUME~1\MRBALL~1\APPLIC~1\SecuROM
[21/08/2008|01:25] C:\DOCUME~1\MRBALL~1\APPLIC~1\Skype
[21/08/2008|00:22] C:\DOCUME~1\MRBALL~1\APPLIC~1\skypePM
[19/05/2007|11:43] C:\DOCUME~1\MRBALL~1\APPLIC~1\Snapfish
[13/09/2007|10:29] C:\DOCUME~1\MRBALL~1\APPLIC~1\Sony Ericsson
[28/09/2007|10:15] C:\DOCUME~1\MRBALL~1\APPLIC~1\Sun
[13/09/2007|10:30] C:\DOCUME~1\MRBALL~1\APPLIC~1\Teleca
[01/10/2008|22:15] C:\DOCUME~1\MRBALL~1\APPLIC~1\utorrent
[29/10/2008|12:47] C:\DOCUME~1\MRBALL~1\APPLIC~1\ZoomBrowser EX

[14/09/2007|13:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[10/10/2006|22:41] C:\DOCUME~1\TDGEZC~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[13/11/2008 15:28][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[04/08/2008 06:54][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[13/11/2008 16:16][--a------] C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
[13/11/2008 16:15][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[17/03/2008|09:43] C:\Program Files\Adobe
[01/01/2006|15:31] C:\Program Files\Ahead
[09/10/2007|11:26] C:\Program Files\Apple Software Update
[07/10/2006|16:49] C:\Program Files\ArcSoft
[08/11/2008|21:32] C:\Program Files\a-squared Free
[11/05/2007|15:36] C:\Program Files\ATI Technologies
[12/10/2006|17:24] C:\Program Files\AVI MPEG RM WMV Joiner
[04/10/2006|19:12] C:\Program Files\Babylon
[18/03/2007|19:20] C:\Program Files\Canon
[01/01/2006|00:29] C:\Program Files\ComPlus Applications
[21/02/2007|09:43] C:\Program Files\Cradle Of Rome
[01/01/2006|15:34] C:\Program Files\CyberLink
[13/09/2007|11:03] C:\Program Files\Disc2Phone
[19/08/2008|22:50] C:\Program Files\DivX
[12/11/2008|04:36] C:\Program Files\eMule
[30/06/2008|15:37] C:\Program Files\Enigma Software Group
[22/05/2008|09:54] C:\Program Files\Everest Poker
[27/05/2008|22:36] C:\Program Files\Fichiers communs
[04/07/2008|11:47] C:\Program Files\Free Audio Pack
[13/11/2008|13:23] C:\Program Files\Google
[18/03/2008|16:12] C:\Program Files\InstallShield Installation Information
[30/09/2006|17:38] C:\Program Files\InterActual
[15/10/2008|21:03] C:\Program Files\Internet Explorer
[09/10/2006|17:54] C:\Program Files\Inventel
[07/04/2008|14:09] C:\Program Files\iPod
[07/04/2008|14:09] C:\Program Files\iTunes
[16/07/2008|09:08] C:\Program Files\Java
[04/10/2006|19:01] C:\Program Files\Larousse
[06/02/2007|20:32] C:\Program Files\Lavasoft
[16/02/2007|19:37] C:\Program Files\Lexa software
[24/08/2008|17:54] C:\Program Files\Logitech
[13/11/2008|14:23] C:\Program Files\Malwarebytes' Anti-Malware
[13/08/2008|09:14] C:\Program Files\Messenger
[03/09/2008|18:41] C:\Program Files\Messenger Plus! Live
[08/08/2007|13:07] C:\Program Files\Metronome
[11/05/2007|15:52] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[01/01/2006|00:32] C:\Program Files\microsoft frontpage
[22/01/2007|19:27] C:\Program Files\Microsoft Office
[07/12/2007|18:24] C:\Program Files\Microsoft SQL Server Compact Edition
[24/01/2007|12:24] C:\Program Files\Microsoft Works
[22/01/2007|19:28] C:\Program Files\Microsoft.NET
[01/01/2006|00:30] C:\Program Files\Movie Maker
[05/09/2008|15:04] C:\Program Files\Mozilla Firefox
[04/10/2006|19:17] C:\Program Files\MSN
[01/01/2006|00:28] C:\Program Files\MSN Gaming Zone
[27/12/2006|18:17] C:\Program Files\MSXML 4.0
[10/11/2008|20:34] C:\Program Files\Navilog1
[09/08/2007|10:20] C:\Program Files\NCH Swift Sound
[28/11/2006|20:10] C:\Program Files\NetMeeting
[01/01/2006|00:29] C:\Program Files\Online Services
[12/02/2007|19:10] C:\Program Files\orange
[13/06/2007|18:02] C:\Program Files\Outlook Express
[27/06/2007|19:00] C:\Program Files\Player Metaboli
[07/11/2006|13:14] C:\Program Files\Plus!
[07/04/2008|14:06] C:\Program Files\QuickTime
[18/03/2008|16:12] C:\Program Files\Reallusion
[30/06/2008|12:17] C:\Program Files\RogueRemover FREE
[07/04/2008|14:17] C:\Program Files\Safari
[07/10/2006|16:51] C:\Program Files\ScanSoft
[09/10/2006|20:47] C:\Program Files\Securitoo
[01/01/2006|00:31] C:\Program Files\Services en ligne
[25/06/2008|00:13] C:\Program Files\Skype
[01/01/2006|15:20] C:\Program Files\Softwin
[13/09/2007|10:22] C:\Program Files\Sony Ericsson
[16/07/2008|09:09] C:\Program Files\Sun
[12/11/2008|01:06] C:\Program Files\Trend Micro
[17/10/2007|20:48] C:\Program Files\Ubisoft
[01/01/2006|00:52] C:\Program Files\Uninstall Information
[24/02/2007|11:08] C:\Program Files\utorrent
[18/09/2008|16:53] C:\Program Files\VirginMega
[04/01/2007|18:30] C:\Program Files\Wanadoo
[02/10/2008|12:53] C:\Program Files\Windows Live
[30/11/2007|06:30] C:\Program Files\Windows Live Toolbar
[20/01/2007|14:01] C:\Program Files\Windows Media Connect 2
[18/09/2008|16:50] C:\Program Files\Windows Media Player
[01/01/2006|00:28] C:\Program Files\Windows NT
[01/01/2006|00:31] C:\Program Files\WindowsUpdate
[12/10/2006|19:45] C:\Program Files\WinRAR
[01/01/2006|00:32] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[17/03/2008|09:43] C:\Program Files\Fichiers communs\Adobe
[01/01/2006|15:31] C:\Program Files\Fichiers communs\Ahead
[02/07/2007|11:55] C:\Program Files\Fichiers communs\Apple
[18/03/2007|19:19] C:\Program Files\Fichiers communs\Canon
[22/01/2007|19:27] C:\Program Files\Fichiers communs\DESIGNER
[18/03/2008|16:12] C:\Program Files\Fichiers communs\InstallShield
[28/09/2007|10:10] C:\Program Files\Fichiers communs\Java
[24/08/2008|17:58] C:\Program Files\Fichiers communs\LogiShrd
[26/12/2006|17:42] C:\Program Files\Fichiers communs\Logitech
[07/12/2007|18:19] C:\Program Files\Fichiers communs\Microsoft Shared
[01/01/2006|00:30] C:\Program Files\Fichiers communs\MSSoap
[01/01/2006|15:32] C:\Program Files\Fichiers communs\Nero
[01/01/2006|01:18] C:\Program Files\Fichiers communs\ODBC
[07/10/2006|16:51] C:\Program Files\Fichiers communs\ScanSoft Shared
[30/06/2008|12:29] C:\Program Files\Fichiers communs\Services
[27/05/2008|22:36] C:\Program Files\Fichiers communs\Skype
[31/12/2006|15:12] C:\Program Files\Fichiers communs\Softwin
[13/09/2007|10:23] C:\Program Files\Fichiers communs\Sony Ericsson Shared
[01/01/2006|01:18] C:\Program Files\Fichiers communs\SpeechEngines
[30/06/2008|12:29] C:\Program Files\Fichiers communs\System
[13/09/2007|10:23] C:\Program Files\Fichiers communs\Teleca Shared
[07/12/2007|18:18] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 53 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 16:45:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:1285][D:296]-> C:\DOCUME~1\MRBALL~1\LOCALS~1\Temp
[F:1965][D:0]-> C:\DOCUME~1\MRBALL~1\Cookies
[F:6880][D:25]-> C:\DOCUME~1\MRBALL~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13/11/2008|16:37 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 13/11/2008|16:47 - Option : [2]

--------------------\\ Fin du rapport a 16:47:01

Réponse 23 / 32

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 16:53

ok maintenant refais un nouveau rapport hijackthis stp

Réponse 24 / 32

Gawet Messages postés 15 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
13 nov. 2008 à 16:58

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:18, on 13/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mr Ballu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [lcsu1.exe] C:\WINDOWS\TEMP\lcsu1.exe
O4 - HKLM\..\Run: [dmjrc.exe] C:\WINDOWS\system32\dmjrc.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [toolsoapprogramlist] C:\Documents and Settings\All Users\Application Data\Binsavetoolsoap\meow htm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\CF29445.exe" /c "C:\ComboFix\C.bat"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mr Ballu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1c1a9d858a4041cca6e8d34214d8b649
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1c1a9d858a4041cca6e8d34214d8b649
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gaetanballu.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Réponse 25 / 32

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 17:02

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

puis tu cliques sur fix checked.

ensuite :

▶ Télécharge JavaRa.zip

▶ Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)

▶ Double-clique sur le répertoire JavaRa obtenu.

▶ Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)

▶ Clique sur Search For Updates.

▶ Sélectionne Update Using jucheck.exe puis clique sur Search.

▶ Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.

▶ Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.

▶ Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

▶ Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.

* Note : le rapport se trouve aussi là : ( C:\JavaRa.log )

▶ Ferme l'application et dis moi si tu as encore des problèmes.

Réponse 26 / 32

Gawet Messages postés 15 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
13 nov. 2008 à 17:19

Lorsque je clique sur search, le message suivant s'affiche:"Vous disposez déja de la Plateforme Java(TM) la plus récente sur ce système.

Réponse 27 / 32

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 17:22

ah oui ! dsl pas vu lol

fais quand meme la partie pour supprimer les versions antérieures stp

et dis moi si tu as encore des problèmes

Gawet Messages postés 15 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
14 nov. 2008 à 10:17

Apparemment je n'ai plus de problème. Je te remercie pou le temps que tu as consacré à mon problème. Je te conseillerais à mes amis ainsi que le site.
Merci !

Réponse 28 / 32

Gawet Messages postés 15 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
13 nov. 2008 à 17:26

Voici le rapport :

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Nov 13 17:23:53 2008

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

Réponse 29 / 32

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
14 nov. 2008 à 12:46

Salut !!

ok tu peux faire ceci pour terminer stp :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

▶ Télécharge Toolscleaner sur ton Bureau

▶ Double-clique sur ToolsCleaner2.exe et laisse le travailler
▶ Clique sur Recherche et laisse le scan se terminer.
▶ Clique sur Suppression pour finaliser.
▶ Tu peux, si tu le souhaites, te servir des Options facultatives.
▶ Clique sur Quitter, pour que le rapport puisse se créer.
▶ Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

Désactive et réactive la Restauration du système :

Le fait de faire cette manipulation va supprimer tous les virus qui auraient pu se loger dans les
points de restauration que tu avais créé auparavant.. Il est donc recommandé de la faire :

1 Dans la barre des tâches de Windows, clique sur Démarrer.

2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.

5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration en cliquant sur démarrer => tous les programmes => accessoires =>

outils systeme => restauration du systeme => créer un point de restauration => tu mets un nom

(exemple : après désinfection sur CCM) puis tu valides.

pour XP : Voici un tutoriel en cas de problèmes.

Tu peux mettre ton problème résolu !! Comment mettre résolu ??

Réponse 30 / 32

Gawet Messages postés 15 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 14 novembre 2008
14 nov. 2008 à 15:27

Salut ! Voici le rapport :

[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\fixnavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\avenger: trouvé !
C:\Combofix: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Mr Ballu\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Mr Ballu\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\Mr Ballu\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Mr Ballu\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Mr Ballu\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Mr Ballu\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\Mr Ballu\Bureau\GenProc: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Mr Ballu\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Mr Ballu\Bureau\Navilog1.exe: supprimé !
C:\Documents and Settings\Mr Ballu\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Mr Ballu\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\Mr Ballu\Bureau\SmitFraudFix.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\fixnavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\avenger: ERREUR DE SUPPRESSION !!
C:\Combofix: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\Mr Ballu\Bureau\SmitFraudfix: supprimé !
C:\Documents and Settings\Mr Ballu\Bureau\GenProc: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Réponse 31 / 32

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
14 nov. 2008 à 17:08

C est ok ;-)

tu peux supprimer combofix qui est sur ton bureau...

Et fais bien la suite car c esrt très important

@+

Gawet
16 nov. 2008 à 16:40

Salut !
J'ai supprimer combofix du bureau. J'attend la suite.

Réponse 32 / 32

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
16 nov. 2008 à 16:54

Salut !!

la suite est au message 35 : activer et désactiver la restauration