High-Tech Santé Médecine Droit-Finances

Réalisation

vidéo numérique

Rechercher : dans
Par :

Cid publicitaire

Dernière réponse le 16 nov 2009 à 13:33:43 TYBOY, le 7 nov 2009 à 09:31:45 
 Signaler ce message aux modérateurs

Bonjour,
je suis envahie de pub cid publicitaire et j aimerais m'en débarasser.

merci

Configuration: Windows Vista Internet Explorer 7.0

Posez votre question Répondre

1

gen-hackman, le 7 nov 2009 à 09:37:17

Salut :


▶ télécharge LOP S&D sur ton Bureau.

▶ Double-clique dessus pour lancer l'installation
▶ Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
▶ Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
▶ Patiente jusqu'à la fin du scan

▶ Poste le rapport généré (C:\lopR.txt) ♦G3и-н@¢км@и™©®♦

   
Répondre à gen-hackman

2

TYBOY, le 7 nov 2009 à 19:19:47

------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : fuselier ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:141 Go (Free:100 Go)
D:\ (Local Disk) - NTFS - Total:7 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 07/11/2009|19:01 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[19/12/2007|12:03] C:\Users\fuselier\AppData\Local\Adobe
[26/01/2008|16:14] C:\Users\fuselier\AppData\Local\Apple
[18/08/2008|08:45] C:\Users\fuselier\AppData\Local\Apple Computer
[12/12/2007|20:47] C:\Users\fuselier\AppData\Local\Application Data
[05/02/2008|11:28] C:\Users\fuselier\AppData\Local\Apps
[12/12/2007|20:59] C:\Users\fuselier\AppData\Local\AtStart.txt
[13/12/2007|23:17] C:\Users\fuselier\AppData\Local\capcom
[12/01/2009|18:16] C:\Users\fuselier\AppData\Local\cmzmilfd.bat
[04/11/2009|16:26] C:\Users\fuselier\AppData\Local\d3d9caps.dat
[24/08/2009|14:50] C:\Users\fuselier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[05/02/2008|11:29] C:\Users\fuselier\AppData\Local\Deployment
[22/04/2009|23:30] C:\Users\fuselier\AppData\Local\Downloaded Installations
[12/12/2007|20:59] C:\Users\fuselier\AppData\Local\DSwitch.txt
[17/09/2008|08:11] C:\Users\fuselier\AppData\Local\FnF4.txt
[13/02/2009|16:23] C:\Users\fuselier\AppData\Local\GDIPFONTCACHEV1.DAT
[04/10/2008|08:47] C:\Users\fuselier\AppData\Local\Glowria
[07/11/2009|09:25] C:\Users\fuselier\AppData\Local\Google
[12/12/2007|20:47] C:\Users\fuselier\AppData\Local\Historique
[16/12/2007|02:02] C:\Users\fuselier\AppData\Local\HP
[06/11/2009|14:30] C:\Users\fuselier\AppData\Local\IconCache.db
[17/12/2007|20:10] C:\Users\fuselier\AppData\Local\IsolatedStorage
[17/01/2009|14:35] C:\Users\fuselier\AppData\Local\Microsoft
[04/02/2008|23:15] C:\Users\fuselier\AppData\Local\Microsoft Games
[20/12/2007|21:05] C:\Users\fuselier\AppData\Local\Microsoft Help
[28/02/2008|18:19] C:\Users\fuselier\AppData\Local\MigWiz
[06/04/2009|10:37] C:\Users\fuselier\AppData\Local\Mozilla
[06/01/2009|19:04] C:\Users\fuselier\AppData\Local\Orange
[22/04/2009|23:32] C:\Users\fuselier\AppData\Local\procaster
[12/12/2007|20:59] C:\Users\fuselier\AppData\Local\QSwitch.txt
[12/12/2007|18:59] C:\Users\fuselier\AppData\Local\QuickPlay
[13/12/2007|21:26] C:\Users\fuselier\AppData\Local\Steam
[15/12/2008|18:29] C:\Users\fuselier\AppData\Local\Symantec
[07/11/2009|19:01] C:\Users\fuselier\AppData\Local\Temp
[12/12/2007|20:47] C:\Users\fuselier\AppData\Local\Temporary Internet Files
[16/12/2007|02:03] C:\Users\fuselier\AppData\Local\VirtualStore
[07/01/2008|14:27] C:\Users\fuselier\AppData\Local\Windows Live Writer
[30/05/2009|12:05] C:\Users\fuselier\AppData\Local\X-Plane Installer.prf
[28/05/2009|19:32] C:\Users\fuselier\AppData\Local\x-plane_install.txt

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[07/11/2009 13:20][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[06/11/2009 14:42][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[26/10/2009 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - fuselier.job
[07/11/2009 18:53][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{AB027A15-3301-4FB0-AACB-CAAA37702805}.job
[06/11/2009 14:33][--ah-----] C:\Windows\tasks\SA.DAT
[06/11/2009 14:31][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[26/11/2008|22:24] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[25/06/2007|21:53] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[03/06/2009|18:02] C:\ProgramData\Adobe
[26/01/2008|16:13] C:\ProgramData\Apple
[26/11/2008|22:23] C:\ProgramData\Apple Computer
[12/12/2007|20:44] C:\ProgramData\Application Data
[02/11/2009|10:02] C:\ProgramData\Avira
[12/12/2007|20:44] C:\ProgramData\Bureau
[14/04/2009|08:58] C:\ProgramData\CyberLink
[12/12/2007|20:44] C:\ProgramData\Documents
[25/04/2009|12:34] C:\ProgramData\Electronic Arts
[14/03/2009|18:53] C:\ProgramData\EPSON
[12/12/2007|20:44] C:\ProgramData\Favoris
[06/11/2009|09:53] C:\ProgramData\Google
[25/06/2007|22:27] C:\ProgramData\Hewlett-Packard
[12/12/2007|18:26] C:\ProgramData\HP
[25/06/2007|22:03] C:\ProgramData\hpzinstall.log
[18/03/2008|15:43] C:\ProgramData\LogiShrd
[18/03/2008|15:39] C:\ProgramData\Logitech
[02/11/2009|11:06] C:\ProgramData\Malwarebytes
[31/08/2008|13:02] C:\ProgramData\Media Center Programs
[12/12/2007|20:44] C:\ProgramData\Menu D‚marrer
[07/01/2008|11:12] C:\ProgramData\MGS
[11/04/2009|16:36] C:\ProgramData\Microsoft
[20/12/2007|22:37] C:\ProgramData\Microsoft Help
[12/12/2007|20:44] C:\ProgramData\ModŠles
[02/11/2009|14:03] C:\ProgramData\mp3 free delete.iogmyet
[02/11/2009|09:29] C:\ProgramData\Norton
[10/12/2008|12:40] C:\ProgramData\NortonInstaller
[03/11/2009|21:43] C:\ProgramData\NVIDIA
[07/11/2009|18:49] C:\ProgramData\nvModes.001
[07/11/2009|18:49] C:\ProgramData\nvModes.dat
[10/12/2008|12:40] C:\ProgramData\PCSettings
[05/11/2009|11:15] C:\ProgramData\Peak Upload Second
[25/06/2007|21:35] C:\ProgramData\Roxio
[12/05/2008|08:17] C:\ProgramData\Skype
[19/02/2008|15:53] C:\ProgramData\Sonic
[26/02/2009|15:01] C:\ProgramData\SPL182C.tmp
[03/11/2008|09:59] C:\ProgramData\SPL1A05.tmp
[28/03/2008|19:38] C:\ProgramData\SPL1C9.tmp
[28/01/2009|08:34] C:\ProgramData\SPL1D04.tmp
[14/09/2008|16:09] C:\ProgramData\SPL1E85.tmp
[27/09/2008|14:30] C:\ProgramData\SPL2010.tmp
[28/09/2008|16:01] C:\ProgramData\SPL2590.tmp
[18/04/2008|21:12] C:\ProgramData\SPL283A.tmp
[25/11/2008|21:16] C:\ProgramData\SPL28D2.tmp
[04/11/2008|19:06] C:\ProgramData\SPL2B31.tmp
[27/12/2007|17:04] C:\ProgramData\SPL2DAA.tmp
[04/11/2008|19:11] C:\ProgramData\SPL37E0.tmp
[11/09/2008|18:49] C:\ProgramData\SPL4374.tmp
[03/02/2009|11:28] C:\ProgramData\SPL456E.tmp
[02/05/2008|13:06] C:\ProgramData\SPL4FF8.tmp
[11/04/2008|13:21] C:\ProgramData\SPL5205.tmp
[03/03/2009|19:45] C:\ProgramData\SPL5407.tmp
[24/11/2008|20:58] C:\ProgramData\SPL5427.tmp
[15/10/2008|13:11] C:\ProgramData\SPL574D.tmp
[22/01/2009|13:49] C:\ProgramData\SPL5C17.tmp
[24/11/2008|09:25] C:\ProgramData\SPL5F0C.tmp
[27/04/2008|19:08] C:\ProgramData\SPL5F2F.tmp
[22/01/2009|12:45] C:\ProgramData\SPL649B.tmp
[11/04/2008|13:07] C:\ProgramData\SPL67CA.tmp
[27/12/2007|17:11] C:\ProgramData\SPL67DE.tmp
[30/04/2008|13:49] C:\ProgramData\SPL707F.tmp
[26/11/2008|14:34] C:\ProgramData\SPL74CD.tmp
[19/11/2008|06:19] C:\ProgramData\SPL74E0.tmp
[30/04/2008|13:54] C:\ProgramData\SPL781F.tmp
[22/01/2009|12:37] C:\ProgramData\SPL79C3.tmp
[28/01/2009|08:31] C:\ProgramData\SPL7D3C.tmp
[28/03/2008|19:30] C:\ProgramData\SPL7FEC.tmp
[23/10/2008|14:08] C:\ProgramData\SPL8E4B.tmp
[27/09/2008|14:51] C:\ProgramData\SPL954C.tmp
[03/11/2008|09:57] C:\ProgramData\SPL9A0B.tmp
[31/01/2009|18:54] C:\ProgramData\SPL9AC4.tmp
[22/01/2009|12:30] C:\ProgramData\SPLADAE.tmp
[11/04/2008|13:19] C:\ProgramData\SPLAE09.tmp
[02/05/2008|12:17] C:\ProgramData\SPLB705.tmp
[27/04/2008|19:00] C:\ProgramData\SPLB76A.tmp
[18/04/2008|21:08] C:\ProgramData\SPLB846.tmp
[26/02/2009|22:20] C:\ProgramData\SPLB940.tmp
[04/03/2009|12:09] C:\ProgramData\SPLBBEA.tmp
[08/06/2008|12:26] C:\ProgramData\SPLBF01.tmp
[11/06/2008|20:12] C:\ProgramData\SPLC4BB.tmp
[28/04/2008|16:58] C:\ProgramData\SPLC7BC.tmp
[03/03/2009|19:54] C:\ProgramData\SPLC9B5.tmp
[28/09/2008|16:00] C:\ProgramData\SPLD1B6.tmp
[13/09/2008|16:26] C:\ProgramData\SPLD767.tmp
[05/11/2008|20:22] C:\ProgramData\SPLD987.tmp
[27/09/2008|14:28] C:\ProgramData\SPLD99E.tmp
[18/11/2008|19:01] C:\ProgramData\SPLDA3A.tmp
[27/09/2008|14:53] C:\ProgramData\SPLE7BF.tmp
[18/11/2008|18:58] C:\ProgramData\SPLED3B.tmp
[31/01/2009|18:51] C:\ProgramData\SPLF014.tmp
[15/10/2008|13:08] C:\ProgramData\SPLFDD6.tmp
[10/12/2008|12:49] C:\ProgramData\Symantec
[10/12/2008|12:31] C:\ProgramData\Symantec Temporary Files
[02/11/2009|09:42] C:\ProgramData\TEMP
[02/11/2009|14:03] C:\ProgramData\Time Dead Warn Default
[09/07/2009|22:06] C:\ProgramData\Type Hole Hole.5yued
[02/11/2009|14:02] C:\ProgramData\Type Hole Hole.64ms1x
[02/11/2009|14:02] C:\ProgramData\Type Hole Hole.kz11b6
[14/03/2009|19:02] C:\ProgramData\UDL
[12/08/2008|09:31] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[25/06/2007|21:53] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[03/06/2009|18:02] C:\Program Files\Adobe
[22/01/2008|15:47] C:\Program Files\AOL Pictures
[17/08/2008|09:52] C:\Program Files\Apple Software Update
[02/11/2009|10:02] C:\Program Files\Avira
[14/01/2009|21:59] C:\Program Files\Bonjour
[15/12/2007|17:11] C:\Program Files\BoontyGames
[02/11/2009|14:00] C:\Program Files\CCleaner
[02/11/2009|09:44] C:\Program Files\Common Files
[25/06/2007|22:05] C:\Program Files\EasyBits
[17/06/2009|23:12] C:\Program Files\Electronic Arts
[14/03/2009|19:00] C:\Program Files\epson
[12/12/2007|20:44] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[06/11/2009|14:30] C:\Program Files\Google
[09/10/2008|20:37] C:\Program Files\Hewlett-Packard
[27/08/2008|16:18] C:\Program Files\HP
[25/06/2007|22:11] C:\Program Files\HPQ
[17/06/2009|23:12] C:\Program Files\InstallShield Installation Information
[25/06/2007|21:16] C:\Program Files\Intel
[03/11/2009|21:00] C:\Program Files\Internet Explorer
[26/11/2008|22:24] C:\Program Files\iPod
[26/11/2008|22:24] C:\Program Files\iTunes
[26/03/2009|13:36] C:\Program Files\Java
[13/02/2009|16:13] C:\Program Files\JRE
[18/03/2008|15:39] C:\Program Files\Logitech
[10/03/2009|17:04] C:\Program Files\Lx_cats
[02/11/2009|11:06] C:\Program Files\Malwarebytes' Anti-Malware
[14/03/2009|18:11] C:\Program Files\MFP Server
[11/04/2009|16:31] C:\Program Files\Microsoft
[15/12/2007|09:08] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[20/12/2007|23:23] C:\Program Files\Microsoft FrontPage
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[28/12/2007|16:54] C:\Program Files\Microsoft Hardware
[11/09/2009|12:45] C:\Program Files\Microsoft Silverlight
[14/12/2007|16:52] C:\Program Files\Microsoft SQL Server Compact Edition
[11/04/2009|16:36] C:\Program Files\Microsoft Sync Framework
[06/12/2008|19:39] C:\Program Files\Microsoft Works
[25/06/2007|20:55] C:\Program Files\Motorola
[03/11/2009|21:00] C:\Program Files\Movie Maker
[04/11/2009|15:14] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[12/12/2007|21:33] C:\Program Files\MSXML 4.0
[16/07/2008|13:24] C:\Program Files\Neuf
[02/11/2009|09:34] C:\Program Files\Norton Internet Security
[13/02/2009|16:13] C:\Program Files\OpenOffice.org 3
[22/04/2009|23:02] C:\Program Files\Procaster
[26/11/2008|22:22] C:\Program Files\QuickTime
[25/06/2007|22:09] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[25/06/2007|21:36] C:\Program Files\Roxio
[25/06/2007|22:06] C:\Program Files\Services en ligne
[12/05/2008|08:17] C:\Program Files\Skype
[31/12/2007|16:12] C:\Program Files\Sony
[20/12/2007|21:49] C:\Program Files\SP38015
[25/06/2007|21:01] C:\Program Files\Synaptics
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[03/11/2009|21:00] C:\Program Files\Windows Calendar
[03/11/2009|21:00] C:\Program Files\Windows Collaboration
[03/11/2009|21:00] C:\Program Files\Windows Defender
[03/11/2009|21:00] C:\Program Files\Windows Journal
[11/04/2009|16:37] C:\Program Files\Windows Live
[14/12/2007|16:54] C:\Program Files\Windows Live Favorites
[11/04/2009|16:31] C:\Program Files\Windows Live SkyDrive
[11/04/2009|16:37] C:\Program Files\Windows Live Toolbar
[03/11/2009|21:00] C:\Program Files\Windows Mail
[03/11/2009|21:00] C:\Program Files\Windows Media Player
[12/12/2007|20:44] C:\Program Files\Windows NT
[03/11/2009|21:00] C:\Program Files\Windows Photo Gallery
[03/11/2009|21:00] C:\Program Files\Windows Sidebar
[04/01/2008|23:51] C:\Program Files\WMV9_VCM
[07/01/2009|19:29] C:\Program Files\Yahoo!
[10/12/2008|18:45] C:\Program Files\YesMessenger

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[03/06/2009|18:02] C:\Program Files\Common Files\Adobe
[26/11/2008|22:24] C:\Program Files\Common Files\Apple
[25/06/2007|22:03] C:\Program Files\Common Files\HP
[14/03/2009|18:24] C:\Program Files\Common Files\InstallShield
[25/06/2007|22:26] C:\Program Files\Common Files\Java
[25/06/2007|22:11] C:\Program Files\Common Files\LightScribe
[18/03/2008|15:39] C:\Program Files\Common Files\Logishrd
[07/03/2009|14:57] C:\Program Files\Common Files\Logitech
[06/03/2009|10:36] C:\Program Files\Common Files\microsoft shared
[25/06/2007|21:35] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[25/06/2007|21:34] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[13/10/2008|19:02] C:\Program Files\Common Files\Steam
[25/06/2007|21:36] C:\Program Files\Common Files\SureThing Shared
[02/11/2009|09:28] C:\Program Files\Common Files\Symantec Shared
[03/11/2009|21:00] C:\Program Files\Common Files\System
[11/04/2009|16:21] C:\Program Files\Common Files\Windows Live
[14/12/2007|16:49] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 107 Processes )

iexplore.exe ~ [PID:2140]
iexplore.exe ~ [PID:2720]
iexplore.exe ~ [PID:5760]
iexplore.exe ~ [PID:6116]
iexplore.exe ~ [PID:4440]
iexplore.exe ~ [PID:5580]
iexplore.exe ~ [PID:4020]
iexplore.exe ~ [PID:4868]
iexplore.exe ~ [PID:5464]
iexplore.exe ~ [PID:5664]
iexplore.exe ~ [PID:6932]
iexplore.exe ~ [PID:7504]
iexplore.exe ~ [PID:8100]
iexplore.exe ~ [PID:6792]
iexplore.exe ~ [PID:7844]
iexplore.exe ~ [PID:7660]
iexplore.exe ~ [PID:7284]
iexplore.exe ~ [PID:5868]
iexplore.exe ~ [PID:7900]
iexplore.exe ~ [PID:3948]
iexplore.exe ~ [PID:8052]
iexplore.exe ~ [PID:8032]
iexplore.exe ~ [PID:7196]
iexplore.exe ~ [PID:8120]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\Type Hole Hole.5yued
C:\ProgramData\Type Hole Hole.64ms1x
C:\ProgramData\Type Hole Hole.kz11b6
C:\ProgramData\mp3 free delete.iogmyet

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Time Dead Warn Default
C:\ProgramData\Time Dead Warn Default\Bash List.dat
C:\ProgramData\Time Dead Warn Default\Bash List.exe
C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies\fuselier@advertising[1].txt
C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies\fuselier@advertising[2].txt
C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies\fuselier@cotedazurpalace[2].txt
C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies\fuselier@serve.cotedazurpalace[1].txt
C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies\fuselier@www.cotedazurpalace[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Debug Locks"="\"C:\\ProgramData\\Type Hole Hole.kz11b6\""
"warn default inter for"="\"C:\\ProgramData\\mp3 free delete.iogmyet\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 19:01:39
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\fuselier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLS4D265\mobifun_MBFII_AGR_CrackBonky_728x90_051109[1].gif


[F:93][D:19]-> C:\Users\fuselier\AppData\Local\Temp
[F:155][D:1]-> C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2866][D:4]-> C:\Users\fuselier\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:40][D:5]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 27/07/2009|15:13 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 05/11/2009|10:14 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - 06/11/2009|14:05 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - 07/11/2009| 9:43 - Option : [1]
5 - "C:\Lop SD\LopR_5.txt" - 07/11/2009| 9:46 - Option : [1]
6 - "C:\Lop SD\LopR_6.txt" - 07/11/2009|19:03 - Option : [1]

   
Répondre à TYBOY

3

gen-hackman, le 7 nov 2009 à 20:35:04

▶ double-clique sur le raccourci Lop S&D présent sur ton Bureau

▶ Séléctionne la langue souhaitée , puis choisis l'option "Suppression + Hosts"
▶ Patiente jusqu'à la fin du scan
▶ Poste le rapport généré (C:\lopR.txt) ♦G3и-н@¢км@и™©®♦

   
Répondre à gen-hackman

4

TYBOY, le 8 nov 2009 à 09:35:29

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : fuselier ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:141 Go (Free:100 Go)
D:\ (Local Disk) - NTFS - Total:7 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 08/11/2009| 9:30 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\Time Dead Warn Default\Bash List.dat
Supprime! - C:\ProgramData\Time Dead Warn Default\Bash List.exe
Supprime! - C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies\fuselier@advertising[1].txt
Supprime! - C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies\fuselier@advertising[2].txt
Supprime! - C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies\fuselier@cotedazurpalace[2].txt
Supprime! - C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies\fuselier@serve.cotedazurpalace[1].txt
Supprime! - C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies\fuselier@www.cotedazurpalace[2].txt
Supprime! - C:\ProgramData\Type Hole Hole.5yued
Supprime! - C:\ProgramData\Type Hole Hole.64ms1x
Supprime! - C:\ProgramData\Type Hole Hole.kz11b6
Supprime! - C:\ProgramData\mp3 free delete.iogmyet
Supprime! - C:\ProgramData\Time Dead Warn Default
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[19/12/2007|12:03] C:\Users\fuselier\AppData\Local\Adobe
[26/01/2008|16:14] C:\Users\fuselier\AppData\Local\Apple
[18/08/2008|08:45] C:\Users\fuselier\AppData\Local\Apple Computer
[12/12/2007|20:47] C:\Users\fuselier\AppData\Local\Application Data
[05/02/2008|11:28] C:\Users\fuselier\AppData\Local\Apps
[12/12/2007|20:59] C:\Users\fuselier\AppData\Local\AtStart.txt
[13/12/2007|23:17] C:\Users\fuselier\AppData\Local\capcom
[12/01/2009|18:16] C:\Users\fuselier\AppData\Local\cmzmilfd.bat
[04/11/2009|16:26] C:\Users\fuselier\AppData\Local\d3d9caps.dat
[24/08/2009|14:50] C:\Users\fuselier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[05/02/2008|11:29] C:\Users\fuselier\AppData\Local\Deployment
[22/04/2009|23:30] C:\Users\fuselier\AppData\Local\Downloaded Installations
[12/12/2007|20:59] C:\Users\fuselier\AppData\Local\DSwitch.txt
[17/09/2008|08:11] C:\Users\fuselier\AppData\Local\FnF4.txt
[13/02/2009|16:23] C:\Users\fuselier\AppData\Local\GDIPFONTCACHEV1.DAT
[04/10/2008|08:47] C:\Users\fuselier\AppData\Local\Glowria
[07/11/2009|09:25] C:\Users\fuselier\AppData\Local\Google
[12/12/2007|20:47] C:\Users\fuselier\AppData\Local\Historique
[16/12/2007|02:02] C:\Users\fuselier\AppData\Local\HP
[06/11/2009|14:30] C:\Users\fuselier\AppData\Local\IconCache.db
[17/12/2007|20:10] C:\Users\fuselier\AppData\Local\IsolatedStorage
[17/01/2009|14:35] C:\Users\fuselier\AppData\Local\Microsoft
[04/02/2008|23:15] C:\Users\fuselier\AppData\Local\Microsoft Games
[20/12/2007|21:05] C:\Users\fuselier\AppData\Local\Microsoft Help
[28/02/2008|18:19] C:\Users\fuselier\AppData\Local\MigWiz
[06/04/2009|10:37] C:\Users\fuselier\AppData\Local\Mozilla
[06/01/2009|19:04] C:\Users\fuselier\AppData\Local\Orange
[22/04/2009|23:32] C:\Users\fuselier\AppData\Local\procaster
[12/12/2007|20:59] C:\Users\fuselier\AppData\Local\QSwitch.txt
[12/12/2007|18:59] C:\Users\fuselier\AppData\Local\QuickPlay
[13/12/2007|21:26] C:\Users\fuselier\AppData\Local\Steam
[15/12/2008|18:29] C:\Users\fuselier\AppData\Local\Symantec
[08/11/2009|09:30] C:\Users\fuselier\AppData\Local\Temp
[12/12/2007|20:47] C:\Users\fuselier\AppData\Local\Temporary Internet Files
[16/12/2007|02:03] C:\Users\fuselier\AppData\Local\VirtualStore
[07/01/2008|14:27] C:\Users\fuselier\AppData\Local\Windows Live Writer
[30/05/2009|12:05] C:\Users\fuselier\AppData\Local\X-Plane Installer.prf
[28/05/2009|19:32] C:\Users\fuselier\AppData\Local\x-plane_install.txt

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[08/11/2009 09:26][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[08/11/2009 07:48][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[26/10/2009 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - fuselier.job
[08/11/2009 00:02][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{AB027A15-3301-4FB0-AACB-CAAA37702805}.job
[08/11/2009 07:47][--ah-----] C:\Windows\tasks\SA.DAT
[06/11/2009 14:31][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[26/11/2008|22:24] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[25/06/2007|21:53] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[03/06/2009|18:02] C:\ProgramData\Adobe
[26/01/2008|16:13] C:\ProgramData\Apple
[26/11/2008|22:23] C:\ProgramData\Apple Computer
[12/12/2007|20:44] C:\ProgramData\Application Data
[02/11/2009|10:02] C:\ProgramData\Avira
[12/12/2007|20:44] C:\ProgramData\Bureau
[14/04/2009|08:58] C:\ProgramData\CyberLink
[12/12/2007|20:44] C:\ProgramData\Documents
[25/04/2009|12:34] C:\ProgramData\Electronic Arts
[14/03/2009|18:53] C:\ProgramData\EPSON
[12/12/2007|20:44] C:\ProgramData\Favoris
[06/11/2009|09:53] C:\ProgramData\Google
[25/06/2007|22:27] C:\ProgramData\Hewlett-Packard
[12/12/2007|18:26] C:\ProgramData\HP
[25/06/2007|22:03] C:\ProgramData\hpzinstall.log
[18/03/2008|15:43] C:\ProgramData\LogiShrd
[18/03/2008|15:39] C:\ProgramData\Logitech
[02/11/2009|11:06] C:\ProgramData\Malwarebytes
[31/08/2008|13:02] C:\ProgramData\Media Center Programs
[12/12/2007|20:44] C:\ProgramData\Menu D‚marrer
[07/01/2008|11:12] C:\ProgramData\MGS
[11/04/2009|16:36] C:\ProgramData\Microsoft
[20/12/2007|22:37] C:\ProgramData\Microsoft Help
[12/12/2007|20:44] C:\ProgramData\ModŠles
[02/11/2009|09:29] C:\ProgramData\Norton
[10/12/2008|12:40] C:\ProgramData\NortonInstaller
[03/11/2009|21:43] C:\ProgramData\NVIDIA
[08/11/2009|09:26] C:\ProgramData\nvModes.001
[08/11/2009|09:26] C:\ProgramData\nvModes.dat
[10/12/2008|12:40] C:\ProgramData\PCSettings
[05/11/2009|11:15] C:\ProgramData\Peak Upload Second
[25/06/2007|21:35] C:\ProgramData\Roxio
[12/05/2008|08:17] C:\ProgramData\Skype
[19/02/2008|15:53] C:\ProgramData\Sonic
[26/02/2009|15:01] C:\ProgramData\SPL182C.tmp
[03/11/2008|09:59] C:\ProgramData\SPL1A05.tmp
[28/03/2008|19:38] C:\ProgramData\SPL1C9.tmp
[28/01/2009|08:34] C:\ProgramData\SPL1D04.tmp
[14/09/2008|16:09] C:\ProgramData\SPL1E85.tmp
[27/09/2008|14:30] C:\ProgramData\SPL2010.tmp
[28/09/2008|16:01] C:\ProgramData\SPL2590.tmp
[18/04/2008|21:12] C:\ProgramData\SPL283A.tmp
[25/11/2008|21:16] C:\ProgramData\SPL28D2.tmp
[04/11/2008|19:06] C:\ProgramData\SPL2B31.tmp
[27/12/2007|17:04] C:\ProgramData\SPL2DAA.tmp
[04/11/2008|19:11] C:\ProgramData\SPL37E0.tmp
[11/09/2008|18:49] C:\ProgramData\SPL4374.tmp
[03/02/2009|11:28] C:\ProgramData\SPL456E.tmp
[02/05/2008|13:06] C:\ProgramData\SPL4FF8.tmp
[11/04/2008|13:21] C:\ProgramData\SPL5205.tmp
[03/03/2009|19:45] C:\ProgramData\SPL5407.tmp
[24/11/2008|20:58] C:\ProgramData\SPL5427.tmp
[15/10/2008|13:11] C:\ProgramData\SPL574D.tmp
[22/01/2009|13:49] C:\ProgramData\SPL5C17.tmp
[24/11/2008|09:25] C:\ProgramData\SPL5F0C.tmp
[27/04/2008|19:08] C:\ProgramData\SPL5F2F.tmp
[22/01/2009|12:45] C:\ProgramData\SPL649B.tmp
[11/04/2008|13:07] C:\ProgramData\SPL67CA.tmp
[27/12/2007|17:11] C:\ProgramData\SPL67DE.tmp
[30/04/2008|13:49] C:\ProgramData\SPL707F.tmp
[26/11/2008|14:34] C:\ProgramData\SPL74CD.tmp
[19/11/2008|06:19] C:\ProgramData\SPL74E0.tmp
[30/04/2008|13:54] C:\ProgramData\SPL781F.tmp
[22/01/2009|12:37] C:\ProgramData\SPL79C3.tmp
[28/01/2009|08:31] C:\ProgramData\SPL7D3C.tmp
[28/03/2008|19:30] C:\ProgramData\SPL7FEC.tmp
[23/10/2008|14:08] C:\ProgramData\SPL8E4B.tmp
[27/09/2008|14:51] C:\ProgramData\SPL954C.tmp
[03/11/2008|09:57] C:\ProgramData\SPL9A0B.tmp
[31/01/2009|18:54] C:\ProgramData\SPL9AC4.tmp
[22/01/2009|12:30] C:\ProgramData\SPLADAE.tmp
[11/04/2008|13:19] C:\ProgramData\SPLAE09.tmp
[02/05/2008|12:17] C:\ProgramData\SPLB705.tmp
[27/04/2008|19:00] C:\ProgramData\SPLB76A.tmp
[18/04/2008|21:08] C:\ProgramData\SPLB846.tmp
[26/02/2009|22:20] C:\ProgramData\SPLB940.tmp
[04/03/2009|12:09] C:\ProgramData\SPLBBEA.tmp
[08/06/2008|12:26] C:\ProgramData\SPLBF01.tmp
[11/06/2008|20:12] C:\ProgramData\SPLC4BB.tmp
[28/04/2008|16:58] C:\ProgramData\SPLC7BC.tmp
[03/03/2009|19:54] C:\ProgramData\SPLC9B5.tmp
[28/09/2008|16:00] C:\ProgramData\SPLD1B6.tmp
[13/09/2008|16:26] C:\ProgramData\SPLD767.tmp
[05/11/2008|20:22] C:\ProgramData\SPLD987.tmp
[27/09/2008|14:28] C:\ProgramData\SPLD99E.tmp
[18/11/2008|19:01] C:\ProgramData\SPLDA3A.tmp
[27/09/2008|14:53] C:\ProgramData\SPLE7BF.tmp
[18/11/2008|18:58] C:\ProgramData\SPLED3B.tmp
[31/01/2009|18:51] C:\ProgramData\SPLF014.tmp
[15/10/2008|13:08] C:\ProgramData\SPLFDD6.tmp
[10/12/2008|12:49] C:\ProgramData\Symantec
[10/12/2008|12:31] C:\ProgramData\Symantec Temporary Files
[02/11/2009|09:42] C:\ProgramData\TEMP
[14/03/2009|19:02] C:\ProgramData\UDL
[12/08/2008|09:31] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[25/06/2007|21:53] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[03/06/2009|18:02] C:\Program Files\Adobe
[22/01/2008|15:47] C:\Program Files\AOL Pictures
[17/08/2008|09:52] C:\Program Files\Apple Software Update
[02/11/2009|10:02] C:\Program Files\Avira
[14/01/2009|21:59] C:\Program Files\Bonjour
[15/12/2007|17:11] C:\Program Files\BoontyGames
[02/11/2009|14:00] C:\Program Files\CCleaner
[02/11/2009|09:44] C:\Program Files\Common Files
[25/06/2007|22:05] C:\Program Files\EasyBits
[17/06/2009|23:12] C:\Program Files\Electronic Arts
[14/03/2009|19:00] C:\Program Files\epson
[12/12/2007|20:44] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[06/11/2009|14:30] C:\Program Files\Google
[09/10/2008|20:37] C:\Program Files\Hewlett-Packard
[27/08/2008|16:18] C:\Program Files\HP
[25/06/2007|22:11] C:\Program Files\HPQ
[17/06/2009|23:12] C:\Program Files\InstallShield Installation Information
[25/06/2007|21:16] C:\Program Files\Intel
[03/11/2009|21:00] C:\Program Files\Internet Explorer
[26/11/2008|22:24] C:\Program Files\iPod
[26/11/2008|22:24] C:\Program Files\iTunes
[26/03/2009|13:36] C:\Program Files\Java
[13/02/2009|16:13] C:\Program Files\JRE
[18/03/2008|15:39] C:\Program Files\Logitech
[10/03/2009|17:04] C:\Program Files\Lx_cats
[02/11/2009|11:06] C:\Program Files\Malwarebytes' Anti-Malware
[14/03/2009|18:11] C:\Program Files\MFP Server
[11/04/2009|16:31] C:\Program Files\Microsoft
[15/12/2007|09:08] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[20/12/2007|23:23] C:\Program Files\Microsoft FrontPage
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[28/12/2007|16:54] C:\Program Files\Microsoft Hardware
[11/09/2009|12:45] C:\Program Files\Microsoft Silverlight
[14/12/2007|16:52] C:\Program Files\Microsoft SQL Server Compact Edition
[11/04/2009|16:36] C:\Program Files\Microsoft Sync Framework
[06/12/2008|19:39] C:\Program Files\Microsoft Works
[25/06/2007|20:55] C:\Program Files\Motorola
[03/11/2009|21:00] C:\Program Files\Movie Maker
[04/11/2009|15:14] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[12/12/2007|21:33] C:\Program Files\MSXML 4.0
[16/07/2008|13:24] C:\Program Files\Neuf
[02/11/2009|09:34] C:\Program Files\Norton Internet Security
[13/02/2009|16:13] C:\Program Files\OpenOffice.org 3
[22/04/2009|23:02] C:\Program Files\Procaster
[26/11/2008|22:22] C:\Program Files\QuickTime
[25/06/2007|22:09] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[25/06/2007|21:36] C:\Program Files\Roxio
[25/06/2007|22:06] C:\Program Files\Services en ligne
[12/05/2008|08:17] C:\Program Files\Skype
[31/12/2007|16:12] C:\Program Files\Sony
[20/12/2007|21:49] C:\Program Files\SP38015
[25/06/2007|21:01] C:\Program Files\Synaptics
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[03/11/2009|21:00] C:\Program Files\Windows Calendar
[03/11/2009|21:00] C:\Program Files\Windows Collaboration
[03/11/2009|21:00] C:\Program Files\Windows Defender
[03/11/2009|21:00] C:\Program Files\Windows Journal
[11/04/2009|16:37] C:\Program Files\Windows Live
[14/12/2007|16:54] C:\Program Files\Windows Live Favorites
[11/04/2009|16:31] C:\Program Files\Windows Live SkyDrive
[11/04/2009|16:37] C:\Program Files\Windows Live Toolbar
[03/11/2009|21:00] C:\Program Files\Windows Mail
[03/11/2009|21:00] C:\Program Files\Windows Media Player
[12/12/2007|20:44] C:\Program Files\Windows NT
[03/11/2009|21:00] C:\Program Files\Windows Photo Gallery
[03/11/2009|21:00] C:\Program Files\Windows Sidebar
[04/01/2008|23:51] C:\Program Files\WMV9_VCM
[07/01/2009|19:29] C:\Program Files\Yahoo!
[10/12/2008|18:45] C:\Program Files\YesMessenger

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[03/06/2009|18:02] C:\Program Files\Common Files\Adobe
[26/11/2008|22:24] C:\Program Files\Common Files\Apple
[25/06/2007|22:03] C:\Program Files\Common Files\HP
[14/03/2009|18:24] C:\Program Files\Common Files\InstallShield
[25/06/2007|22:26] C:\Program Files\Common Files\Java
[25/06/2007|22:11] C:\Program Files\Common Files\LightScribe
[18/03/2008|15:39] C:\Program Files\Common Files\Logishrd
[07/03/2009|14:57] C:\Program Files\Common Files\Logitech
[06/03/2009|10:36] C:\Program Files\Common Files\microsoft shared
[25/06/2007|21:35] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[25/06/2007|21:34] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[13/10/2008|19:02] C:\Program Files\Common Files\Steam
[25/06/2007|21:36] C:\Program Files\Common Files\SureThing Shared
[02/11/2009|09:28] C:\Program Files\Common Files\Symantec Shared
[03/11/2009|21:00] C:\Program Files\Common Files\System
[11/04/2009|16:21] C:\Program Files\Common Files\Windows Live
[14/12/2007|16:49] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 79 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 09:30:51
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:111][D:19]-> C:\Users\fuselier\AppData\Local\Temp
[F:155][D:1]-> C:\Users\fuselier\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1534][D:5]-> C:\Users\fuselier\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:40][D:5]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 27/07/2009|15:13 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 05/11/2009|10:14 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - 06/11/2009|14:05 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - 07/11/2009| 9:43 - Option : [1]
5 - "C:\Lop SD\LopR_5.txt" - 07/11/2009| 9:46 - Option : [1]
6 - "C:\Lop SD\LopR_6.txt" - 07/11/2009|19:03 - Option : [1]
7 - "C:\Lop SD\LopR_7.txt" - 08/11/2009| 9:32 - Option : [2]

--------------------\\ Fin du rapport a 9:32:40
[ UAC => 1 ]

   
Répondre à TYBOY

5

gen-hackman, le 8 nov 2009 à 09:58:45

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

le rapport va s'afficher , une fois le scan fini

▶colle le contenu dans ta prochaine réponse ♦G3и-н@¢км@и™©®♦

   
Répondre à gen-hackman

6

TYBOY, le 8 nov 2009 à 12:01:23

St'em by g3n-h@ckm@n 1.0.5.2

Thx to Chiquitine29.....

User : fuselier (Administrateurs) # PC-DE-FUSELIER
Update on 07/11/2009 by g3n-h@ckm@n ::::: 20.00
Start at: 11:57:34 | 08/11/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 141,59 Go (99,97 Go free) | NTFS
D:\ -> Disque fixe local | 7,45 Go (2,3 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

C:\Windows\System32\smss.exe 476
C:\Windows\system32\csrss.exe 548
C:\Windows\system32\wininit.exe 600
C:\Windows\system32\csrss.exe 612
C:\Windows\system32\services.exe 648
C:\Windows\system32\lsass.exe 660
C:\Windows\system32\lsm.exe 668
C:\Windows\system32\svchost.exe 812
C:\Windows\system32\nvvsvc.exe 876
C:\Windows\system32\svchost.exe 904
C:\Windows\System32\svchost.exe 1004
C:\Windows\System32\svchost.exe 1032
C:\Windows\system32\svchost.exe 1044
C:\Windows\system32\svchost.exe 1144
C:\Windows\system32\SLsvc.exe 1160
C:\Windows\system32\svchost.exe 1204
C:\Windows\system32\winlogon.exe 1308
C:\Windows\system32\svchost.exe 1380
C:\Windows\System32\spoolsv.exe 1624
C:\Windows\system32\rundll32.exe 1648
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1704
C:\Windows\system32\svchost.exe 1740
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2032
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 308
C:\Program Files\Bonjour\mDNSResponder.exe 368
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe 420
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 228
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 760
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe 2064
C:\Windows\system32\svchost.exe 2080
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2104
C:\Windows\system32\svchost.exe 2144
C:\Windows\System32\svchost.exe 2232
C:\Windows\system32\SearchIndexer.exe 2268
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2376
C:\Windows\system32\taskeng.exe 2700
C:\Windows\system32\Dwm.exe 2920
C:\Windows\system32\taskeng.exe 2984
C:\Windows\Explorer.EXE 3032
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 2852
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3280
C:\Windows\RtHDVCpl.exe 3124
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3136
C:\Program Files\HP\QuickPlay\QPService.exe 3112
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 3232
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 1632
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 1528
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 1496
C:\Program Files\iTunes\iTunesHelper.exe 1324
C:\Windows\System32\ServoApp.exe 3220
C:\Program Files\Java\jre6\bin\jusched.exe 1996
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2908
C:\Windows\System32\rundll32.exe 2464
C:\Program Files\Windows Sidebar\sidebar.exe 2228
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 1768
C:\Windows\ehome\ehtray.exe 3300
C:\Program Files\Skype\Phone\Skype.exe 2632
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE 1564
C:\Program Files\Electronic Arts\EADM\Core.exe 2916
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3296
C:\Program Files\Logitech\SetPoint\SetPoint.exe 3416
C:\Program Files\OpenOffice.org 3\program\soffice.exe 3644
C:\Windows\system32\wbem\unsecapp.exe 340
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe 3668
C:\Windows\system32\wbem\wmiprvse.exe 3544
C:\Windows\ehome\ehmsas.exe 3760
C:\Program Files\OpenOffice.org 3\program\soffice.bin 592
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 2608
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE 3900
C:\Program Files\iPod\bin\iPodService.exe 2176
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4024
C:\Program Files\Internet Explorer\iexplore.exe 2360
C:\Program Files\Internet Explorer\iexplore.exe 1776
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe 4164
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 4668
C:\Users\fuselier\Desktop\List_Killem.exe 4984
C:\Windows\system32\conime.exe 3924
C:\Windows\system32\cmd.exe 4816
C:\Windows\system32\wbem\wmiprvse.exe 4316
C:\Users\fuselier\AppData\Local\Temp\1F14.tmp\pv.exe 3508

======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"EPSON Stylus SX400 Series"="C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIEGE.EXE /FU \"C:\\Users\\fuselier\\AppData\\Local\\Temp\\E_SAF61.tmp\" /EF \"HKCU\""
"EPSON Stylus SX400 Series (Copie 1)"="C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIEGE.EXE /FU \"C:\\Windows\\TEMP\\E_SEB97.tmp\" /EF \"HKCU\""
"EA Core"="\"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe\" -silent"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\
00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\
69,00,64,00,65,00,00,00
"SMSERIAL"="C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"RtHDVCpl"="RtHDVCpl.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"QlbCtrl"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,\
6c,00,65,00,73,00,25,00,5c,00,48,00,65,00,77,00,6c,00,65,00,74,00,74,00,2d,\
00,50,00,61,00,63,00,6b,00,61,00,72,00,64,00,5c,00,48,00,50,00,20,00,51,00,\
75,00,69,00,63,00,6b,00,20,00,4c,00,61,00,75,00,6e,00,63,00,68,00,20,00,42,\
00,75,00,74,00,74,00,6f,00,6e,00,73,00,5c,00,51,00,6c,00,62,00,43,00,74,00,\
72,00,6c,00,2e,00,65,00,78,00,65,00,20,00,2f,00,53,00,74,00,61,00,72,00,74,\
00,00,00
"HP Health Check Scheduler"="C:\\Program Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe"
"hpWirelessAssistant"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\
46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,48,00,65,00,77,00,6c,00,65,00,74,\
00,74,00,2d,00,50,00,61,00,63,00,6b,00,61,00,72,00,64,00,5c,00,48,00,50,00,\
20,00,57,00,69,00,72,00,65,00,6c,00,65,00,73,00,73,00,20,00,41,00,73,00,73,\
00,69,00,73,00,74,00,61,00,6e,00,74,00,5c,00,48,00,50,00,57,00,41,00,4d,00,\
61,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,00
"WAWifiMessage"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
69,00,6c,00,65,00,73,00,25,00,5c,00,48,00,65,00,77,00,6c,00,65,00,74,00,74,\
00,2d,00,50,00,61,00,63,00,6b,00,61,00,72,00,64,00,5c,00,48,00,50,00,20,00,\
57,00,69,00,72,00,65,00,6c,00,65,00,73,00,73,00,20,00,41,00,73,00,73,00,69,\
00,73,00,74,00,61,00,6e,00,74,00,5c,00,57,00,69,00,46,00,69,00,4d,00,73,00,\
67,00,2e,00,65,00,78,00,65,00,00,00
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Server Application"="C:\\Windows\\system32\\ServoApp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"Procaster"="\"C:\\Program Files\\Procaster\\Procaster.exe\" -autorun"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
"Malwarebytes Anti-Malware (reboot)"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"
"NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

===============
===============
===============
===============
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

======
BHO :
======
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]
@=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
@="Search Helper"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
@="Google Dictionary Compression sdch"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
"NoExplorer"=dword:00000001

==========================

===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Windows\system32\drivers\Sonyhcp.dll
C:\Users\fuselier\LOCAL Settings\Temp\wlsetup-cvr.exe

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :


¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

ACRORD32.EXE-89736734.pf
AgAppLaunch.db
AgCx_Hibernate.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-3853129347-1298890495-163268213-1000.db
AgGlUAD_S-1-5-21-3853129347-1298890495-163268213-1000.db
AgRobust.db
ATTRIB.EXE-C481CEC1.pf
AVGNT.EXE-C4FB88B7.pf
AVNOTIFY.EXE-4291C867.pf
AVWSC.EXE-877F4F63.pf
CATCHME.EXE-B2576861.pf
CHCP.COM-950EAF32.pf
CMD.EXE-89305D47.pf
CONIME.EXE-B273009A.pf
CONSENT.EXE-65F6206D.pf
CONTROL.EXE-9459D5A0.pf
CSCRIPT.EXE-E4C98DEB.pf
DEFRAG.EXE-738093E8.pf
DFRGNTFS.EXE-4F838A89.pf
DLLHOST.EXE-6202E8F2.pf
DLLHOST.EXE-71214090.pf
DLLHOST.EXE-893DDF55.pf
EHMSAS.EXE-6BE9D904.pf
FIND.EXE-162DFE58.pf
FINDSTR.EXE-4176B665.pf
FIREFOX.EXE-E60C0AA7.pf
GOOGLETOOLBARUSER_32.EXE-6E5896AD.pf
GOOGLEUPDATE.EXE-8973CEDD.pf
GOOGLEUPDATERSERVICE.EXE-600E0B48.pf
HPHC_SERVICE.EXE-B8B935C8.pf
HPQTOASTER.EXE-3B718527.pf
IEXPLORE.EXE-1B894AFB.pf
IPODSERVICE.EXE-FE1A6FF7.pf
Layout.ini
LIST_KILLEM.EXE-6266EF32.pf
LOGONUI.EXE-1BEE4A84.pf
LOPSD.EXE-ADB8B447.pf
LOPSD[1].EXE-F0F99434.pf
LSTASKS.EXE-524D3AE1.pf
LULNCHR.EXE-8F9D089F.pf
MOBSYNC.EXE-D8BC6ED2.pf
MODE.COM-0F3F3F6D.pf
MSFEEDSSYNC.EXE-1F01ED17.pf
NOTEPAD.EXE-EB1B961A.pf
NTOSBOOT-B00DFAAD.pf
OSV.EXE-19F0ED90.pf
PfSvPerfStats.bin
PHOTOSCREENSAVER.SCR-F1874E40.pf
PV.EXE-397E0EFE.pf
PV.EXE-FCF36648.pf
ReadyBoot
REG.EXE-26976709.pf
REGEDIT.EXE-4748FE01.pf
RUNDLL32.EXE-905D47B9.pf
RUNDLL32.EXE-C681A23C.pf
RUNDLL32.EXE-CE557EE2.pf
RUNDLL32.EXE-F452D79D.pf
SCALC.EXE-EB3F5356.pf
SCHTASKS.EXE-2DE769BF.pf
SEARCHFILTERHOST.EXE-AA7A1FDD.pf
SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf
SED.EXE-35A5DBB4.pf
SETPATH.EXE-41103175.pf
SOFFICE.BIN-AB381126.pf
SOFFICE.EXE-B7A9F84B.pf
SSVAGENT.EXE-B025FA52.pf
SVCHOST.EXE-8FD92526.pf
SYNTPHELPER.EXE-4B6F43CF.pf
TASKENG.EXE-5BAF290C.pf
TRUSTEDINSTALLER.EXE-031B6478.pf
UNSECAPP.EXE-CD982D99.pf
VERCLSID.EXE-4D95F5A7.pf
VSSVC.EXE-04D079CC.pf
WERFAULT.EXE-B7E27BE5.pf
WERMGR.EXE-2A1BCBC7.pf
WINCAL.EXE-468711D0.pf
WINMAIL.EXE-D6E90604.pf
WMIADAP.EXE-369DF1CD.pf
WMIPRVSE.EXE-43972D0F.pf
WMPNSCFG.EXE-DF1DD51A.pf
WSCRIPT.EXE-65A9658F.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

   
Répondre à TYBOY

7

gen-hackman, le 8 nov 2009 à 12:09:32

REDEMARRE EN MODE SANS ECHEC , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

apres les verifications , un rapport va s'ouvrir.

▶ ferme-le.

un deuxieme rapport va s'ouvrir ,

▶ colle son contenu dans ta reponse apres avoir redemarré en mode normal ♦G3и-н@¢км@и™©®♦

   
Répondre à gen-hackman

8

TYBOY, le 8 nov 2009 à 12:14:25

Comment demarrer mode sans echec
merci

   
Répondre à TYBOY

9

gen-hackman, le 8 nov 2009 à 12:51:09

Comment aller en Mode sans échec :

▶ Redémarres ton ordi
▶ Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
▶ Tu verras un écran avec options de démarrage apparaître
▶ Choisis la première option : Sans Échec, et valide avec "Entrée"
▶ Choisis ton compte habituel, et non Administrateur (si besoin ... )

(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)
♦G3и-н@¢км@и™©®♦

   
Répondre à gen-hackman

10

TYBOY, le 8 nov 2009 à 13:01:57

OK MERCI
CI JOIC:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C­:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :


¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :


¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

AgAppLaunch.db
AgCx_Hibernate.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-3853129347-1298890495-163268213-1000.db
AgGlUAD_S-1-5-21-3853129347-1298890495-163268213-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
NT RAPPORT

   
Répondre à TYBOY

11

gen-hackman, le 8 nov 2009 à 13:47:03

Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt".
♦G3и-н@¢км@и™©®♦

   
Répondre à gen-hackman

12

TYBOY, le 8 nov 2009 à 14:04:31
   
Répondre à TYBOY

13

gen-hackman, le 8 nov 2009 à 14:31:45

▶ Double clic sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:services
Bonjour Service

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Software Update"=-
"iTunesHelper"=-
"QuickTime Task"=-


:files
C:\Kill'em
C:\Users\fuselier\Desktop\List_Killem.exe

:commands
[emptytemp]
[start explorer]
[reboot]

▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.
♦G3и-н@¢км@и™©®♦

   
Répondre à gen-hackman

14

TYBOY, le 8 nov 2009 à 14:38:31

PAS SUR D AVOIR PIGE LE PROCEDE

   
Répondre à TYBOY

15

gen-hackman, le 8 nov 2009 à 14:49:11

Tu copie/colle tout ce qui est en gras dans la case d'en bas et tu fais "run fix" et laisse tourner ♦G3и-н@¢км@и™©®♦

   
Répondre à gen-hackman

16

TYBOY, le 8 nov 2009 à 15:10:23

QUELLE CASE ET COMMENT FAIS JE UN RUN FIX

   
Répondre à TYBOY

20

TYBOY, le 8 nov 2009 à 15:59:05

Es killed
Error: Unable to interpret <processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
Error: Unable to interpret <iexplore.exe > in the current context!
Error: Unable to interpret <firefox.exe > in the current context!
Error: Unable to interpret <msnmsgr.exe > in the current context!
Error: Unable to interpret <Teatimer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
========== FILES ==========
C:\Kill'em\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}.Kill'em\x86\x86 folder moved successfully.
C:\Kill'em\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}.Kill'em\x86 folder moved successfully.
C:\Kill'em\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}.Kill'em folder moved successfully.
C:\Kill'em folder moved successfully.
C:\Users\fuselier\Desktop\List_Killem.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: fuselier
->Temp folder emptied: 204622823 bytes
->Temporary Internet Files folder emptied: 46613298 bytes
->Java cache emptied: 83842234 bytes
->FireFox cache emptied: 85192783 bytes
->Apple Safari cache emptied: 1525109 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 245304 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 402,52 mb


OTL by OldTimer - Version 3.1.4.0 log created on 11082009_155218

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

   
Répondre à TYBOY

17

gen-hackman, le 8 nov 2009 à 15:15:07
   
Répondre à gen-hackman

18

TYBOY, le 8 nov 2009 à 15:22:24

JE NE PIGE RIEN

   
Répondre à TYBOY

19

TYBOY, le 8 nov 2009 à 15:41:30

JE SUIS PERDUE

   
Répondre à TYBOY

21

TYBOY, le 8 nov 2009 à 16:00:14

C EST BON OU PAS

   
Répondre à TYBOY

22

TYBOY, le 8 nov 2009 à 16:10:00

Ath : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\P­rogram Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :


¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :


¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

AgAppLaunch.db
AgCx_Hibernate.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-3853129347-1298890495-163268213-1000.db
AgGlUAD_S-1-5-21-3853129347-1298890495-163268213-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

   
Répondre à TYBOY

23

gen-hackman, le 8 nov 2009 à 16:44:10

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

♦G3и-н@¢км@и™©®♦

   
Répondre à gen-hackman

24

TYBOY, le 12 nov 2009 à 17:53:53

BONSOIR

ME REVOILA
DEJA D UNE MERCI BEAUCOUP , je n ai plu de cid publicitaire
vous êtes tres efficace
JE DOIS MAINTENANT TELECHARGER MALWAREBYTES

   
Répondre à TYBOY

25

TYBOY, le 12 nov 2009 à 19:19:39

Oui je vais le faire des que possible

   
Répondre à TYBOY

26

 gen-hackman, le 16 nov 2009 à 13:33:43

Salut j ai du m absenter

un rapport de malwarebytes ? ♦G3и-н@¢км@и™©®♦

   
Répondre à gen-hackman
Posez votre question Répondre
Ils ont besoin de votre aide