Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Ralentissement, Modification sans mon avis

Khorn

Par Khorn
dans Analyses et éradication malwares

 Partager

Messages recommandés

Khorn Junior Member

Khorn

Posté(e)
Posté(e)

Bonjour cela fait un mois que j'observe des ralentissement sur internet, des fenêtres ie qui s'ouvrent automatiquement, des toolbarres qui s'installent seules...Bref la total...

J'ai donc suivit votre tuto ( mode sans echec avec antivir ) et miracle plus de fenêtre ie s'ouvrent tout le temps, la toolbarre ne s'installe plus, et les ralentissements se font moins présents, mais persistent tout de même ce qui est ennervant ^^

 

A savoir que j'ai avast en antivirus ( je compte le changer vu qu'il ne me satisfait plus ) ( j'ai vu que vous recommandiez anti vir, mais on me conseil aussi nod 32 qui fait ses preuves en ce moment, lequel est le mieux? )

 

 

Voici le scan de HijackThis obtenu :

 

Logfile of HijackThis v1.99.1

Scan saved at 10:50:48, on 29/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\RunDll32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\DNA\btdna.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\ActMak\ActMak25.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.generation-nt.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TBSB09195 - {95FBB1F0-B17C-4C18-A865-942098F50376} - (no file)

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\that mp3.exe

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [funk beep] C:\DOCUME~1\ADMINI~1\APPLIC~1\FLAWON~1\log meal.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: ActMaker.lnk = C:\Program Files\ActMak\ActMak25.exe

O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk142YYFR

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195862231562

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

 

J'espère que vous pourrez grace a ce scan trouver les quelques petits défaults de mon ordi ^^

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• * Télécharge BTFix de Bibi26.

http://www.bibi26.power-heberg.com/logiciels/BTFix.zip

* Dézippe l'archive sur ton Bureau.

* Ouvre le dossier BTFix.

* Double clique sur BTFix.exe.

* Clique sur Rechercher.

* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

 

 

---------------------------------------------

 

* Ouvre BTFix.

* Clique sur Nettoyer.

* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

 

• Télécharge Lop S&D de Angeldark et Eric71 sur ton bureau.

 

http://eric.71.mespages.googlepages.com/LopSD.exe

 

Passe l'option 1 puis l'option 2

 

tuto >> http://eric.71.mespages.googlepages.com/lop.sd.exe

 

• Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

 

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

 

Double clique sur SDFix.exe et choisis Install pour l'extraire en c:\SDFix.

 

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

 

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

 

 

 

* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.

* Appuie sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

* Appuie sur une touche pour redémarrer le PC.

* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.(laisse le s'executer sans rien toucher!!)

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.(ne touche à rien!!laisse le faire)

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

* Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum avec un nouveau rapport HJT + rapports lopSD + rapport BTFix

Khorn Junior Member

Khorn

Posté(e)
  • Auteur
Posté(e) (modifié)

Les différents Rapports

 

Btfix rapport de recherche :

 

BTFix 1.081 (par bibi26) - 29/02/2008 13:05:24 - Analyse

Lancé depuis C:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix.exe

 

---> Fichiers/Dossiers trouvés

 

- C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf

- C:\Program Files\MyWebSearch\

- C:\Program Files\FunWebProducts\

- C:\Program Files\Uninstall Fun Web Products.dll

 

---> Analyse terminée

 

Btfx rapport de suppression :

 

BTFix 1.081 (par bibi26) - 29/02/2008 13:06:06 - Nettoyage - Mode normal

Lancé depuis C:\Documents and Settings\Administrateur\Bureau\BTFix\BTFix.exe

 

---> Fichiers/dossiers supprimés (Première passe)

 

- Fichiers temporaires effacés

- C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf

- C:\Program Files\MyWebSearch\bar\History\

- C:\Program Files\MyWebSearch\bar\Settings\

- C:\Program Files\MyWebSearch\bar\

- C:\Program Files\MyWebSearch\

- C:\Program Files\FunWebProducts\ScreenSaver\Images\

- C:\Program Files\FunWebProducts\ScreenSaver\

- C:\Program Files\FunWebProducts\Shared\

- C:\Program Files\FunWebProducts\

- C:\Program Files\Uninstall Fun Web Products.dll

 

---> Nettoyage terminé

 

Rapport de Lop S&D :

 

-----------------------------[ Lop S&D 4.0.0 ]---------------------------

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Administrateur ] [ "C:\Lop SD" ]

[ 29/02/2008 | 13:15:57,27 ] [ PC : MCE2005 ]

[ MAJ : 26-02-2008 | 19:30 ]

 

-------------[ Listing des dossiers dans Application Data ]------------

 

[26/02/2008|00:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\.

[26/02/2008|00:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\..

[06/01/2008|14:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe

[16/02/2008|22:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

[26/02/2008|00:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Auslogics

[04/01/2008|14:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\BitTorrent

[24/11/2007|01:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini

[29/02/2008|13:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\DNA

[04/01/2008|10:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\DyNy Corporation '99

[22/02/2008|19:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\flaw online bows

[13/12/2007|19:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help

[24/11/2007|00:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[17/02/2008|21:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\ma-config.com

[25/11/2007|19:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia

[23/02/2008|10:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[25/11/2007|18:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

[25/11/2007|19:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun

[25/11/2007|18:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

[15/12/2007|17:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2

[25/11/2007|18:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird

[17/02/2008|19:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc

[25/12/2007|22:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

[13/12/2007|21:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\WordRider

 

[28/02/2008|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.

[28/02/2008|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..

[28/02/2008|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html

[13/02/2008|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[13/02/2008|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[13/02/2008|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[28/02/2008|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[24/11/2007|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[22/02/2008|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site

[23/02/2008|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[15/12/2007|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[24/11/2007|01:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[04/01/2008|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[24/11/2007|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[27/02/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

 

[24/11/2007|01:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.

[24/11/2007|01:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..

[24/11/2007|01:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[24/11/2007|00:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[24/11/2007|00:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[24/11/2007|00:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\..

[24/11/2007|00:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[24/11/2007|00:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\.

[24/11/2007|00:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\..

[24/11/2007|00:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

 

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

 

[29/02/2008 13:00][--ah-----] C:\WINDOWS\tasks\BA76324A91D1D772.job

[27/02/2008 12:38][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[29/02/2008 13:11][--ah-----] C:\WINDOWS\tasks\SA.DAT

[10/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[29/02/2008|13:06] C:\Program Files\.

[29/02/2008|13:06] C:\Program Files\..

[10/02/2008|18:50] C:\Program Files\ActMak

[13/02/2008|22:40] C:\Program Files\Adobe

[18/01/2008|18:43] C:\Program Files\Alwil Software

[13/02/2008|20:26] C:\Program Files\Apple Software Update

[27/02/2008|12:39] C:\Program Files\a-squared Free

[26/02/2008|00:28] C:\Program Files\Auslogics

[07/02/2008|22:18] C:\Program Files\AutoClick

[20/01/2008|09:53] C:\Program Files\bd.ini

[05/12/2007|14:15] C:\Program Files\bk2.jpg

[07/12/2007|10:05] C:\Program Files\bl_07.jpg

[04/01/2008|19:26] C:\Program Files\CamStudio

[25/02/2008|23:39] C:\Program Files\CCleaner

[25/02/2008|14:33] C:\Program Files\Cheat Engine

[22/02/2008|19:20] C:\Program Files\Circle Developement

[07/12/2007|20:41] C:\Program Files\C-Media 3D Audio

[04/01/2008|13:54] C:\Program Files\Common Files

[24/11/2007|00:44] C:\Program Files\ComPlus Applications

[19/01/2008|10:43] C:\Program Files\Design Science

[13/02/2008|14:56] C:\Program Files\DivX

[04/01/2008|14:26] C:\Program Files\DNA

[05/12/2007|02:06] C:\Program Files\else.gif

[22/02/2008|21:00] C:\Program Files\Evil Msn

[13/02/2008|22:40] C:\Program Files\Fichiers communs

[22/02/2008|19:21] C:\Program Files\flaw online bows

[04/01/2008|19:26] C:\Program Files\Game Cam Lite v1.4

[26/02/2008|10:35] C:\Program Files\Ghostgum

[29/02/2008|10:50] C:\Program Files\HijackThis

[30/01/2008|16:01] C:\Program Files\HyCam2

[21/02/2008|20:15] C:\Program Files\InstallShield Installation Information

[29/02/2008|10:52] C:\Program Files\Internet Explorer

[13/02/2008|20:28] C:\Program Files\iPod

[13/02/2008|20:28] C:\Program Files\iTunes

[19/01/2008|11:44] C:\Program Files\Java

[29/02/2008|12:15] C:\Program Files\jv16 PowerTools

[17/02/2008|21:47] C:\Program Files\ma-config.com

[30/11/2007|13:18] C:\Program Files\Messenger

[22/02/2008|19:20] C:\Program Files\Messenger Plus! Live

[28/02/2008|21:10] C:\Program Files\MessengerDiscovery

[22/02/2008|17:31] C:\Program Files\MessengerPlus! 3

[24/11/2007|00:49] C:\Program Files\microsoft frontpage

[17/01/2008|15:49] C:\Program Files\Microsoft Office

[27/02/2008|23:51] C:\Program Files\Microsoft SQL Server Compact Edition

[24/11/2007|00:45] C:\Program Files\Movie Maker

[29/02/2008|13:14] C:\Program Files\Mozilla Firefox

[27/02/2008|19:52] C:\Program Files\Mozilla Thunderbird

[29/02/2008|11:57] C:\Program Files\MRU-Blaster

[23/01/2008|16:23] C:\Program Files\MSBuild

[24/11/2007|00:41] C:\Program Files\MSN

[24/11/2007|00:42] C:\Program Files\MSN Gaming Zone

[28/02/2008|21:10] C:\Program Files\MSN Messenger

[24/01/2008|22:13] C:\Program Files\MSXML 6.0

[24/11/2007|00:46] C:\Program Files\NetMeeting

[24/11/2007|00:43] C:\Program Files\Online Services

[29/02/2008|12:28] C:\Program Files\OO Software

[30/11/2007|13:17] C:\Program Files\Outlook Express

[29/12/2007|21:57] C:\Program Files\PhotoDeluxe BE 1.0 TO

[13/02/2008|20:27] C:\Program Files\QuickTime

[23/01/2008|16:19] C:\Program Files\Reference Assemblies

[26/02/2008|09:27] C:\Program Files\SCAR 2.03

[24/11/2007|00:46] C:\Program Files\Services en ligne

[30/12/2007|17:38] C:\Program Files\Sony Ericsson

[20/02/2008|21:14] C:\Program Files\StuffPlug3

[24/11/2007|00:59] C:\Program Files\SystemRequirementsLab

[15/12/2007|17:14] C:\Program Files\Teamspeak2_RC2

[07/12/2007|10:18] C:\Program Files\th_07.jpg

[11/12/2007|18:29] C:\Program Files\TI Education

[24/11/2007|00:54] C:\Program Files\Uninstall Information

[17/02/2008|19:18] C:\Program Files\VideoLAN

[01/12/2007|23:09] C:\Program Files\Virtools

[29/02/2008|10:46] C:\Program Files\Windows Live

[26/02/2008|16:11] C:\Program Files\Windows Live Safety Center

[24/11/2007|00:48] C:\Program Files\Windows Media Player

[24/11/2007|00:42] C:\Program Files\Windows NT

[24/11/2007|00:43] C:\Program Files\Windows Plus

[24/11/2007|00:46] C:\Program Files\WindowsUpdate

[25/12/2007|22:53] C:\Program Files\WinRAR

[18/02/2008|17:48] C:\Program Files\WinSCP

[09/01/2008|21:45] C:\Program Files\Wolfenstein - Enemy Territory

[24/11/2007|00:49] C:\Program Files\xerox

 

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

 

[13/02/2008|22:40] C:\Program Files\Fichiers communs\.

[13/02/2008|22:40] C:\Program Files\Fichiers communs\..

[13/02/2008|22:41] C:\Program Files\Fichiers communs\Adobe

[13/02/2008|20:26] C:\Program Files\Fichiers communs\Apple

[04/01/2008|13:54] C:\Program Files\Fichiers communs\InstallShield

[19/01/2008|11:43] C:\Program Files\Fichiers communs\Java

[17/01/2008|15:49] C:\Program Files\Fichiers communs\Microsoft Shared

[24/11/2007|00:45] C:\Program Files\Fichiers communs\MSSoap

[24/11/2007|01:37] C:\Program Files\Fichiers communs\ODBC

[24/11/2007|00:45] C:\Program Files\Fichiers communs\Services

[24/11/2007|01:37] C:\Program Files\Fichiers communs\SpeechEngines

[30/11/2007|13:17] C:\Program Files\Fichiers communs\System

[11/12/2007|18:29] C:\Program Files\Fichiers communs\TI Shared

[15/12/2007|19:54] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[11/12/2007|18:28] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

----------------------[ Recherche avec S_Lop ]---------------------

 

Aucun fichier / dossier Lop trouvé !

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site\that mp3.exe

C:\Program Files\Circle Developement

C:\Program Files\Circle Developement\Uninstall.exe

C:\WINDOWS\Tasks\BA76324A91D1D772.job

 

----------------------[ Verification du Registre ]----------------------

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------[ Verification du fichier Hosts ]---------------------

 

Fichier Hosts MODIFIE

 

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

 

-> 71 ( 70 ## added by CiD )

 

----------------[ Recherche de fichiers avec Catchme ]-----------------

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-29 13:16:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully

hidden files: 0

 

--------------------[ Recherche d'autres infections ]---------------------

 

Aucune autre infection trouvée !

 

/!\ [Fich:6][Doss:1] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp

/!\ [Fich:11][Doss:0] C:\DOCUME~1\ADMINI~1\Cookies

/!\ [Fich:7][Doss:4] C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------[ Fin du rapport a 13:16:45,66 ]----------------------

 

Rapport SDfix :

 

SDFix: Version 1.149

 

Run by Administrateur on 29/02/2008 at 13:36

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

Name:

smtpdrv

 

Path:

System32\DRIVERS\smtpdrv.sys

 

smtpdrv - Deleted

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\qmopt.dll - Deleted

C:\WINDOWS\system32\WLCtrl32.dll - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-29 13:46:19

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]

"OOSAFEERASE03.00.00.01MSWINDOWS"="9C2D503D31912D9F45B1266D71B69AA97A2D14F0B467EA869D46BF08A659E1BE869291777AF7AE72DB8DD4B0EA67EA4AB89CA08B8C8D737AAAA89814EC350A537541F360843BCCE6ACD7DC80F5CBF6359E7F20721EB279F908CA2335F539DC72A22E36DA45137648F775ABB69B5FEB008D4CCA1AA8350A01DC56851A5A43651F1AD28A6D487E54C54D5220567EE0AE24BC004C1B84B263722578589441F35FC63CAC19C32DC03E7393DB8D81D152D2FAB71947331892F892AFDF2B9A6BB1B9363FBD7DAC28DEC1480486BC805E7DA5C65C9BCF426279738BA0C27E45A8A41B1FAA8BC59B7D22A1A0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A2D97226D213B555301763C342545E8F2556571F20B680A5EC720BCAAB35A4BAF6197E252E5D79CA324460561A08D52B1C9F55EEC049EC691002188E4D7054BF766DE4A29A17D5173B2FB5AB4E3A169993FD4E9FCD7109569C341B4AFC2335713D16DA50CFDD48E764261CB6A72D7C640C0F0AF98710CD1E961A09C011EFFC49F5B0228C59B562241F77C18A0765987B5BF4C2EEBF4CE857DAC448596F3E162A1EE1EFD5D3E8EE132EF9C9645C2CAFAFA9D427905E8FBB7F15CCB52295B8A0D70952EC54EE01E5632B04491F2F8FB8377358DB946009DBF4474AA1C893CFECF95EABB5CE7150F82600754A3F98DE61AE0B2C75D752AA13FA47DC4F238D35031D189F5C3234E80B516E2C4BE8C8B08B121383025858A9DD39BEA877A7BBE01C3284DF6510A425B33D080DBDE6805DC8C585147DB82B80EEBAAC5246F16B8EA80D4726491D439FBEA8B48108271782E30EAD16DC40146EAB6FE085DAC3FABB49E5D7AC7532A6382B34B277043BF50159172FC886D974F3AC2A0371497F602D565A7FB2CBCBF7942D648EDC00D89B7ED7EE7C6CD614BDD841238B471AAD22E85869DCFD208B721CAAA4AFA8BD591AE3C50760C79923F7A668F548BDC9F95F3B8F7964D3BCB56A7AC1414AD1F23C98DD3AB6752415DB3D2A5A205C90C73445B1ED50DA025CB44321416B6C564AA350DE83B8ACCE7F3A3F777F863C7EF8501BA01A9BDD553213F5C2AAB87436E153101A21AACC1903DD3F64F371324934E5369FED6C592563041158B7A29776CBB63A8A470F6CDA3F08150A8B0ADB3845B20488F736914607D9359ED2865C1E8CDA45EBDDCC7A6A46A1ACC74B612B95EC14067AFA529B942C9097949CA51F3C9FF13A40042DB5A82133053EEA6A65305F8E4EDA6EFB65F053C102FD66A51060F353B94C87DF34F348ED3055D9FBA55BC4CB08CDFCD3AA3FEF31D0E33A8FB21FE8767399EE775DB5ADA257B5B952586CB795EC41035F7F65ECC2F613D2525D11567B2FF5F0E8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:000000a3

"TracesSuccessful"=dword:00000003

 

scanning hidden files ...

 

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 1

 

 

Remaining Services :

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"

"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"

"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"

"C:\\WINDOWS\\system32\\firewall.exe"="C:\\WINDOWS\\system32\\firewall.exe:*:Disabled:firewall"

"C:\\Program Files\\SV_V3nom_for_french_By_Crazysasuke\\Conquer+SV\\V3nom\\EgyCO-V3n0M-5000-Build1\\V3n0M-Lite.exe"="C:\\Program Files\\SV_V3nom_for_french_By_Crazysasuke\\Conquer+SV\\V3nom\\EgyCO-V3n0M-5000-Build1\\V3n0M-Lite.exe:*:Enabled:V3n0MProxy"

"C:\\Documents and Settings\\Administrateur\\Mes documents\\SV_V3nom_for_french_By_Crazysasuke\\Conquer+SV\\S_V_B0t\\Conquer 2.0\\V3n0M-Lite.exe"="C:\\Documents and Settings\\Administrateur\\Mes documents\\SV_V3nom_for_french_By_Crazysasuke\\Conquer+SV\\S_V_B0t\\Conquer 2.0\\V3n0M-Lite.exe:*:Enabled:V3n0MProxy"

"C:\\Documents and Settings\\Administrateur\\Bureau\\SV_V3nom_for_french_By_Crazysasuke\\Conquer+SV\\PvP_client\\EgyCO-V3n0M-5000-Build1\\V3n0M-Lite.exe"="C:\\Documents and Settings\\Administrateur\\Bureau\\SV_V3nom_for_french_By_Crazysasuke\\Conquer+SV\\PvP_client\\EgyCO-V3n0M-5000-Build1\\V3n0M-Lite.exe:*:Enabled:V3n0MProxy"

"C:\\Documents and Settings\\Administrateur\\Bureau\\Nouveau dossier\\Conquer 2.0\\V3n0M-Lite.exe"="C:\\Documents and Settings\\Administrateur\\Bureau\\Nouveau dossier\\Conquer 2.0\\V3n0M-Lite.exe:*:Enabled:V3n0MProxy"

"C:\\Documents and Settings\\Administrateur\\Bureau\\SV_V3nom_for_french_By_Crazysasuke\\Conquer+SV\\S_V_B0t\\Conquer 2.0\\V3n0M-Lite.exe"="C:\\Documents and Settings\\Administrateur\\Bureau\\SV_V3nom_for_french_By_Crazysasuke\\Conquer+SV\\S_V_B0t\\Conquer 2.0\\V3n0M-Lite.exe:*:Enabled:V3n0MProxy"

"C:\\Documents and Settings\\Administrateur\\Mes documents\\Nouveau dossier\\Proxy\\V3n0M-Lite.exe"="C:\\Documents and Settings\\Administrateur\\Mes documents\\Nouveau dossier\\Proxy\\V3n0M-Lite.exe:*:Enabled:V3n0MProxy"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Evil Msn\\Evil Msn 3.0.exe"="C:\\Program Files\\Evil Msn\\Evil Msn 3.0.exe:*:Enabled:Evil Msn 3.0"

"C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\Rar$EX20.562\\OXiD\\Client.exe"="C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\Rar$EX20.562\\OXiD\\Client.exe:*:Enabled:Client"

"C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\Rar$EX13.2031\\OXiD\\Client.exe"="C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\Rar$EX13.2031\\OXiD\\Client.exe:*:Enabled:Client"

"C:\\WINDOWS\\winlogon.exe"="C:\\WINDOWS\\winlogon.exe:*:Enabled:winlogon"

"C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\Rar$EX14.03281\\OXiD\\Client.exe"="C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\Rar$EX14.03281\\OXiD\\Client.exe:*:Enabled:Client"

"C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\Rar$EX15.54562\\OXiD\\Client.exe"="C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\Rar$EX15.54562\\OXiD\\Client.exe:*:Enabled:Client"

"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Sun 19 Mar 2006 262,144 A.SH. --- "C:\Program Files\MessengerDiscovery\SpellCHK.exe"

Mon 25 Jun 2007 61,440 A..H. --- "C:\Program Files\MSN Messenger\winmm.dll"

Thu 4 Oct 2007 20 ...H. --- "C:\Program Files\Common Files\ServerExten\AQ@30_10.dll"

Mon 25 Jun 2007 61,440 A..H. --- "C:\Program Files\Windows Live\Messenger\winmm.dll"

Mon 25 Jun 2007 61,440 A..H. --- "C:\System Volume Information\_restore{5F58E2D8-A39C-41A9-A129-FC288A46E018}\RP126\A0037831.dll"

Mon 25 Jun 2007 61,440 A..H. --- "C:\System Volume Information\_restore{5F58E2D8-A39C-41A9-A129-FC288A46E018}\RP126\A0037833.dll"

Mon 25 Jun 2007 61,440 A..H. --- "C:\System Volume Information\_restore{5F58E2D8-A39C-41A9-A129-FC288A46E018}\RP128\A0038848.dll"

Mon 25 Jun 2007 61,440 A..H. --- "C:\System Volume Information\_restore{5F58E2D8-A39C-41A9-A129-FC288A46E018}\RP128\A0038849.dll"

Sun 19 Mar 2006 262,144 A.SH. --- "C:\System Volume Information\_restore{5F58E2D8-A39C-41A9-A129-FC288A46E018}\RP128\A0038850.exe"

Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4844df1d57a292079101da42a26d7d72\BIT3.tmp"

Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"

Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d8093d524ba38b2f4036bb4d3aa25e4\BIT4.tmp"

Mon 4 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\78670cbd6a90baaa408a8a72f52fdce2\BIT1.tmp"

Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT4.tmp"

 

Finished!

 

Voili Voilou :P

Modifié par Khorn
Khorn Junior Member

Khorn

Posté(e)
  • Auteur
Posté(e)
tu me remets un nouveau rapport HJT stp ;o)

Voila le dernier rapport de Hjt :

 

Logfile of HijackThis v1.99.1

Scan saved at 14:29:31, on 29/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\SYSTEM32\SWEEPER.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ActMak\ActMak25.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TBSB09195 - {95FBB1F0-B17C-4C18-A865-942098F50376} - (no file)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [funk beep] C:\DOCUME~1\ADMINI~1\APPLIC~1\FLAWON~1\log meal.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: ActMaker.lnk = C:\Program Files\ActMak\ActMak25.exe

O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe

O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195862231562

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

 

Merci de ta rapidité pour répondre ^^

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• relance HJT "do a system san only" ,coche uniquement puis clic fixchecked:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: TBSB09195 - {95FBB1F0-B17C-4C18-A865-942098F50376} - (no file)

O4 - HKCU\..\Run: [funk beep] C:\DOCUME~1\ADMINI~1\APPLIC~1\FLAWON~1\log meal.exe

 

 

• repasse l'option 1 puis 2 de lopSD stp et poste le 2eme rapport (option 2)

 

•telecharge sur ton bureau::

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, laisse lui le temps de nettoyer!

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

•poste un nouveau rapport HJT avec le rapport option2 de lopSD

angelique Devil Member !

angelique

Posté(e)
Posté(e)

tu relances HJT " do a system scan only" , tu coches uniquement ces 3 lignes devant:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: TBSB09195 - {95FBB1F0-B17C-4C18-A865-942098F50376} - (no file)

O4 - HKCU\..\Run: [funk beep] C:\DOCUME~1\ADMINI~1\APPLIC~1\FLAWON~1\log meal.exe

 

et en bas tu clic fixchecked ;o)

Khorn Junior Member

Khorn

Posté(e)
  • Auteur
Posté(e) (modifié)

J'ai fini par comprendre ^^

En attendant les rapports, avast me détecte tout le temps : Win32:Inject-EV [Trj] mais n'arrive jamais a l'éliminer, antivir non plus.

 

Edit :

 

 

-I

 

 

Rapport de suppression de lopSD :

 

 

 

 

 

 

-----------------------------[ Lop S&D 4.0.0 ]---------------------------

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Administrateur ] [ "C:\Lop SD" ]

[ 29/02/2008 | 14:52:22,06 ] [ PC : MCE2005 ]

[ MAJ : 26-02-2008 | 19:30 ]

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

 

Restauré! - Fichier Hosts

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

-------------[ Listing des dossiers dans Application Data ]------------

 

[26/02/2008|00:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\.

[26/02/2008|00:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\..

[06/01/2008|14:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe

[16/02/2008|22:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

[26/02/2008|00:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Auslogics

[04/01/2008|14:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\BitTorrent

[24/11/2007|01:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini

[29/02/2008|13:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\DNA

[04/01/2008|10:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\DyNy Corporation '99

[22/02/2008|19:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\flaw online bows

[13/12/2007|19:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help

[24/11/2007|00:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[17/02/2008|21:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\ma-config.com

[25/11/2007|19:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia

[23/02/2008|10:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[25/11/2007|18:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

[25/11/2007|19:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun

[25/11/2007|18:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

[15/12/2007|17:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2

[25/11/2007|18:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird

[17/02/2008|19:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc

[25/12/2007|22:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

[13/12/2007|21:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\WordRider

 

[29/02/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.

[29/02/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..

[28/02/2008|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html

[13/02/2008|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[13/02/2008|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[13/02/2008|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[28/02/2008|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[24/11/2007|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[23/02/2008|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[15/12/2007|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[24/11/2007|01:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[04/01/2008|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[24/11/2007|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[27/02/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

 

[24/11/2007|01:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.

[24/11/2007|01:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..

[24/11/2007|01:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[24/11/2007|00:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[24/11/2007|00:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[24/11/2007|00:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\..

[24/11/2007|00:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[24/11/2007|00:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\.

[24/11/2007|00:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\..

[24/11/2007|00:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

 

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

 

[27/02/2008 12:38][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[29/02/2008 13:44][--ah-----] C:\WINDOWS\tasks\SA.DAT

[10/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[29/02/2008|13:18] C:\Program Files\.

[29/02/2008|13:18] C:\Program Files\..

[10/02/2008|18:50] C:\Program Files\ActMak

[13/02/2008|22:40] C:\Program Files\Adobe

[18/01/2008|18:43] C:\Program Files\Alwil Software

[13/02/2008|20:26] C:\Program Files\Apple Software Update

[27/02/2008|12:39] C:\Program Files\a-squared Free

[26/02/2008|00:28] C:\Program Files\Auslogics

[07/02/2008|22:18] C:\Program Files\AutoClick

[20/01/2008|09:53] C:\Program Files\bd.ini

[05/12/2007|14:15] C:\Program Files\bk2.jpg

[07/12/2007|10:05] C:\Program Files\bl_07.jpg

[04/01/2008|19:26] C:\Program Files\CamStudio

[25/02/2008|23:39] C:\Program Files\CCleaner

[25/02/2008|14:33] C:\Program Files\Cheat Engine

[07/12/2007|20:41] C:\Program Files\C-Media 3D Audio

[04/01/2008|13:54] C:\Program Files\Common Files

[24/11/2007|00:44] C:\Program Files\ComPlus Applications

[19/01/2008|10:43] C:\Program Files\Design Science

[13/02/2008|14:56] C:\Program Files\DivX

[04/01/2008|14:26] C:\Program Files\DNA

[05/12/2007|02:06] C:\Program Files\else.gif

[22/02/2008|21:00] C:\Program Files\Evil Msn

[13/02/2008|22:40] C:\Program Files\Fichiers communs

[22/02/2008|19:21] C:\Program Files\flaw online bows

[04/01/2008|19:26] C:\Program Files\Game Cam Lite v1.4

[26/02/2008|10:35] C:\Program Files\Ghostgum

[29/02/2008|14:50] C:\Program Files\HijackThis

[30/01/2008|16:01] C:\Program Files\HyCam2

[21/02/2008|20:15] C:\Program Files\InstallShield Installation Information

[29/02/2008|10:52] C:\Program Files\Internet Explorer

[13/02/2008|20:28] C:\Program Files\iPod

[13/02/2008|20:28] C:\Program Files\iTunes

[19/01/2008|11:44] C:\Program Files\Java

[29/02/2008|12:15] C:\Program Files\jv16 PowerTools

[17/02/2008|21:47] C:\Program Files\ma-config.com

[30/11/2007|13:18] C:\Program Files\Messenger

[22/02/2008|19:20] C:\Program Files\Messenger Plus! Live

[28/02/2008|21:10] C:\Program Files\MessengerDiscovery

[22/02/2008|17:31] C:\Program Files\MessengerPlus! 3

[24/11/2007|00:49] C:\Program Files\microsoft frontpage

[17/01/2008|15:49] C:\Program Files\Microsoft Office

[27/02/2008|23:51] C:\Program Files\Microsoft SQL Server Compact Edition

[24/11/2007|00:45] C:\Program Files\Movie Maker

[29/02/2008|14:02] C:\Program Files\Mozilla Firefox

[27/02/2008|19:52] C:\Program Files\Mozilla Thunderbird

[29/02/2008|11:57] C:\Program Files\MRU-Blaster

[23/01/2008|16:23] C:\Program Files\MSBuild

[24/11/2007|00:41] C:\Program Files\MSN

[24/11/2007|00:42] C:\Program Files\MSN Gaming Zone

[28/02/2008|21:10] C:\Program Files\MSN Messenger

[24/01/2008|22:13] C:\Program Files\MSXML 6.0

[24/11/2007|00:46] C:\Program Files\NetMeeting

[24/11/2007|00:43] C:\Program Files\Online Services

[29/02/2008|12:28] C:\Program Files\OO Software

[30/11/2007|13:17] C:\Program Files\Outlook Express

[29/12/2007|21:57] C:\Program Files\PhotoDeluxe BE 1.0 TO

[13/02/2008|20:27] C:\Program Files\QuickTime

[23/01/2008|16:19] C:\Program Files\Reference Assemblies

[26/02/2008|09:27] C:\Program Files\SCAR 2.03

[24/11/2007|00:46] C:\Program Files\Services en ligne

[30/12/2007|17:38] C:\Program Files\Sony Ericsson

[20/02/2008|21:14] C:\Program Files\StuffPlug3

[24/11/2007|00:59] C:\Program Files\SystemRequirementsLab

[15/12/2007|17:14] C:\Program Files\Teamspeak2_RC2

[07/12/2007|10:18] C:\Program Files\th_07.jpg

[11/12/2007|18:29] C:\Program Files\TI Education

[24/11/2007|00:54] C:\Program Files\Uninstall Information

[17/02/2008|19:18] C:\Program Files\VideoLAN

[01/12/2007|23:09] C:\Program Files\Virtools

[29/02/2008|10:46] C:\Program Files\Windows Live

[26/02/2008|16:11] C:\Program Files\Windows Live Safety Center

[24/11/2007|00:48] C:\Program Files\Windows Media Player

[24/11/2007|00:42] C:\Program Files\Windows NT

[24/11/2007|00:43] C:\Program Files\Windows Plus

[24/11/2007|00:46] C:\Program Files\WindowsUpdate

[25/12/2007|22:53] C:\Program Files\WinRAR

[18/02/2008|17:48] C:\Program Files\WinSCP

[09/01/2008|21:45] C:\Program Files\Wolfenstein - Enemy Territory

[24/11/2007|00:49] C:\Program Files\xerox

 

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

 

[13/02/2008|22:40] C:\Program Files\Fichiers communs\.

[13/02/2008|22:40] C:\Program Files\Fichiers communs\..

[13/02/2008|22:41] C:\Program Files\Fichiers communs\Adobe

[13/02/2008|20:26] C:\Program Files\Fichiers communs\Apple

[04/01/2008|13:54] C:\Program Files\Fichiers communs\InstallShield

[19/01/2008|11:43] C:\Program Files\Fichiers communs\Java

[17/01/2008|15:49] C:\Program Files\Fichiers communs\Microsoft Shared

[24/11/2007|00:45] C:\Program Files\Fichiers communs\MSSoap

[24/11/2007|01:37] C:\Program Files\Fichiers communs\ODBC

[24/11/2007|00:45] C:\Program Files\Fichiers communs\Services

[24/11/2007|01:37] C:\Program Files\Fichiers communs\SpeechEngines

[30/11/2007|13:17] C:\Program Files\Fichiers communs\System

[11/12/2007|18:29] C:\Program Files\Fichiers communs\TI Shared

[15/12/2007|19:54] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[11/12/2007|18:28] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

----------------------[ Recherche avec S_Lop ]---------------------

 

Aucun fichier / dossier Lop trouvé !

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

Aucun fichier / dossier Lop trouvé !

 

----------------------[ Verification du Registre ]----------------------

 

..... OK !

 

--------------------[ Verification du fichier Hosts ]---------------------

 

Fichier Hosts PROPRE

 

 

----------------[ Recherche de fichiers avec Catchme ]-----------------

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-29 14:53:15

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully

hidden files: 0

 

--------------------[ Recherche d'autres infections ]---------------------

 

Aucune autre infection trouvée !

 

/!\ [Fich:3][Doss:1] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp

/!\ [Fich:2][Doss:0] C:\DOCUME~1\ADMINI~1\Cookies

/!\ [Fich:6][Doss:4] C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------[ Fin du rapport a 14:53:24,13 ]----------------------

 

 

 

 

 

 

J'ai utilisé AtfCleaner

 

 

 

 

 

 

 

-II

 

 

 

 

Rapport HJT :

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:03:31, on 29/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\SYSTEM32\SWEEPER.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ActMak\ActMak25.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: ActMaker.lnk = C:\Program Files\ActMak\ActMak25.exe

O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe

O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195862231562

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

 

 

 

 

 

 

Rapport de suppression de lopSD :

 

 

 

 

 

 

 

-----------------------------[ Lop S&D 4.0.0 ]---------------------------

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Administrateur ] [ "C:\Lop SD" ]

[ 29/02/2008 | 15:05:04,87 ] [ PC : MCE2005 ]

[ MAJ : 26-02-2008 | 19:30 ]

 

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

-------------[ Listing des dossiers dans Application Data ]------------

 

[26/02/2008|00:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\.

[26/02/2008|00:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\..

[06/01/2008|14:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe

[16/02/2008|22:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

[26/02/2008|00:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Auslogics

[04/01/2008|14:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\BitTorrent

[24/11/2007|01:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini

[29/02/2008|13:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\DNA

[04/01/2008|10:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\DyNy Corporation '99

[22/02/2008|19:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\flaw online bows

[13/12/2007|19:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help

[24/11/2007|00:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[17/02/2008|21:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\ma-config.com

[25/11/2007|19:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia

[23/02/2008|10:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[25/11/2007|18:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

[25/11/2007|19:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun

[25/11/2007|18:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

[15/12/2007|17:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2

[25/11/2007|18:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird

[17/02/2008|19:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc

[25/12/2007|22:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

[13/12/2007|21:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\WordRider

 

[29/02/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.

[29/02/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..

[28/02/2008|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html

[13/02/2008|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[13/02/2008|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[13/02/2008|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[28/02/2008|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[24/11/2007|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[23/02/2008|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[15/12/2007|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[24/11/2007|01:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[04/01/2008|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[24/11/2007|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[27/02/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

 

[24/11/2007|01:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.

[24/11/2007|01:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..

[24/11/2007|01:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[24/11/2007|00:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[24/11/2007|00:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[24/11/2007|00:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\..

[24/11/2007|00:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[24/11/2007|00:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\.

[24/11/2007|00:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\..

[24/11/2007|00:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

 

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

 

[27/02/2008 12:38][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[29/02/2008 13:44][--ah-----] C:\WINDOWS\tasks\SA.DAT

[10/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[29/02/2008|13:18] C:\Program Files\.

[29/02/2008|13:18] C:\Program Files\..

[10/02/2008|18:50] C:\Program Files\ActMak

[13/02/2008|22:40] C:\Program Files\Adobe

[18/01/2008|18:43] C:\Program Files\Alwil Software

[13/02/2008|20:26] C:\Program Files\Apple Software Update

[27/02/2008|12:39] C:\Program Files\a-squared Free

[26/02/2008|00:28] C:\Program Files\Auslogics

[07/02/2008|22:18] C:\Program Files\AutoClick

[20/01/2008|09:53] C:\Program Files\bd.ini

[05/12/2007|14:15] C:\Program Files\bk2.jpg

[07/12/2007|10:05] C:\Program Files\bl_07.jpg

[04/01/2008|19:26] C:\Program Files\CamStudio

[25/02/2008|23:39] C:\Program Files\CCleaner

[25/02/2008|14:33] C:\Program Files\Cheat Engine

[07/12/2007|20:41] C:\Program Files\C-Media 3D Audio

[04/01/2008|13:54] C:\Program Files\Common Files

[24/11/2007|00:44] C:\Program Files\ComPlus Applications

[19/01/2008|10:43] C:\Program Files\Design Science

[13/02/2008|14:56] C:\Program Files\DivX

[04/01/2008|14:26] C:\Program Files\DNA

[05/12/2007|02:06] C:\Program Files\else.gif

[22/02/2008|21:00] C:\Program Files\Evil Msn

[13/02/2008|22:40] C:\Program Files\Fichiers communs

[22/02/2008|19:21] C:\Program Files\flaw online bows

[04/01/2008|19:26] C:\Program Files\Game Cam Lite v1.4

[26/02/2008|10:35] C:\Program Files\Ghostgum

[29/02/2008|15:03] C:\Program Files\HijackThis

[30/01/2008|16:01] C:\Program Files\HyCam2

[21/02/2008|20:15] C:\Program Files\InstallShield Installation Information

[29/02/2008|10:52] C:\Program Files\Internet Explorer

[13/02/2008|20:28] C:\Program Files\iPod

[13/02/2008|20:28] C:\Program Files\iTunes

[19/01/2008|11:44] C:\Program Files\Java

[29/02/2008|12:15] C:\Program Files\jv16 PowerTools

[17/02/2008|21:47] C:\Program Files\ma-config.com

[30/11/2007|13:18] C:\Program Files\Messenger

[22/02/2008|19:20] C:\Program Files\Messenger Plus! Live

[28/02/2008|21:10] C:\Program Files\MessengerDiscovery

[22/02/2008|17:31] C:\Program Files\MessengerPlus! 3

[24/11/2007|00:49] C:\Program Files\microsoft frontpage

[17/01/2008|15:49] C:\Program Files\Microsoft Office

[27/02/2008|23:51] C:\Program Files\Microsoft SQL Server Compact Edition

[24/11/2007|00:45] C:\Program Files\Movie Maker

[29/02/2008|14:02] C:\Program Files\Mozilla Firefox

[27/02/2008|19:52] C:\Program Files\Mozilla Thunderbird

[29/02/2008|11:57] C:\Program Files\MRU-Blaster

[23/01/2008|16:23] C:\Program Files\MSBuild

[24/11/2007|00:41] C:\Program Files\MSN

[24/11/2007|00:42] C:\Program Files\MSN Gaming Zone

[28/02/2008|21:10] C:\Program Files\MSN Messenger

[24/01/2008|22:13] C:\Program Files\MSXML 6.0

[24/11/2007|00:46] C:\Program Files\NetMeeting

[24/11/2007|00:43] C:\Program Files\Online Services

[29/02/2008|12:28] C:\Program Files\OO Software

[30/11/2007|13:17] C:\Program Files\Outlook Express

[29/12/2007|21:57] C:\Program Files\PhotoDeluxe BE 1.0 TO

[13/02/2008|20:27] C:\Program Files\QuickTime

[23/01/2008|16:19] C:\Program Files\Reference Assemblies

[26/02/2008|09:27] C:\Program Files\SCAR 2.03

[24/11/2007|00:46] C:\Program Files\Services en ligne

[30/12/2007|17:38] C:\Program Files\Sony Ericsson

[20/02/2008|21:14] C:\Program Files\StuffPlug3

[24/11/2007|00:59] C:\Program Files\SystemRequirementsLab

[15/12/2007|17:14] C:\Program Files\Teamspeak2_RC2

[07/12/2007|10:18] C:\Program Files\th_07.jpg

[11/12/2007|18:29] C:\Program Files\TI Education

[24/11/2007|00:54] C:\Program Files\Uninstall Information

[17/02/2008|19:18] C:\Program Files\VideoLAN

[01/12/2007|23:09] C:\Program Files\Virtools

[29/02/2008|10:46] C:\Program Files\Windows Live

[26/02/2008|16:11] C:\Program Files\Windows Live Safety Center

[24/11/2007|00:48] C:\Program Files\Windows Media Player

[24/11/2007|00:42] C:\Program Files\Windows NT

[24/11/2007|00:43] C:\Program Files\Windows Plus

[24/11/2007|00:46] C:\Program Files\WindowsUpdate

[25/12/2007|22:53] C:\Program Files\WinRAR

[18/02/2008|17:48] C:\Program Files\WinSCP

[09/01/2008|21:45] C:\Program Files\Wolfenstein - Enemy Territory

[24/11/2007|00:49] C:\Program Files\xerox

 

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

 

[13/02/2008|22:40] C:\Program Files\Fichiers communs\.

[13/02/2008|22:40] C:\Program Files\Fichiers communs\..

[13/02/2008|22:41] C:\Program Files\Fichiers communs\Adobe

[13/02/2008|20:26] C:\Program Files\Fichiers communs\Apple

[04/01/2008|13:54] C:\Program Files\Fichiers communs\InstallShield

[19/01/2008|11:43] C:\Program Files\Fichiers communs\Java

[17/01/2008|15:49] C:\Program Files\Fichiers communs\Microsoft Shared

[24/11/2007|00:45] C:\Program Files\Fichiers communs\MSSoap

[24/11/2007|01:37] C:\Program Files\Fichiers communs\ODBC

[24/11/2007|00:45] C:\Program Files\Fichiers communs\Services

[24/11/2007|01:37] C:\Program Files\Fichiers communs\SpeechEngines

[30/11/2007|13:17] C:\Program Files\Fichiers communs\System

[11/12/2007|18:29] C:\Program Files\Fichiers communs\TI Shared

[15/12/2007|19:54] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[11/12/2007|18:28] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

----------------------[ Recherche avec S_Lop ]---------------------

 

Aucun fichier / dossier Lop trouvé !

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

Aucun fichier / dossier Lop trouvé !

 

----------------------[ Verification du Registre ]----------------------

 

..... OK !

 

--------------------[ Verification du fichier Hosts ]---------------------

 

Fichier Hosts PROPRE

 

 

----------------[ Recherche de fichiers avec Catchme ]-----------------

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-29 15:05:46

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully

hidden files: 0

 

--------------------[ Recherche d'autres infections ]---------------------

 

Aucune autre infection trouvée !

 

/!\ [Fich:3][Doss:1] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp

/!\ [Fich:2][Doss:0] C:\DOCUME~1\ADMINI~1\Cookies

/!\ [Fich:6][Doss:4] C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------[ Fin du rapport a 15:05:56,50 ]----------------------

Modifié par Khorn

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...