ouverture intempestive de pub

[duagis]

Bonjour,j'ai des problémes d'ouverture intempestive de pub sur internet dont la connexion est tres longue et de temps en temps c'est le plantage total avec un message :

impossible d'accéder au options de sécurité.

Cijoint le log hitjacthis fait en mode sans échec.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:44:08, on 30/09/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Safe mode

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [bsMnt] C:\Windows\BisonCam\BsMnt.exe

O4 - HKLM\..\Run: [AuditVista]

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [waitwma] "C:\ProgramData\Armybeepbeep.gbn31x"

O4 - HKCU\..\Run: [MODE FREE BIRD SURF] "C:\ProgramData\PART MPEG BAT.2yqgz"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O13 - Gopher Prefix:

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_1.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe (file missing)

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

 

--

End of file - 7925 bytes

[Lien Rag]

Bonsoir

 

Rends toi sur ce lien : Virus Total

• Clique sur le bouton Parcourir...
  
• Parcours tes dossiers jusque à ces fichier, si tu les trouves :
  

C:\ProgramData\Armybeepbeep.gbn31x

C:\ProgramData\PART MPEG BAT.2yqgz

• Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
  
• Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  
• Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
  
• Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
  
• Une nouvelle fenêtre de ton navigateur va apparaître
  
• Clique alors sur cette image :
  
• Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  
• Enfin colle le résultat dans ta prochaine réponse.
  Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
  

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

Modifié le 30 septembre 2008 par Lien Rag

[duagis]

Bonsoir

 

bonjour ,merci pour ton aide,suit ce que tu m'a demandé

 

 

Fichier Armybeepbeep.gbn31x reçu le 2008.10.01 13:19:24 (CET)Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.10.1.0 2008.10.01 -

AntiVir 7.8.1.34 2008.10.01 -

Authentium 5.1.0.4 2008.09.30 -

Avast 4.8.1195.0 2008.09.30 -

AVG 8.0.0.161 2008.09.30 -

BitDefender 7.2 2008.10.01 -

CAT-QuickHeal 9.50 2008.10.01 -

ClamAV 0.93.1 2008.10.01 -

DrWeb 4.44.0.09170 2008.10.01 -

eSafe 7.0.17.0 2008.09.30 -

eTrust-Vet 31.6.6120 2008.10.01 -

Ewido 4.0 2008.10.01 -

F-Prot 4.4.4.56 2008.09.30 -

F-Secure 8.0.14332.0 2008.10.01 -

Fortinet 3.113.0.0 2008.10.01 -

GData 19 2008.10.01 -

Ikarus T3.1.1.34.0 2008.10.01 -

K7AntiVirus 7.10.478 2008.09.30 -

Kaspersky 7.0.0.125 2008.10.01 -

McAfee 5395 2008.10.01 -

Microsoft 1.4005 2008.10.01 -

NOD32 3485 2008.10.01 -

Norman 5.80.02 2008.09.30 -

Panda 9.0.0.4 2008.09.30 -

PCTools 4.4.2.0 2008.09.30 -

Prevx1 V2 2008.10.01 -

Rising 20.63.62.00 2008.09.28 -

SecureWeb-Gateway 6.7.6 2008.10.01 -

Sophos 4.34.0 2008.10.01 -

Sunbelt 3.1.1675.1 2008.09.27 -

Symantec 10 2008.10.01 -

TheHacker 6.3.0.9.097 2008.10.01 -

TrendMicro 8.700.0.1004 2008.10.01 -

VBA32 3.12.8.6 2008.09.30 -

ViRobot 2008.10.1.1401 2008.10.01 -

VirusBuster 4.5.11.0 2008.09.30 -

 

Information additionnelle

File size: 24592 bytes

MD5...: 40f0d846b0777868f616caae17a3b8c4

SHA1..: e64cbc25efbde6a2705347f6a2d1bd1ee580a3cb

SHA256: d5aeb32dd3d91f760810b6a4a7a3333e6cc92943b7aea7bf2f593087c3666f0e

SHA512: 62cc034bd16c6ef254370446698528a4a277dd415945d08d51f7f9c13e360a4c<BR>4357abc29fe9afe03ce2b2b752bfa96fa2c24c2b65d07d744018c0188f975817

PEiD..: -

TrID..: File type identification<BR>Unknown!

PEInfo: -

 

Fichier Armybeepbeep.dlq6q reçu le 2008.10.01 13:29:57 (CET)Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.10.1.0 2008.10.01 -

AntiVir 7.8.1.34 2008.10.01 -

Authentium 5.1.0.4 2008.09.30 -

Avast 4.8.1195.0 2008.09.30 -

AVG 8.0.0.161 2008.09.30 -

BitDefender 7.2 2008.10.01 -

CAT-QuickHeal 9.50 2008.10.01 -

ClamAV 0.93.1 2008.10.01 -

DrWeb 4.44.0.09170 2008.10.01 -

eSafe 7.0.17.0 2008.09.30 -

eTrust-Vet 31.6.6120 2008.10.01 -

Ewido 4.0 2008.10.01 -

F-Prot 4.4.4.56 2008.09.30 -

F-Secure 8.0.14332.0 2008.10.01 -

Fortinet 3.113.0.0 2008.10.01 -

GData 19 2008.10.01 -

Ikarus T3.1.1.34.0 2008.10.01 -

K7AntiVirus 7.10.478 2008.09.30 -

Kaspersky 7.0.0.125 2008.10.01 -

McAfee 5395 2008.10.01 -

Microsoft 1.4005 2008.10.01 -

NOD32 3485 2008.10.01 -

Norman 5.80.02 2008.09.30 -

Panda 9.0.0.4 2008.09.30 -

PCTools 4.4.2.0 2008.09.30 -

Prevx1 V2 2008.10.01 -

Rising 20.63.62.00 2008.09.28 -

SecureWeb-Gateway 6.7.6 2008.10.01 -

Sophos 4.34.0 2008.10.01 -

Sunbelt 3.1.1675.1 2008.09.27 -

Symantec 10 2008.10.01 -

TheHacker 6.3.0.9.097 2008.10.01 -

TrendMicro 8.700.0.1004 2008.10.01 -

VBA32 3.12.8.6 2008.09.30 -

ViRobot 2008.10.1.1401 2008.10.01 -

VirusBuster 4.5.11.0 2008.09.30 -

 

Information additionnelle

File size: 356368 bytes

MD5...: 26e31352b045232615c8a83703281a06

SHA1..: 2ecad66bc9d4c78ab73f89ec7205d46fb3f4a95c

SHA256: 5393c313543afff76ad254ead0cde5376587dfdc9a10373fbb4b5cd4e3af84c5

SHA512: c360ba50f684903bcf1eb9a65dab10a7d7bab7c688c72698c3eaf505af277fae<BR>7243e4f71b14ec54755ad9daa4e55edf010e3ea4cccb9a689851afed786eee65

PEiD..: -

TrID..: File type identification<BR>Unknown!

PEInfo: -

 

 

Fichier PART_MPEG_BAT.2yqgz reçu le 2008.10.01 13:32:59 (CET)Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.10.1.0 2008.10.01 -

AntiVir 7.8.1.34 2008.10.01 -

Authentium 5.1.0.4 2008.09.30 -

Avast 4.8.1195.0 2008.09.30 -

AVG 8.0.0.161 2008.09.30 -

BitDefender 7.2 2008.10.01 -

CAT-QuickHeal 9.50 2008.10.01 -

ClamAV 0.93.1 2008.10.01 -

DrWeb 4.44.0.09170 2008.10.01 -

eSafe 7.0.17.0 2008.09.30 -

eTrust-Vet 31.6.6120 2008.10.01 -

Ewido 4.0 2008.10.01 -

F-Prot 4.4.4.56 2008.09.30 -

F-Secure 8.0.14332.0 2008.10.01 -

Fortinet 3.113.0.0 2008.10.01 -

GData 19 2008.10.01 -

Ikarus T3.1.1.34.0 2008.10.01 -

K7AntiVirus 7.10.478 2008.09.30 -

Kaspersky 7.0.0.125 2008.10.01 -

McAfee 5395 2008.10.01 -

Microsoft 1.4005 2008.10.01 -

NOD32 3485 2008.10.01 -

Norman 5.80.02 2008.09.30 -

Panda 9.0.0.4 2008.09.30 -

PCTools 4.4.2.0 2008.09.30 -

Prevx1 V2 2008.10.01 -

Rising 20.63.62.00 2008.09.28 -

SecureWeb-Gateway 6.7.6 2008.10.01 -

Sophos 4.34.0 2008.10.01 -

Sunbelt 3.1.1668.1 2008.09.24 -

Symantec 10 2008.10.01 -

TheHacker 6.3.0.9.097 2008.10.01 -

TrendMicro 8.700.0.1004 2008.10.01 -

VBA32 3.12.8.6 2008.09.30 -

ViRobot 2008.10.1.1401 2008.10.01 -

VirusBuster 4.5.11.0 2008.09.30 -

 

Information additionnelle

File size: 303120 bytes

MD5...: 017f3284ac39349fa7bcf6dddf7f9a5a

SHA1..: ef4b261cf79c435870966dcfb34da93c3adf83da

SHA256: 8995211e925a64fa9d3421b90efd7349119665e96c2391153aefcadf21351af7

SHA512: 799935be4cfc143f70d3b7bf51fa91aad949ef3e6964bd5fe31ef5a800cc872b<BR>c251d05f8c1c739bfb8f487820e0e062a7b38692d649fcdac61378de907537d2

PEiD..: -

TrID..: File type identification<BR>Unknown!

PEInfo: -

[Lien Rag]

re

 

merci de préciser le type de Pub et la periodicité de leurs apparitions stp

[duagis]

re

 

merci de préciser le type de Pub et la periodicité de leurs apparitions stp

 

bonjour,le type de pub est trés varié:casino,jeux pour enfants,cdiscount,rue du commerce etc l'adresse commence par:cid-orange.

[Lien Rag]

Lop S&D (Eric-71 & AngelDark)

 

# Double-cliquer sur Lop S&D.exe pour lancer l'installation,

 

# Puis double-cliquer sur le raccourci Lop S&D présent sur le Bureau,

 

Attention Désactivez les protections résidentes : Antivirus, antispywares etc...

 

# Séléctionner la langue souhaitée , puis choisir l'Option 1 (Recherche)

 

# le bloc notes va s'ouvrir avec le résultat de la recherche , Post le rapport

[duagis]

Lop S&D (Eric-71 & AngelDark)

 

# Double-cliquer sur Lop S&D.exe pour lancer l'installation,

 

# Puis double-cliquer sur le raccourci Lop S&D présent sur le Bureau,

 

Attention Désactivez les protections résidentes : Antivirus, antispywares etc...

 

# Séléctionner la langue souhaitée , puis choisir l'Option 1 (Recherche)

 

# le bloc notes va s'ouvrir avec le résultat de la recherche , Post le rapport

 

bonjour,je suis trés nul,j'ai beaucoup de mal a retrouver tes messages!

 

--------------------\\ Lop S&D 4.2.4-5 XP/Vista

 

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : AMD Turion 64 X2 Mobile Technology TL-58 )

BIOS : Ver 1.000

USER : marc ( Not Administrator ! )

BOOT : Normal boot

Antivirus : BullGuard Antivirus (Not Activated)

C:\ (Local Disk) - NTFS - Total : 93 Go Free : 47 Go

D:\ (Local Disk) - NTFS - Total : 44 Go Free : 22 Go

E:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )

Option : [1] ( 04/10/2008|17:27 )

 

[ UAC => 1 ]

 

--------------------\\ Listing des dossiers dans Local

 

[09/10/2007|10:04] C:\Users\marc\AppData\Local\Adobe

[10/10/2007|21:07] C:\Users\marc\AppData\Local\Ahead

[09/10/2007|22:22] C:\Users\marc\AppData\Local\Apple

[30/11/2007|22:36] C:\Users\marc\AppData\Local\Apple Computer

[06/10/2007|15:43] C:\Users\marc\AppData\Local\Application Data

[24/03/2008|22:32] C:\Users\marc\AppData\Local\Ashampoo

[06/10/2007|15:44] C:\Users\marc\AppData\Local\ATI

[29/09/2008|08:48] C:\Users\marc\AppData\Local\Canon Easy-PhotoPrint EX

[08/10/2007|07:50] C:\Users\marc\AppData\Local\Corel Photo Album

[29/09/2008|10:37] C:\Users\marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[09/02/2008|09:47] C:\Users\marc\AppData\Local\ednteettka_navfx.dat

[24/12/2007|13:28] C:\Users\marc\AppData\Local\eMule

[30/09/2008|13:05] C:\Users\marc\AppData\Local\GDIPFONTCACHEV1.DAT

[28/11/2007|09:40] C:\Users\marc\AppData\Local\Google

[06/10/2007|15:43] C:\Users\marc\AppData\Local\Historique

[04/10/2008|15:44] C:\Users\marc\AppData\Local\IconCache.db

[13/11/2007|19:43] C:\Users\marc\AppData\Local\IM

[13/11/2007|19:52] C:\Users\marc\AppData\Local\Magentic

[03/10/2008|06:50] C:\Users\marc\AppData\Local\Microsoft

[09/10/2007|18:10] C:\Users\marc\AppData\Local\Microsoft Games

[09/11/2007|18:26] C:\Users\marc\AppData\Local\Mozilla

[10/11/2007|17:55] C:\Users\marc\AppData\Local\Neuf

[09/02/2008|10:11] C:\Users\marc\AppData\Local\RAExpertHistory.xml

[08/02/2008|12:12] C:\Users\marc\AppData\Local\rahistory.xml

[21/09/2008|19:18] C:\Users\marc\AppData\Local\Scansoft

[04/10/2008|17:01] C:\Users\marc\AppData\Local\Temp

[06/10/2007|15:43] C:\Users\marc\AppData\Local\Temporary Internet Files

[07/02/2008|16:36] C:\Users\marc\AppData\Local\Thunderbird

[08/10/2007|07:41] C:\Users\marc\AppData\Local\VirtualStore

 

--------------------\\ Tâches planifiées dans C:\Windows\tasks

 

[04/10/2008 08:37][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{C92B77AE-EFDD-4C7A-A7FB-F131BA91BF3F}.job

[04/10/2008 16:51][--ah-----] C:\Windows\tasks\SA.DAT

[04/10/2008 15:45][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Listing des dossiers dans C:\ProgramData

 

[01/02/2008|15:43] C:\ProgramData\118300.34

[26/01/2002|10:52] C:\ProgramData\Adobe

[26/01/2002|09:11] C:\ProgramData\Ahead

[09/10/2007|22:20] C:\ProgramData\Apple

[01/12/2007|14:26] C:\ProgramData\Apple Computer

[02/11/2006|15:02] C:\ProgramData\Application Data

[27/09/2008|09:57] C:\ProgramData\Armybeepbeep.dlq6q

[27/09/2008|09:57] C:\ProgramData\Armybeepbeep.gbn31x

[23/08/2007|10:34] C:\ProgramData\Atheros

[23/08/2007|10:00] C:\ProgramData\ATI

[27/09/2008|09:58] C:\ProgramData\beep axis mode free

[26/01/2002|09:30] C:\ProgramData\Borland

[04/10/2008|16:53] C:\ProgramData\BullGuard

[30/01/2008|15:44] C:\ProgramData\BullGuard(7)

[06/10/2007|15:39] C:\ProgramData\Bureau

[21/09/2008|18:38] C:\ProgramData\CanonBJ

[21/09/2008|18:50] C:\ProgramData\CanonIJPLM

[02/11/2006|15:02] C:\ProgramData\Desktop

[02/11/2006|15:02] C:\ProgramData\Documents

[25/09/2008|16:20] C:\ProgramData\Emjysoft

[15/01/2008|17:09] C:\ProgramData\eMule

[08/02/2008|14:50] C:\ProgramData\ezsid.dat

[06/10/2007|15:39] C:\ProgramData\Favoris

[02/11/2006|15:02] C:\ProgramData\Favorites

[08/11/2007|13:41] C:\ProgramData\F-Secure

[08/11/2007|13:40] C:\ProgramData\fssg

[08/02/2008|14:38] C:\ProgramData\Google

[10/10/2007|12:59] C:\ProgramData\HP

[10/10/2007|11:43] C:\ProgramData\HPSSUPPLY

[10/10/2007|11:44] C:\ProgramData\hpzinstall.log

[26/01/2002|09:30] C:\ProgramData\InstallShield

[28/01/2008|17:32] C:\ProgramData\Lavasoft

[22/09/2008|19:53] C:\ProgramData\ma-config.com

[06/10/2007|15:39] C:\ProgramData\Menu D‚marrer

[27/09/2008|14:40] C:\ProgramData\Messenger Plus!

[20/10/2007|19:27] C:\ProgramData\Microsoft

[06/10/2007|15:39] C:\ProgramData\ModŠles

[26/01/2002|09:07] C:\ProgramData\Nero

[21/09/2008|17:54] C:\ProgramData\ntuser.pol

[27/09/2008|10:00] C:\ProgramData\Ooze Chin Help

[27/09/2008|09:58] C:\ProgramData\PART MPEG BAT.2yqgz

[21/09/2008|18:55] C:\ProgramData\ScanSoft

[07/02/2008|17:44] C:\ProgramData\Skyline

[08/02/2008|14:37] C:\ProgramData\Skype

[07/03/2008|11:22] C:\ProgramData\Spybot - Search & Destroy

[02/11/2006|15:02] C:\ProgramData\Start Menu

[06/03/2008|17:58] C:\ProgramData\Symantec

[06/02/2008|23:08] C:\ProgramData\TEMP

[02/11/2006|15:02] C:\ProgramData\Templates

[10/10/2007|11:44] C:\ProgramData\WEBREG

[17/11/2007|16:18] C:\ProgramData\WLInstaller

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[26/01/2002|10:51] C:\Program Files\Adobe

[30/09/2008|14:10] C:\Program Files\adslTV

[09/10/2007|22:21] C:\Program Files\Apple Software Update

[23/08/2007|11:09] C:\Program Files\Atheros

[23/08/2007|09:52] C:\Program Files\ATI

[23/08/2007|09:54] C:\Program Files\ATI Technologies

[14/01/2008|16:57] C:\Program Files\BullGuard Ltd

[30/01/2008|15:44] C:\Program Files\BullGuard Software

[21/09/2008|18:50] C:\Program Files\Canon

[21/09/2008|18:28] C:\Program Files\CanonBJ

[28/03/2008|09:30] C:\Program Files\CCleaner

[27/09/2008|09:56] C:\Program Files\Circle Developement

[30/09/2008|17:19] C:\Program Files\Common Files

[26/01/2002|10:36] C:\Program Files\Corel

[07/02/2008|15:13] C:\Program Files\DivX

[06/02/2008|23:06] C:\Program Files\eMule

[06/10/2007|15:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]

[01/03/2008|22:23] C:\Program Files\Geonaute KeyMaze 300

[08/02/2008|14:38] C:\Program Files\Google

[10/10/2007|11:41] C:\Program Files\Hewlett-Packard

[10/10/2007|11:43] C:\Program Files\HP

[09/10/2007|21:47] C:\Program Files\HP pilotes et logiciels

[13/11/2007|22:57] C:\Program Files\IncrediMail

[02/03/2008|09:28] C:\Program Files\InstallShield Installation Information

[21/09/2008|20:47] C:\Program Files\Internet Explorer

[01/12/2007|14:26] C:\Program Files\iPod

[01/12/2007|14:27] C:\Program Files\iTunes

[22/09/2008|08:41] C:\Program Files\Java

[28/01/2008|17:31] C:\Program Files\Lavasoft

[22/09/2008|19:53] C:\Program Files\ma-config.com

[26/01/2002|09:41] C:\Program Files\Marco Polo EuroRoute 2007

[27/09/2008|09:56] C:\Program Files\Messenger Plus! Live

[22/09/2008|17:46] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[14/10/2007|14:37] C:\Program Files\Microsoft Games

[02/11/2006|14:42] C:\Program Files\Movie Maker

[09/02/2008|09:49] C:\Program Files\Mozilla Firefox

[02/11/2006|14:37] C:\Program Files\MSBuild

[02/11/2006|14:37] C:\Program Files\MSN

[10/10/2007|09:16] C:\Program Files\MSXML 4.0

[03/10/2008|06:56] C:\Program Files\Navilog1

[26/01/2002|09:07] C:\Program Files\Nero

[18/11/2007|15:01] C:\Program Files\Neuf

[23/08/2007|10:14] C:\Program Files\O2Micro Oz128 Driver

[22/09/2008|09:22] C:\Program Files\OpenOffice.org 2.4

[31/03/2008|14:09] C:\Program Files\Pack Securite

[28/11/2007|09:39] C:\Program Files\Picasa2

[02/03/2008|09:28] C:\Program Files\Prolific

[01/12/2007|14:24] C:\Program Files\QuickTime

[09/10/2007|23:19] C:\Program Files\Real

[23/08/2007|10:21] C:\Program Files\Realtek

[02/11/2006|14:37] C:\Program Files\Reference Assemblies

[21/09/2008|18:54] C:\Program Files\ScanSoft

[07/02/2008|17:43] C:\Program Files\Skyline

[08/02/2008|14:37] C:\Program Files\Skype

[07/03/2008|11:24] C:\Program Files\Spybot - Search & Destroy

[06/03/2008|17:58] C:\Program Files\Symantec

[23/08/2007|10:43] C:\Program Files\System Control Manager

[29/09/2008|11:38] C:\Program Files\Trend Micro

[02/11/2006|15:01] C:\Program Files\Uninstall Information

[22/09/2008|10:39] C:\Program Files\VideoLAN

[23/08/2007|14:16] C:\Program Files\Windows Calendar

[02/11/2006|14:42] C:\Program Files\Windows Collaboration

[22/08/2007|16:28] C:\Program Files\Windows Defender

[02/11/2006|14:42] C:\Program Files\Windows Journal

[17/11/2007|16:21] C:\Program Files\Windows Live

[21/09/2008|20:47] C:\Program Files\Windows Mail

[10/10/2007|16:17] C:\Program Files\Windows Media Player

[06/10/2007|15:39] C:\Program Files\Windows NT

[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery

[31/01/2008|09:52] C:\Program Files\Windows Sidebar

[26/01/2002|09:29] C:\Program Files\WordPerfect Office X3

 

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

 

[26/01/2002|10:52] C:\Program Files\Common Files\Adobe

[26/01/2002|09:10] C:\Program Files\Common Files\Ahead

[09/10/2007|22:20] C:\Program Files\Common Files\Apple

[26/01/2002|09:29] C:\Program Files\Common Files\Borland Shared

[21/09/2008|18:42] C:\Program Files\Common Files\CANON

[26/01/2002|09:32] C:\Program Files\Common Files\Corel

[26/01/2002|09:41] C:\Program Files\Common Files\GIS

[10/10/2007|11:41] C:\Program Files\Common Files\Hewlett-Packard

[10/10/2007|11:43] C:\Program Files\Common Files\HP

[08/11/2007|19:32] C:\Program Files\Common Files\InstallShield

[09/11/2007|19:23] C:\Program Files\Common Files\Java

[26/01/2002|09:41] C:\Program Files\Common Files\mapserv

[10/12/2007|22:47] C:\Program Files\Common Files\microsoft shared

[30/09/2008|17:19] C:\Program Files\Common Files\Real

[21/09/2008|18:55] C:\Program Files\Common Files\ScanSoft Shared

[02/11/2006|13:18] C:\Program Files\Common Files\Services

[08/02/2008|14:37] C:\Program Files\Common Files\Skype

[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines

[06/03/2008|17:58] C:\Program Files\Common Files\Symantec Shared

[22/08/2007|16:28] C:\Program Files\Common Files\System

[17/11/2007|16:21] C:\Program Files\Common Files\WindowsLiveInstaller

[30/09/2008|17:19] C:\Program Files\Common Files\xing shared

 

--------------------\\ Process

 

( 89 Processes )

 

iexplore.exe ~ [PID:3588]

iexplore.exe ~ [PID:3708]

iexplore.exe ~ [PID:5884]

IEXPLORE.EXE ~ [PID:2764]

IEXPLORE.EXE ~ [PID:5952]

IEXPLORE.EXE ~ [PID:1600]

IEXPLORE.EXE ~ [PID:4424]

IEXPLORE.EXE ~ [PID:3736]

 

--------------------\\ Recherche avec S_Lop

 

C:\ProgramData\Armybeepbeep.dlq6q

C:\ProgramData\PART MPEG BAT.2yqgz

C:\ProgramData\Armybeepbeep.gbn31x

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\ProgramData\beep axis mode free

C:\ProgramData\beep axis mode free\Else Live.exe

C:\Program Files\Circle Developement

C:\Program Files\Circle Developement\Uninstall.exe

C:\Users\marc\AppData\Roaming\MICROS~1\Windows\Cookies\marc@advertising[1].txt

C:\Users\marc\AppData\Roaming\MICROS~1\Windows\Cookies\marc@adopt.euroclick[2].txt

C:\Users\marc\AppData\Roaming\MICROS~1\Windows\Cookies\marc@adopt.euroclick[3].txt

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"waitwma"="\"C:\\ProgramData\\Armybeepbeep.gbn31x\""

"MODE FREE BIRD SURF"="\"C:\\ProgramData\\PART MPEG BAT.2yqgz\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-04 17:27:18

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 1

 

--------------------\\ Recherche d'autres infections

 

 

C:\Users\marc\AppData\Local\ednteettka_navfx.dat

==> EGDACCESS <==

 

 

 

[F:57][D:13]-> C:\Users\marc\AppData\Local\Temp

[F:328][D:1]-> C:\Users\marc\AppData\Roaming\MICROS~1\Windows\Cookies

[F:493][D:5]-> C:\Users\marc\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:448][D:14]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 04/10/2008|17:28 - Option : [1]

 

--------------------\\ Fin du rapport a 17:28:59

[ UAC => 1 ]

[Lien Rag]

Relance Lop S&D

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (%SystemDrive%\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

[duagis]

Relance Lop S&D

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (%SystemDrive%\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

 

bonjour,suit le

--------------------\\ Lop S&D 4.2.4-5 XP/Vista

 

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : AMD Turion 64 X2 Mobile Technology TL-58 )

BIOS : Ver 1.000

USER : marc ( Not Administrator ! )

BOOT : Normal boot

Antivirus : BullGuard Antivirus (Activated)

C:\ (Local Disk) - NTFS - Total : 93 Go Free : 49 Go

D:\ (Local Disk) - NTFS - Total : 44 Go Free : 22 Go

E:\ (CD or DVD)

F:\ (USB)

 

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )

Option : [2] ( 06/10/2008|13:20 )

 

[ UAC => 1 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\ProgramData\beep axis mode free\Else Live.exe

Supprime! - C:\Program Files\Circle Developement\Uninstall.exe

Supprime! - C:\Users\marc\AppData\Roaming\MICROS~1\Windows\Cookies\marc@adopt.euroclick[2].txt

Supprime! - C:\Users\marc\AppData\Roaming\MICROS~1\Windows\Cookies\marc@adopt.euroclick[3].txt

Supprime! - C:\ProgramData\Armybeepbeep.dlq6q

Supprime! - C:\ProgramData\PART MPEG BAT.2yqgz

Supprime! - C:\ProgramData\Armybeepbeep.gbn31x

Supprime! - C:\ProgramData\beep axis mode free

Supprime! - C:\Program Files\Circle Developement

-

[ Fichier Hosts ] .. Restaure!

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans Local

 

[09/10/2007|10:04] C:\Users\marc\AppData\Local\Adobe

[10/10/2007|21:07] C:\Users\marc\AppData\Local\Ahead

[09/10/2007|22:22] C:\Users\marc\AppData\Local\Apple

[30/11/2007|22:36] C:\Users\marc\AppData\Local\Apple Computer

[06/10/2007|15:43] C:\Users\marc\AppData\Local\Application Data

[24/03/2008|22:32] C:\Users\marc\AppData\Local\Ashampoo

[06/10/2007|15:44] C:\Users\marc\AppData\Local\ATI

[29/09/2008|08:48] C:\Users\marc\AppData\Local\Canon Easy-PhotoPrint EX

[08/10/2007|07:50] C:\Users\marc\AppData\Local\Corel Photo Album

[29/09/2008|10:37] C:\Users\marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[09/02/2008|09:47] C:\Users\marc\AppData\Local\ednteettka_navfx.dat

[24/12/2007|13:28] C:\Users\marc\AppData\Local\eMule

[30/09/2008|13:05] C:\Users\marc\AppData\Local\GDIPFONTCACHEV1.DAT

[28/11/2007|09:40] C:\Users\marc\AppData\Local\Google

[06/10/2007|15:43] C:\Users\marc\AppData\Local\Historique

[05/10/2008|16:03] C:\Users\marc\AppData\Local\IconCache.db

[13/11/2007|19:43] C:\Users\marc\AppData\Local\IM

[13/11/2007|19:52] C:\Users\marc\AppData\Local\Magentic

[03/10/2008|06:50] C:\Users\marc\AppData\Local\Microsoft

[09/10/2007|18:10] C:\Users\marc\AppData\Local\Microsoft Games

[09/11/2007|18:26] C:\Users\marc\AppData\Local\Mozilla

[10/11/2007|17:55] C:\Users\marc\AppData\Local\Neuf

[09/02/2008|10:11] C:\Users\marc\AppData\Local\RAExpertHistory.xml

[08/02/2008|12:12] C:\Users\marc\AppData\Local\rahistory.xml

[21/09/2008|19:18] C:\Users\marc\AppData\Local\Scansoft

[06/10/2008|13:20] C:\Users\marc\AppData\Local\Temp

[06/10/2007|15:43] C:\Users\marc\AppData\Local\Temporary Internet Files

[07/02/2008|16:36] C:\Users\marc\AppData\Local\Thunderbird

[08/10/2007|07:41] C:\Users\marc\AppData\Local\VirtualStore

 

--------------------\\ Tâches planifiées dans C:\Windows\tasks

 

[06/10/2008 13:11][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{C92B77AE-EFDD-4C7A-A7FB-F131BA91BF3F}.job

[06/10/2008 13:06][--ah-----] C:\Windows\tasks\SA.DAT

[05/10/2008 16:04][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Listing des dossiers dans C:\ProgramData

 

[01/02/2008|15:43] C:\ProgramData\118300.34

[26/01/2002|10:52] C:\ProgramData\Adobe

[26/01/2002|09:11] C:\ProgramData\Ahead

[09/10/2007|22:20] C:\ProgramData\Apple

[01/12/2007|14:26] C:\ProgramData\Apple Computer

[02/11/2006|15:02] C:\ProgramData\Application Data

[23/08/2007|10:34] C:\ProgramData\Atheros

[23/08/2007|10:00] C:\ProgramData\ATI

[26/01/2002|09:30] C:\ProgramData\Borland

[06/10/2008|13:07] C:\ProgramData\BullGuard

[30/01/2008|15:44] C:\ProgramData\BullGuard(7)

[06/10/2007|15:39] C:\ProgramData\Bureau

[21/09/2008|18:38] C:\ProgramData\CanonBJ

[21/09/2008|18:50] C:\ProgramData\CanonIJPLM

[02/11/2006|15:02] C:\ProgramData\Desktop

[02/11/2006|15:02] C:\ProgramData\Documents

[25/09/2008|16:20] C:\ProgramData\Emjysoft

[15/01/2008|17:09] C:\ProgramData\eMule

[08/02/2008|14:50] C:\ProgramData\ezsid.dat

[06/10/2007|15:39] C:\ProgramData\Favoris

[02/11/2006|15:02] C:\ProgramData\Favorites

[08/11/2007|13:41] C:\ProgramData\F-Secure

[08/11/2007|13:40] C:\ProgramData\fssg

[08/02/2008|14:38] C:\ProgramData\Google

[10/10/2007|12:59] C:\ProgramData\HP

[10/10/2007|11:43] C:\ProgramData\HPSSUPPLY

[10/10/2007|11:44] C:\ProgramData\hpzinstall.log

[26/01/2002|09:30] C:\ProgramData\InstallShield

[28/01/2008|17:32] C:\ProgramData\Lavasoft

[22/09/2008|19:53] C:\ProgramData\ma-config.com

[06/10/2007|15:39] C:\ProgramData\Menu D‚marrer

[27/09/2008|14:40] C:\ProgramData\Messenger Plus!

[20/10/2007|19:27] C:\ProgramData\Microsoft

[06/10/2007|15:39] C:\ProgramData\ModŠles

[26/01/2002|09:07] C:\ProgramData\Nero

[21/09/2008|17:54] C:\ProgramData\ntuser.pol

[27/09/2008|10:00] C:\ProgramData\Ooze Chin Help

[21/09/2008|18:55] C:\ProgramData\ScanSoft

[07/02/2008|17:44] C:\ProgramData\Skyline

[08/02/2008|14:37] C:\ProgramData\Skype

[07/03/2008|11:22] C:\ProgramData\Spybot - Search & Destroy

[02/11/2006|15:02] C:\ProgramData\Start Menu

[06/03/2008|17:58] C:\ProgramData\Symantec

[06/02/2008|23:08] C:\ProgramData\TEMP

[02/11/2006|15:02] C:\ProgramData\Templates

[10/10/2007|11:44] C:\ProgramData\WEBREG

[17/11/2007|16:18] C:\ProgramData\WLInstaller

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[26/01/2002|10:51] C:\Program Files\Adobe

[30/09/2008|14:10] C:\Program Files\adslTV

[09/10/2007|22:21] C:\Program Files\Apple Software Update

[23/08/2007|11:09] C:\Program Files\Atheros

[23/08/2007|09:52] C:\Program Files\ATI

[23/08/2007|09:54] C:\Program Files\ATI Technologies

[14/01/2008|16:57] C:\Program Files\BullGuard Ltd

[30/01/2008|15:44] C:\Program Files\BullGuard Software

[21/09/2008|18:50] C:\Program Files\Canon

[21/09/2008|18:28] C:\Program Files\CanonBJ

[28/03/2008|09:30] C:\Program Files\CCleaner

[30/09/2008|17:19] C:\Program Files\Common Files

[26/01/2002|10:36] C:\Program Files\Corel

[07/02/2008|15:13] C:\Program Files\DivX

[06/02/2008|23:06] C:\Program Files\eMule

[06/10/2007|15:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]

[01/03/2008|22:23] C:\Program Files\Geonaute KeyMaze 300

[08/02/2008|14:38] C:\Program Files\Google

[10/10/2007|11:41] C:\Program Files\Hewlett-Packard

[10/10/2007|11:43] C:\Program Files\HP

[09/10/2007|21:47] C:\Program Files\HP pilotes et logiciels

[13/11/2007|22:57] C:\Program Files\IncrediMail

[02/03/2008|09:28] C:\Program Files\InstallShield Installation Information

[21/09/2008|20:47] C:\Program Files\Internet Explorer

[01/12/2007|14:26] C:\Program Files\iPod

[01/12/2007|14:27] C:\Program Files\iTunes

[22/09/2008|08:41] C:\Program Files\Java

[28/01/2008|17:31] C:\Program Files\Lavasoft

[22/09/2008|19:53] C:\Program Files\ma-config.com

[26/01/2002|09:41] C:\Program Files\Marco Polo EuroRoute 2007

[27/09/2008|09:56] C:\Program Files\Messenger Plus! Live

[22/09/2008|17:46] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[14/10/2007|14:37] C:\Program Files\Microsoft Games

[02/11/2006|14:42] C:\Program Files\Movie Maker

[09/02/2008|09:49] C:\Program Files\Mozilla Firefox

[02/11/2006|14:37] C:\Program Files\MSBuild

[02/11/2006|14:37] C:\Program Files\MSN

[10/10/2007|09:16] C:\Program Files\MSXML 4.0

[03/10/2008|06:56] C:\Program Files\Navilog1

[26/01/2002|09:07] C:\Program Files\Nero

[18/11/2007|15:01] C:\Program Files\Neuf

[23/08/2007|10:14] C:\Program Files\O2Micro Oz128 Driver

[22/09/2008|09:22] C:\Program Files\OpenOffice.org 2.4

[31/03/2008|14:09] C:\Program Files\Pack Securite

[28/11/2007|09:39] C:\Program Files\Picasa2

[02/03/2008|09:28] C:\Program Files\Prolific

[01/12/2007|14:24] C:\Program Files\QuickTime

[09/10/2007|23:19] C:\Program Files\Real

[23/08/2007|10:21] C:\Program Files\Realtek

[02/11/2006|14:37] C:\Program Files\Reference Assemblies

[21/09/2008|18:54] C:\Program Files\ScanSoft

[07/02/2008|17:43] C:\Program Files\Skyline

[08/02/2008|14:37] C:\Program Files\Skype

[07/03/2008|11:24] C:\Program Files\Spybot - Search & Destroy

[06/03/2008|17:58] C:\Program Files\Symantec

[23/08/2007|10:43] C:\Program Files\System Control Manager

[29/09/2008|11:38] C:\Program Files\Trend Micro

[02/11/2006|15:01] C:\Program Files\Uninstall Information

[22/09/2008|10:39] C:\Program Files\VideoLAN

[23/08/2007|14:16] C:\Program Files\Windows Calendar

[02/11/2006|14:42] C:\Program Files\Windows Collaboration

[22/08/2007|16:28] C:\Program Files\Windows Defender

[02/11/2006|14:42] C:\Program Files\Windows Journal

[17/11/2007|16:21] C:\Program Files\Windows Live

[21/09/2008|20:47] C:\Program Files\Windows Mail

[10/10/2007|16:17] C:\Program Files\Windows Media Player

[06/10/2007|15:39] C:\Program Files\Windows NT

[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery

[31/01/2008|09:52] C:\Program Files\Windows Sidebar

[26/01/2002|09:29] C:\Program Files\WordPerfect Office X3

 

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

 

[26/01/2002|10:52] C:\Program Files\Common Files\Adobe

[26/01/2002|09:10] C:\Program Files\Common Files\Ahead

[09/10/2007|22:20] C:\Program Files\Common Files\Apple

[26/01/2002|09:29] C:\Program Files\Common Files\Borland Shared

[21/09/2008|18:42] C:\Program Files\Common Files\CANON

[26/01/2002|09:32] C:\Program Files\Common Files\Corel

[26/01/2002|09:41] C:\Program Files\Common Files\GIS

[10/10/2007|11:41] C:\Program Files\Common Files\Hewlett-Packard

[10/10/2007|11:43] C:\Program Files\Common Files\HP

[08/11/2007|19:32] C:\Program Files\Common Files\InstallShield

[09/11/2007|19:23] C:\Program Files\Common Files\Java

[26/01/2002|09:41] C:\Program Files\Common Files\mapserv

[10/12/2007|22:47] C:\Program Files\Common Files\microsoft shared

[30/09/2008|17:19] C:\Program Files\Common Files\Real

[21/09/2008|18:55] C:\Program Files\Common Files\ScanSoft Shared

[02/11/2006|13:18] C:\Program Files\Common Files\Services

[08/02/2008|14:37] C:\Program Files\Common Files\Skype

[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines

[06/03/2008|17:58] C:\Program Files\Common Files\Symantec Shared

[22/08/2007|16:28] C:\Program Files\Common Files\System

[17/11/2007|16:21] C:\Program Files\Common Files\WindowsLiveInstaller

[30/09/2008|17:19] C:\Program Files\Common Files\xing shared

 

--------------------\\ Process

 

( 81 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\Users\marc\AppData\Roaming\MICROS~1\Windows\Cookies\marc@advertising[2].txt

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-06 13:20:52

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 1

 

--------------------\\ Recherche d'autres infections

 

 

C:\Users\marc\AppData\Local\ednteettka_navfx.dat

==> EGDACCESS <==

 

 

 

[F:64][D:15]-> C:\Users\marc\AppData\Local\Temp

[F:361][D:1]-> C:\Users\marc\AppData\Roaming\MICROS~1\Windows\Cookies

[F:708][D:5]-> C:\Users\marc\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:448][D:14]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 04/10/2008|17:28 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 06/10/2008|13:22 - Option : [2]

 

--------------------\\ Fin du rapport a 13:22:35

[ UAC => 1 ]

 

rapport demandé.J'ai le méme probléme de fenetre de pub sur l'autre ordinateur de la famille,je soupçonne

[Lien Rag]

On termine avec ce PC

 

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

 

- Va dans démarrer puis panneau de configuration

- Double Clique sur l'icône "Comptes d'utilisateurs"

- Clique ensuite sur désactiver et valide.

 

Télécharge maintenant Navilog1 depuis-ce lien :

 

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

 

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.

Ensuite double clique sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

 

Au menu principal, Fais le choix 1

Laisse toi guider et patiente.

Patiente jusqu'au message :

*** Analyse Termine le ..... ***

Appuie sur une touche le blocnote va s'ouvrir.

Copie-colle l'intégralité du rapport dans une réponse.

Referme le blocnote

Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.