Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Marre des pub Cid (resolu)

titecaro

Par titecaro
dans Analyses et éradication malwares

 Partager

Messages recommandés

titecaro Junior Member

titecaro

Posté(e)
Posté(e) (modifié)

Bonjour, j'ai un problème depuis un certain temps.

J'ai tout le temps des fenetres pub CiD qui s'affice et je n'arrive pas a m'en débarasser.

Si quelqu'un pouvait m'aider voici le rapport: (merci d'avance)

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:09:45, on 20/06/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJXHB5CI\HiJackThis[1].exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getad...t&x_dp_id=9

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [64 sect] "C:\ProgramData\Sizesendsend.n1xsck"

O4 - HKCU\..\Run: [Help Creative Meow City] "C:\ProgramData\Third axis mess.y9w4ik"

O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\Windows\TEMP\E_S63D4.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe

O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.orange.fr

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 8039 bytes

Modifié par titecaro

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bonjour, je confirme l'infection.

 

Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).

 

* Démarrer > Panneau de Configuration

* Double clique sur l'icône Comptes d'utilisateurs

* Clique ensuite sur Désactiver et valide.

 

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactiveras ensuite

 

Télécharge Lop S&D.exe sur ton bureau

 

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Sélectionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

 

( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide).

titecaro Junior Member

titecaro

Posté(e)
  • Auteur
Posté(e)

----------------------[ Lop S&D 4.2.1-6 XP/Vista ]---------------------

 

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]

[ USER : Caroline ] [ "C:\Lop SD" ] [ Selection : 1 ]

[ 20/06/2008 | 21:47:51,16 ] [ PC : PC-DE-CAROLINE ]

[ MAJ : 16-06-2008 | 23:01 ]

[ UAC => 0 ]

 

-------------[ Listing des dossiers dans Application Data ]------------

 

[18/06/2008|23:10] C:\Users\Caroline\AppData\Roaming\Adobe\Flash Player

[02/02/2008|21:02] C:\Users\Caroline\AppData\Roaming\Adobe\Linguistics

[02/02/2008|21:02] C:\Users\Caroline\AppData\Roaming\Adobe\Acrobat

 

[01/02/2008|19:51] C:\Users\Caroline\AppData\Roaming\ATI\ACE

 

[08/05/2008|13:55] C:\Users\Caroline\AppData\Roaming\EoRezo\db

[08/05/2008|13:53] C:\Users\Caroline\AppData\Roaming\EoRezo\eoDesktop

[20/04/2008|11:53] C:\Users\Caroline\AppData\Roaming\EoRezo\EoWeather

[29/03/2008|22:49] C:\Users\Caroline\AppData\Roaming\EoRezo\eoStats

 

[15/05/2008|22:11] C:\Users\Caroline\AppData\Roaming\Google\Local Search History

 

[09/02/2008|22:20] C:\Users\Caroline\AppData\Roaming\Hewlett-Packard\HPAdvisor

[01/02/2008|19:46] C:\Users\Caroline\AppData\Roaming\Hewlett-Packard\HP Software UI

 

[01/02/2008|19:51] C:\Users\Caroline\AppData\Roaming\Identities\{ADFEF2B4-4126-4FF0-982C-66776C85EA9F}

 

[08/03/2008|14:56] C:\Users\Caroline\AppData\Roaming\InstallShield\ISEngine12.0

 

[08/05/2008|15:36] C:\Users\Caroline\AppData\Roaming\ItsLabel\ItsTV

 

[05/02/2008|22:08] C:\Users\Caroline\AppData\Roaming\LGSync\3G

 

[01/02/2008|19:47] C:\Users\Caroline\AppData\Roaming\Macromedia\Flash Player

 

 

[18/06/2008|13:42] C:\Users\Caroline\AppData\Roaming\Microsoft\Office

[17/06/2008|18:54] C:\Users\Caroline\AppData\Roaming\Microsoft\ModŠles

[17/06/2008|18:54] C:\Users\Caroline\AppData\Roaming\Microsoft\Proof

[12/06/2008|19:58] C:\Users\Caroline\AppData\Roaming\Microsoft\Word

[10/06/2008|19:49] C:\Users\Caroline\AppData\Roaming\Microsoft\Windows Photo Gallery

[06/05/2008|22:22] C:\Users\Caroline\AppData\Roaming\Microsoft\MSN Messenger

[30/03/2008|16:16] C:\Users\Caroline\AppData\Roaming\Microsoft\Media Catalog

[25/03/2008|20:07] C:\Users\Caroline\AppData\Roaming\Microsoft\IdentityCRL

[10/03/2008|19:02] C:\Users\Caroline\AppData\Roaming\Microsoft\Speech

[09/03/2008|22:51] C:\Users\Caroline\AppData\Roaming\Microsoft\Crypto

[08/03/2008|18:12] C:\Users\Caroline\AppData\Roaming\Microsoft\WLTB Custom Buttons

[08/03/2008|18:12] C:\Users\Caroline\AppData\Roaming\Microsoft\MSNLiveFav

[08/03/2008|15:11] C:\Users\Caroline\AppData\Roaming\Microsoft\Internet Explorer

[08/03/2008|15:04] C:\Users\Caroline\AppData\Roaming\Microsoft\Network

[28/02/2008|20:51] C:\Users\Caroline\AppData\Roaming\Microsoft\FrontPage

[28/02/2008|20:51] C:\Users\Caroline\AppData\Roaming\Microsoft\PowerPoint

[28/02/2008|20:50] C:\Users\Caroline\AppData\Roaming\Microsoft\Outlook

[26/02/2008|19:32] C:\Users\Caroline\AppData\Roaming\Microsoft\Excel

[26/02/2008|19:32] C:\Users\Caroline\AppData\Roaming\Microsoft\Forms

[26/02/2008|19:25] C:\Users\Caroline\AppData\Roaming\Microsoft\Macros compl‚mentaires

[21/02/2008|20:01] C:\Users\Caroline\AppData\Roaming\Microsoft\Templates

[21/02/2008|19:55] C:\Users\Caroline\AppData\Roaming\Microsoft\Document Building Blocks

[21/02/2008|19:55] C:\Users\Caroline\AppData\Roaming\Microsoft\AddIns

[09/02/2008|21:19] C:\Users\Caroline\AppData\Roaming\Microsoft\MMC

[06/02/2008|20:28] C:\Users\Caroline\AppData\Roaming\Microsoft\Windows

[02/02/2008|14:19] C:\Users\Caroline\AppData\Roaming\Microsoft\HTML Help

[01/02/2008|20:15] C:\Users\Caroline\AppData\Roaming\Microsoft\eHome

[01/02/2008|19:55] C:\Users\Caroline\AppData\Roaming\Microsoft\?preuve

[01/02/2008|19:50] C:\Users\Caroline\AppData\Roaming\Microsoft\Protect

[01/02/2008|19:46] C:\Users\Caroline\AppData\Roaming\Microsoft\CLR Security Config

[01/02/2008|19:45] C:\Users\Caroline\AppData\Roaming\Microsoft\SystemCertificates

[01/02/2008|19:44] C:\Users\Caroline\AppData\Roaming\Microsoft\Credentials

 

 

[02/04/2008|18:46] C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox

 

[03/03/2008|19:30] C:\Users\Caroline\AppData\Roaming\muvee Technologies\UserProfiles

 

[10/06/2008|21:30] C:\Users\Caroline\AppData\Roaming\Real\RealPlayer

[14/04/2008|19:02] C:\Users\Caroline\AppData\Roaming\Real\RealMediaSDK

[14/04/2008|18:52] C:\Users\Caroline\AppData\Roaming\Real\Msg

[14/04/2008|18:52] C:\Users\Caroline\AppData\Roaming\Real\rnadmin

 

[28/03/2008|19:38] C:\Users\Caroline\AppData\Roaming\Roxio\MediaManager9

[03/03/2008|19:17] C:\Users\Caroline\AppData\Roaming\Roxio\Dragon

[02/02/2008|00:33] C:\Users\Caroline\AppData\Roaming\Roxio\RoxioCentral

 

 

 

[29/03/2008|22:49] C:\Users\Caroline\AppData\Roaming\vlc\cache

 

 

 

[18/06/2008|23:09] C:\Users\Caroline\AppData\Roaming\Yahoo!\Companion

 

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

 

[19/06/2008 23:44][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{94D9A3AD-5991-4AE3-97DD-7F2EDA388887}.job

[20/06/2008 21:41][--ah-----] C:\Windows\tasks\SA.DAT

[20/06/2008 21:40][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

------[ Listing des dossiers dans C:\ProgramData ]------

 

[10/02/2008|16:37] C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}

[18/10/2007|23:46] C:\ProgramData\Adobe

[06/06/2008|20:43] C:\ProgramData\aim rect help creative

[02/11/2006|15:02] C:\ProgramData\Application Data

[18/10/2007|23:37] C:\ProgramData\ATI

[06/06/2008|20:43] C:\ProgramData\BAGSTONSJUMP

[09/04/2008|15:53] C:\ProgramData\Bluetooth

[19/02/2008|00:11] C:\ProgramData\BOONTY

[01/02/2008|19:41] C:\ProgramData\Bureau

[02/11/2006|15:02] C:\ProgramData\Desktop

[02/11/2006|15:02] C:\ProgramData\Documents

[08/03/2008|19:30] C:\ProgramData\eMule

[10/06/2008|18:54] C:\ProgramData\EPSON

[01/02/2008|19:41] C:\ProgramData\Favoris

[02/11/2006|15:02] C:\ProgramData\Favorites

[18/10/2007|23:54] C:\ProgramData\Google

[01/02/2008|19:51] C:\ProgramData\Hewlett-Packard

[18/10/2007|23:37] C:\ProgramData\HP

[18/10/2007|23:37] C:\ProgramData\hpzinstall.log

[01/02/2008|19:41] C:\ProgramData\Menu D‚marrer

[19/06/2008|12:52] C:\ProgramData\Messenger Plus!

[14/03/2008|20:10] C:\ProgramData\Microsoft

[09/06/2008|13:12] C:\ProgramData\Microsoft Help

[01/02/2008|19:41] C:\ProgramData\ModŠles

[18/10/2007|23:45] C:\ProgramData\muvee Technologies

[18/10/2007|23:50] C:\ProgramData\PC-Doctor

[03/03/2008|19:28] C:\ProgramData\Roxio

[30/04/2008|18:49] C:\ProgramData\Sizesendsend.032jo

[03/05/2008|18:37] C:\ProgramData\Sizesendsend.0o8kgb8

[08/05/2008|00:25] C:\ProgramData\Sizesendsend.0tqik

[04/05/2008|19:42] C:\ProgramData\Sizesendsend.11v8xv

[04/05/2008|16:25] C:\ProgramData\Sizesendsend.142lho5

[02/05/2008|20:39] C:\ProgramData\Sizesendsend.1bxbg

[07/05/2008|14:16] C:\ProgramData\Sizesendsend.1pdtw

[07/05/2008|14:59] C:\ProgramData\Sizesendsend.1tfmb

[08/05/2008|13:24] C:\ProgramData\Sizesendsend.20u77za

[29/04/2008|18:27] C:\ProgramData\Sizesendsend.23mnzmp

[28/04/2008|22:55] C:\ProgramData\Sizesendsend.25uj6

[06/05/2008|23:39] C:\ProgramData\Sizesendsend.28tle9a

[30/04/2008|21:30] C:\ProgramData\Sizesendsend.2z675

[14/03/2008|19:07] C:\ProgramData\Sizesendsend.30nv0a

[04/05/2008|22:15] C:\ProgramData\Sizesendsend.38p7d

[30/04/2008|20:39] C:\ProgramData\Sizesendsend.39onb

[07/05/2008|13:54] C:\ProgramData\Sizesendsend.39xbg

[30/04/2008|19:33] C:\ProgramData\Sizesendsend.3gba2

[04/05/2008|18:14] C:\ProgramData\Sizesendsend.3gg9io0

[05/05/2008|20:08] C:\ProgramData\Sizesendsend.3pn6b

[28/04/2008|20:01] C:\ProgramData\Sizesendsend.592py1

[02/05/2008|19:33] C:\ProgramData\Sizesendsend.5l65p

[05/05/2008|23:15] C:\ProgramData\Sizesendsend.6f5z44

[03/05/2008|20:04] C:\ProgramData\Sizesendsend.7dlza

[03/05/2008|19:42] C:\ProgramData\Sizesendsend.7ms85o

[29/04/2008|20:32] C:\ProgramData\Sizesendsend.7qiaqbm

[02/05/2008|18:27] C:\ProgramData\Sizesendsend.7s542x

[02/05/2008|22:45] C:\ProgramData\Sizesendsend.7sgna

[28/03/2008|20:34] C:\ProgramData\Sizesendsend.83eh9ms

[06/05/2008|17:28] C:\ProgramData\Sizesendsend.87hqxo

[07/05/2008|14:38] C:\ProgramData\Sizesendsend.8ffozhf

[05/05/2008|19:46] C:\ProgramData\Sizesendsend.8fnl6

[06/05/2008|20:37] C:\ProgramData\Sizesendsend.923wyf

[04/05/2008|20:48] C:\ProgramData\Sizesendsend.9kwkq

[28/04/2008|20:45] C:\ProgramData\Sizesendsend.a200be0

[30/04/2008|22:57] C:\ProgramData\Sizesendsend.a4u661

[06/05/2008|20:15] C:\ProgramData\Sizesendsend.acasf4

[08/05/2008|14:15] C:\ProgramData\Sizesendsend.ahz8l

[29/04/2008|18:49] C:\ProgramData\Sizesendsend.aptw1if

[02/05/2008|18:49] C:\ProgramData\Sizesendsend.b3du7ip

[04/05/2008|13:30] C:\ProgramData\Sizesendsend.c1ecc

[04/05/2008|20:04] C:\ProgramData\Sizesendsend.cxbedej

[04/05/2008|16:03] C:\ProgramData\Sizesendsend.d0dcn00

[05/05/2008|22:54] C:\ProgramData\Sizesendsend.dg5gf4

[04/05/2008|14:14] C:\ProgramData\Sizesendsend.dl3jjv4

[07/05/2008|21:54] C:\ProgramData\Sizesendsend.dmq303

[08/05/2008|14:37] C:\ProgramData\Sizesendsend.dsebm

[29/04/2008|19:49] C:\ProgramData\Sizesendsend.ed1zcid

[04/05/2008|16:47] C:\ProgramData\Sizesendsend.efuat

[04/05/2008|14:57] C:\ProgramData\Sizesendsend.f9nvzg

[04/05/2008|22:37] C:\ProgramData\Sizesendsend.gbctw4v

[28/04/2008|18:56] C:\ProgramData\Sizesendsend.gg38z7

[28/04/2008|19:40] C:\ProgramData\Sizesendsend.glulsx

[02/05/2008|21:00] C:\ProgramData\Sizesendsend.gws2ruz

[28/04/2008|23:24] C:\ProgramData\Sizesendsend.gxexd7p

[28/04/2008|18:33] C:\ProgramData\Sizesendsend.hc9ei

[04/05/2008|14:36] C:\ProgramData\Sizesendsend.ibccgip

[29/04/2008|20:10] C:\ProgramData\Sizesendsend.k7ktuw

[28/04/2008|18:33] C:\ProgramData\Sizesendsend.kgfwse

[04/05/2008|15:19] C:\ProgramData\Sizesendsend.ks0f6k

[06/05/2008|22:11] C:\ProgramData\Sizesendsend.l8jpez

[30/04/2008|18:27] C:\ProgramData\Sizesendsend.ldadgg1

[30/04/2008|22:13] C:\ProgramData\Sizesendsend.m2vjp

[06/06/2008|20:43] C:\ProgramData\Sizesendsend.n1xsck

[07/05/2008|13:32] C:\ProgramData\Sizesendsend.n3q4t

[03/05/2008|19:20] C:\ProgramData\Sizesendsend.n5x15

[04/05/2008|21:31] C:\ProgramData\Sizesendsend.n9u3ru

[04/05/2008|18:58] C:\ProgramData\Sizesendsend.nlmqm

[06/05/2008|23:17] C:\ProgramData\Sizesendsend.nnblkk

[06/05/2008|19:31] C:\ProgramData\Sizesendsend.nyxe8b

[04/05/2008|17:31] C:\ProgramData\Sizesendsend.olm36

[04/05/2008|21:09] C:\ProgramData\Sizesendsend.on60kal

[06/05/2008|16:45] C:\ProgramData\Sizesendsend.oq2ro0

[06/05/2008|17:07] C:\ProgramData\Sizesendsend.p829zx

[04/05/2008|19:20] C:\ProgramData\Sizesendsend.p8o8fu

[28/04/2008|19:18] C:\ProgramData\Sizesendsend.qmv6j

[08/05/2008|13:46] C:\ProgramData\Sizesendsend.qnfpddb

[06/06/2008|20:43] C:\ProgramData\Sizesendsend.qvyfeej

[29/04/2008|22:58] C:\ProgramData\Sizesendsend.qxlb3a0

[04/05/2008|17:08] C:\ProgramData\Sizesendsend.rllcu

[30/04/2008|13:41] C:\ProgramData\Sizesendsend.rxhs7

[04/05/2008|21:53] C:\ProgramData\Sizesendsend.s1hu3h

[04/05/2008|18:36] C:\ProgramData\Sizesendsend.s67hdb

[05/05/2008|19:02] C:\ProgramData\Sizesendsend.sfdmy

[06/05/2008|19:53] C:\ProgramData\Sizesendsend.sht7t

[29/04/2008|18:06] C:\ProgramData\Sizesendsend.syrpe

[04/05/2008|12:46] C:\ProgramData\Sizesendsend.szn9o

[02/05/2008|19:55] C:\ProgramData\Sizesendsend.t27la

[06/05/2008|22:33] C:\ProgramData\Sizesendsend.t5xw5

[02/05/2008|21:22] C:\ProgramData\Sizesendsend.td7v08

[08/05/2008|00:04] C:\ProgramData\Sizesendsend.tjj51e

[04/05/2008|12:24] C:\ProgramData\Sizesendsend.u3nj22m

[06/05/2008|22:55] C:\ProgramData\Sizesendsend.u5ejk

[04/05/2008|15:41] C:\ProgramData\Sizesendsend.ucavhq

[30/04/2008|22:35] C:\ProgramData\Sizesendsend.ur98c

[02/05/2008|18:06] C:\ProgramData\Sizesendsend.uzho0fl

[29/04/2008|22:36] C:\ProgramData\Sizesendsend.vgag9n

[04/05/2008|13:52] C:\ProgramData\Sizesendsend.vqd8l

[04/05/2008|17:53] C:\ProgramData\Sizesendsend.x9i6i5

[04/05/2008|13:08] C:\ProgramData\Sizesendsend.xbrm3ju

[30/04/2008|20:17] C:\ProgramData\Sizesendsend.xd2mf

[05/05/2008|19:24] C:\ProgramData\Sizesendsend.xfu00

[06/05/2008|19:10] C:\ProgramData\Sizesendsend.xwgqz

[04/05/2008|22:59] C:\ProgramData\Sizesendsend.xxsbz

[02/05/2008|20:17] C:\ProgramData\Sizesendsend.xyl7ia

[02/05/2008|19:11] C:\ProgramData\Sizesendsend.yj8s5

[04/05/2008|12:03] C:\ProgramData\Sizesendsend.ytor5y

[30/04/2008|19:12] C:\ProgramData\Sizesendsend.yvk79

[03/05/2008|18:59] C:\ProgramData\Sizesendsend.z0znd4

[30/04/2008|19:55] C:\ProgramData\Sizesendsend.z27er4o

[30/04/2008|21:52] C:\ProgramData\Sizesendsend.z3olj2

[04/05/2008|20:25] C:\ProgramData\Sizesendsend.z6ih5m

[28/04/2008|20:23] C:\ProgramData\Sizesendsend.zod7v

[18/10/2007|23:38] C:\ProgramData\Sonic

[02/11/2006|15:02] C:\ProgramData\Start Menu

[08/05/2008|15:52] C:\ProgramData\Symantec

[03/03/2008|19:29] C:\ProgramData\TEMP

[02/11/2006|15:02] C:\ProgramData\Templates

[06/06/2008|20:43] C:\ProgramData\Third axis mess.y9w4ik

[10/06/2008|19:00] C:\ProgramData\UDL

[18/06/2008|23:13] C:\ProgramData\WLInstaller

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[10/02/2008|16:37] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

[18/10/2007|23:46] C:\Program Files\Adobe

[08/03/2008|15:20] C:\Program Files\Alwil Software

[18/10/2007|23:32] C:\Program Files\ATI

[18/10/2007|23:33] C:\Program Files\ATI Technologies

[19/02/2008|00:11] C:\Program Files\Boonty

[19/02/2008|00:11] C:\Program Files\BoontyGames

[08/05/2008|15:47] C:\Program Files\Common Files

[06/03/2008|15:04] C:\Program Files\Damien DOISELET

[09/03/2008|13:44] C:\Program Files\desktop.ini

[19/10/2007|08:39] C:\Program Files\EasyBits

[08/03/2008|19:29] C:\Program Files\eMule

[08/05/2008|15:37] C:\Program Files\EoRezo

[10/06/2008|18:56] C:\Program Files\epson

[10/06/2008|18:57] C:\Program Files\EPSON Print CD

[01/02/2008|19:41] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]

[08/03/2008|15:10] C:\Program Files\Google

[18/10/2007|23:52] C:\Program Files\Hewlett-Packard

[18/10/2007|23:47] C:\Program Files\HP

[17/06/2008|18:48] C:\Program Files\Icone

[10/06/2008|19:06] C:\Program Files\InstallShield Installation Information

[11/06/2008|11:54] C:\Program Files\Internet Explorer

[09/04/2008|14:16] C:\Program Files\IVT Corporation

[18/10/2007|23:47] C:\Program Files\Java

[04/04/2008|18:04] C:\Program Files\JCA2000

[17/06/2008|18:48] C:\Program Files\LETMIN

[18/06/2008|23:22] C:\Program Files\Messenger Plus! Live

[09/03/2008|13:08] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[26/02/2008|19:21] C:\Program Files\Microsoft FrontPage

[02/11/2006|14:37] C:\Program Files\Microsoft Games

[26/02/2008|19:18] C:\Program Files\Microsoft Office

[08/03/2008|18:10] C:\Program Files\Microsoft SQL Server Compact Edition

[26/02/2008|19:22] C:\Program Files\Microsoft Visual Studio

[10/02/2008|16:36] C:\Program Files\Microsoft Works

[10/02/2008|16:35] C:\Program Files\Microsoft.NET

[22/05/2008|18:02] C:\Program Files\MioNet

[19/10/2007|08:51] C:\Program Files\Movie Maker

[02/04/2008|18:46] C:\Program Files\Mozilla Firefox

[02/11/2006|14:37] C:\Program Files\MSBuild

[03/02/2008|18:52] C:\Program Files\MSECache

[02/11/2006|14:37] C:\Program Files\MSN

[08/03/2008|18:54] C:\Program Files\MSXML 4.0

[18/10/2007|23:45] C:\Program Files\muvee Technologies

[08/03/2008|15:02] C:\Program Files\Orange HSS

[19/10/2007|00:06] C:\Program Files\PC-Doctor 5 for Windows

[22/05/2008|15:34] C:\Program Files\Philips

[14/04/2008|18:52] C:\Program Files\Real

[18/10/2007|23:35] C:\Program Files\Realtek

[02/11/2006|14:37] C:\Program Files\Reference Assemblies

[18/10/2007|23:44] C:\Program Files\Roxio

[08/03/2008|14:56] C:\Program Files\SAGEM

[08/03/2008|14:52] C:\Program Files\Securitoo

[18/10/2007|23:54] C:\Program Files\Services en ligne

[02/11/2006|15:01] C:\Program Files\Uninstall Information

[29/03/2008|22:48] C:\Program Files\VideoLAN

[09/03/2008|13:40] C:\Program Files\Windows Calendar

[19/10/2007|08:51] C:\Program Files\Windows Collaboration

[19/10/2007|08:58] C:\Program Files\Windows Defender

[19/10/2007|08:51] C:\Program Files\Windows Journal

[10/06/2008|18:15] C:\Program Files\Windows Live

[10/06/2008|18:05] C:\Program Files\Windows Live Toolbar

[11/06/2008|11:54] C:\Program Files\Windows Mail

[09/03/2008|13:40] C:\Program Files\Windows Media Player

[01/02/2008|19:41] C:\Program Files\Windows NT

[19/10/2007|08:51] C:\Program Files\Windows Photo Gallery

[09/03/2008|13:40] C:\Program Files\Windows Sidebar

[18/06/2008|23:11] C:\Program Files\Yahoo!

 

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

 

[18/10/2007|23:46] C:\Program Files\Common Files\Adobe

[06/03/2008|15:12] C:\Program Files\Common Files\Alhademic Group

[10/02/2008|16:35] C:\Program Files\Common Files\DESIGNER

[08/03/2008|14:59] C:\Program Files\Common Files\France Telecom

[18/10/2007|23:37] C:\Program Files\Common Files\HP

[10/06/2008|19:03] C:\Program Files\Common Files\InstallShield

[18/10/2007|23:46] C:\Program Files\Common Files\Java

[18/10/2007|23:45] C:\Program Files\Common Files\LightScribe

[18/10/2007|23:45] C:\Program Files\Common Files\LS Getting Started

[09/06/2008|13:10] C:\Program Files\Common Files\microsoft shared

[18/10/2007|23:45] C:\Program Files\Common Files\muvee Technologies

[18/10/2007|23:44] C:\Program Files\Common Files\PX Storage Engine

[14/04/2008|18:52] C:\Program Files\Common Files\Real

[18/10/2007|23:44] C:\Program Files\Common Files\Roxio Shared

[02/11/2006|13:18] C:\Program Files\Common Files\Services

[18/10/2007|23:44] C:\Program Files\Common Files\Sonic Shared

[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines

[18/10/2007|23:38] C:\Program Files\Common Files\SureThing Shared

[08/05/2008|15:48] C:\Program Files\Common Files\Symantec Shared

[26/02/2008|19:21] C:\Program Files\Common Files\System

[08/03/2008|18:01] C:\Program Files\Common Files\WindowsLiveInstaller

[14/04/2008|18:52] C:\Program Files\Common Files\xing shared

 

---------------------------[ Process ]--------------------------

 

... 58

 

iexplore.exe ~ [3532]

iexplore.exe ~ [3704]

iexplore.exe ~ [2376]

 

----------------------[ Recherche avec S_Lop ]---------------------

 

C:\ProgramData\Third axis mess.y9w4ik

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

C:\ProgramData\aim rect help creative

C:\ProgramData\aim rect help creative\love pop.exe

C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@banner.cotedazurpalace[2].txt

C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@cotedazurpalace[1].txt

C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@adopt.euroclick[1].txt

C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@partygaming.122.2o7[1].txt

C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@partypoker[1].txt

C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@2xmoinscher[2].txt

C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@www.2xmoinscher[2].txt

 

----------------------[ Verification du Registre ]----------------------

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Help Creative Meow City"="\"C:\\ProgramData\\Third axis mess.y9w4ik\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

--------------------[ Verification du fichier Hosts ]---------------------

 

Fichier Hosts PROPRE

 

 

----------------[ Recherche de fichiers avec Catchme ]-----------------

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-20 21:48:15

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------[ Recherche d'autres infections ]---------------------

 

 

Aucune autre infection trouvée !

 

[F:32][D:9]-> C:\Users\Caroline\AppData\Local\Temp

[F:1247][D:1]-> C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies

[F:1185][D:8]-> C:\Users\Caroline\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:21][D:6]-> C:\$Recycle.Bin

 

[ UAC => 1 ]

 

--------------------[ Fin du rapport a 21:48:41,18 ]----------------------

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Il y a du monde ! Le sponsor MSNPlus! sans doute. (ne pas réinstaller le sponsor)

 

Re-désactive l'UAC (même manip).

 

Relance Lop S&D

 

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

Réactive l'UAC (même endroit, manip inverse).

titecaro Junior Member

titecaro

Posté(e)
  • Auteur
Posté(e)

-----------------------[ Lop S&D 4.2.1-6 XP/Vista ]---------------------

 

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]

[ USER : Caroline ] [ "C:\Lop SD" ] [ Selection : 2 ]

[ 21/06/2008 | 16:14:48,23 ] [ PC : PC-DE-CAROLINE ]

[ MAJ : 16-06-2008 | 23:01 ]

[ UAC => 0 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

 

Echec ! - C:\ProgramData\aim rect help creative\love pop.exe

Supprimé! - C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@banner.cotedazurpalace[2].txt

Supprimé! - C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@cotedazurpalace[1].txt

Supprimé! - C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@partygaming.122.2o7[1].txt

Supprimé! - C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@partypoker[1].txt

Supprimé! - C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@2xmoinscher[2].txt

Supprimé! - C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@www.2xmoinscher[2].txt

Supprimé! - C:\ProgramData\Third axis mess.y9w4ik

Echec ! - C:\ProgramData\aim rect help creative

Restauré! - Fichier Hosts

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////

 

Echec ! - C:\ProgramData\aim rect help creative\love pop.exe

Echec ! - C:\ProgramData\aim rect help creative

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

-------------[ Listing des dossiers dans Application Data ]------------

 

[18/06/2008|23:10] C:\Users\Caroline\AppData\Roaming\Adobe\Flash Player

[02/02/2008|21:02] C:\Users\Caroline\AppData\Roaming\Adobe\Linguistics

[02/02/2008|21:02] C:\Users\Caroline\AppData\Roaming\Adobe\Acrobat

 

[01/02/2008|19:51] C:\Users\Caroline\AppData\Roaming\ATI\ACE

 

[08/05/2008|13:55] C:\Users\Caroline\AppData\Roaming\EoRezo\db

[08/05/2008|13:53] C:\Users\Caroline\AppData\Roaming\EoRezo\eoDesktop

[20/04/2008|11:53] C:\Users\Caroline\AppData\Roaming\EoRezo\EoWeather

[29/03/2008|22:49] C:\Users\Caroline\AppData\Roaming\EoRezo\eoStats

 

[15/05/2008|22:11] C:\Users\Caroline\AppData\Roaming\Google\Local Search History

 

[09/02/2008|22:20] C:\Users\Caroline\AppData\Roaming\Hewlett-Packard\HPAdvisor

[01/02/2008|19:46] C:\Users\Caroline\AppData\Roaming\Hewlett-Packard\HP Software UI

 

[01/02/2008|19:51] C:\Users\Caroline\AppData\Roaming\Identities\{ADFEF2B4-4126-4FF0-982C-66776C85EA9F}

 

[08/03/2008|14:56] C:\Users\Caroline\AppData\Roaming\InstallShield\ISEngine12.0

 

[08/05/2008|15:36] C:\Users\Caroline\AppData\Roaming\ItsLabel\ItsTV

 

[05/02/2008|22:08] C:\Users\Caroline\AppData\Roaming\LGSync\3G

 

[01/02/2008|19:47] C:\Users\Caroline\AppData\Roaming\Macromedia\Flash Player

 

 

[18/06/2008|13:42] C:\Users\Caroline\AppData\Roaming\Microsoft\Office

[17/06/2008|18:54] C:\Users\Caroline\AppData\Roaming\Microsoft\ModŠles

[17/06/2008|18:54] C:\Users\Caroline\AppData\Roaming\Microsoft\Proof

[12/06/2008|19:58] C:\Users\Caroline\AppData\Roaming\Microsoft\Word

[10/06/2008|19:49] C:\Users\Caroline\AppData\Roaming\Microsoft\Windows Photo Gallery

[06/05/2008|22:22] C:\Users\Caroline\AppData\Roaming\Microsoft\MSN Messenger

[30/03/2008|16:16] C:\Users\Caroline\AppData\Roaming\Microsoft\Media Catalog

[25/03/2008|20:07] C:\Users\Caroline\AppData\Roaming\Microsoft\IdentityCRL

[10/03/2008|19:02] C:\Users\Caroline\AppData\Roaming\Microsoft\Speech

[09/03/2008|22:51] C:\Users\Caroline\AppData\Roaming\Microsoft\Crypto

[08/03/2008|18:12] C:\Users\Caroline\AppData\Roaming\Microsoft\WLTB Custom Buttons

[08/03/2008|18:12] C:\Users\Caroline\AppData\Roaming\Microsoft\MSNLiveFav

[08/03/2008|15:11] C:\Users\Caroline\AppData\Roaming\Microsoft\Internet Explorer

[08/03/2008|15:04] C:\Users\Caroline\AppData\Roaming\Microsoft\Network

[28/02/2008|20:51] C:\Users\Caroline\AppData\Roaming\Microsoft\FrontPage

[28/02/2008|20:51] C:\Users\Caroline\AppData\Roaming\Microsoft\PowerPoint

[28/02/2008|20:50] C:\Users\Caroline\AppData\Roaming\Microsoft\Outlook

[26/02/2008|19:32] C:\Users\Caroline\AppData\Roaming\Microsoft\Excel

[26/02/2008|19:32] C:\Users\Caroline\AppData\Roaming\Microsoft\Forms

[26/02/2008|19:25] C:\Users\Caroline\AppData\Roaming\Microsoft\Macros compl‚mentaires

[21/02/2008|20:01] C:\Users\Caroline\AppData\Roaming\Microsoft\Templates

[21/02/2008|19:55] C:\Users\Caroline\AppData\Roaming\Microsoft\Document Building Blocks

[21/02/2008|19:55] C:\Users\Caroline\AppData\Roaming\Microsoft\AddIns

[09/02/2008|21:19] C:\Users\Caroline\AppData\Roaming\Microsoft\MMC

[06/02/2008|20:28] C:\Users\Caroline\AppData\Roaming\Microsoft\Windows

[02/02/2008|14:19] C:\Users\Caroline\AppData\Roaming\Microsoft\HTML Help

[01/02/2008|20:15] C:\Users\Caroline\AppData\Roaming\Microsoft\eHome

[01/02/2008|19:55] C:\Users\Caroline\AppData\Roaming\Microsoft\?preuve

[01/02/2008|19:50] C:\Users\Caroline\AppData\Roaming\Microsoft\Protect

[01/02/2008|19:46] C:\Users\Caroline\AppData\Roaming\Microsoft\CLR Security Config

[01/02/2008|19:45] C:\Users\Caroline\AppData\Roaming\Microsoft\SystemCertificates

[01/02/2008|19:44] C:\Users\Caroline\AppData\Roaming\Microsoft\Credentials

 

 

[02/04/2008|18:46] C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox

 

[03/03/2008|19:30] C:\Users\Caroline\AppData\Roaming\muvee Technologies\UserProfiles

 

[10/06/2008|21:30] C:\Users\Caroline\AppData\Roaming\Real\RealPlayer

[14/04/2008|19:02] C:\Users\Caroline\AppData\Roaming\Real\RealMediaSDK

[14/04/2008|18:52] C:\Users\Caroline\AppData\Roaming\Real\Msg

[14/04/2008|18:52] C:\Users\Caroline\AppData\Roaming\Real\rnadmin

 

[28/03/2008|19:38] C:\Users\Caroline\AppData\Roaming\Roxio\MediaManager9

[03/03/2008|19:17] C:\Users\Caroline\AppData\Roaming\Roxio\Dragon

[02/02/2008|00:33] C:\Users\Caroline\AppData\Roaming\Roxio\RoxioCentral

 

 

 

[29/03/2008|22:49] C:\Users\Caroline\AppData\Roaming\vlc\cache

 

 

 

[18/06/2008|23:09] C:\Users\Caroline\AppData\Roaming\Yahoo!\Companion

 

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

 

[21/06/2008 13:07][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{94D9A3AD-5991-4AE3-97DD-7F2EDA388887}.job

[21/06/2008 16:11][--ah-----] C:\Windows\tasks\SA.DAT

[21/06/2008 16:10][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

------[ Listing des dossiers dans C:\ProgramData ]------

 

[10/02/2008|16:37] C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}

[18/10/2007|23:46] C:\ProgramData\Adobe

[06/06/2008|20:43] C:\ProgramData\aim rect help creative

[02/11/2006|15:02] C:\ProgramData\Application Data

[18/10/2007|23:37] C:\ProgramData\ATI

[21/06/2008|13:12] C:\ProgramData\BAGSTONSJUMP

[09/04/2008|15:53] C:\ProgramData\Bluetooth

[19/02/2008|00:11] C:\ProgramData\BOONTY

[01/02/2008|19:41] C:\ProgramData\Bureau

[02/11/2006|15:02] C:\ProgramData\Desktop

[02/11/2006|15:02] C:\ProgramData\Documents

[08/03/2008|19:30] C:\ProgramData\eMule

[10/06/2008|18:54] C:\ProgramData\EPSON

[01/02/2008|19:41] C:\ProgramData\Favoris

[02/11/2006|15:02] C:\ProgramData\Favorites

[18/10/2007|23:54] C:\ProgramData\Google

[01/02/2008|19:51] C:\ProgramData\Hewlett-Packard

[18/10/2007|23:37] C:\ProgramData\HP

[18/10/2007|23:37] C:\ProgramData\hpzinstall.log

[01/02/2008|19:41] C:\ProgramData\Menu D‚marrer

[19/06/2008|12:52] C:\ProgramData\Messenger Plus!

[14/03/2008|20:10] C:\ProgramData\Microsoft

[09/06/2008|13:12] C:\ProgramData\Microsoft Help

[01/02/2008|19:41] C:\ProgramData\ModŠles

[18/10/2007|23:45] C:\ProgramData\muvee Technologies

[18/10/2007|23:50] C:\ProgramData\PC-Doctor

[03/03/2008|19:28] C:\ProgramData\Roxio

[30/04/2008|18:49] C:\ProgramData\Sizesendsend.032jo

[03/05/2008|18:37] C:\ProgramData\Sizesendsend.0o8kgb8

[08/05/2008|00:25] C:\ProgramData\Sizesendsend.0tqik

[04/05/2008|19:42] C:\ProgramData\Sizesendsend.11v8xv

[04/05/2008|16:25] C:\ProgramData\Sizesendsend.142lho5

[02/05/2008|20:39] C:\ProgramData\Sizesendsend.1bxbg

[07/05/2008|14:16] C:\ProgramData\Sizesendsend.1pdtw

[07/05/2008|14:59] C:\ProgramData\Sizesendsend.1tfmb

[08/05/2008|13:24] C:\ProgramData\Sizesendsend.20u77za

[29/04/2008|18:27] C:\ProgramData\Sizesendsend.23mnzmp

[28/04/2008|22:55] C:\ProgramData\Sizesendsend.25uj6

[06/05/2008|23:39] C:\ProgramData\Sizesendsend.28tle9a

[30/04/2008|21:30] C:\ProgramData\Sizesendsend.2z675

[14/03/2008|19:07] C:\ProgramData\Sizesendsend.30nv0a

[04/05/2008|22:15] C:\ProgramData\Sizesendsend.38p7d

[30/04/2008|20:39] C:\ProgramData\Sizesendsend.39onb

[07/05/2008|13:54] C:\ProgramData\Sizesendsend.39xbg

[30/04/2008|19:33] C:\ProgramData\Sizesendsend.3gba2

[04/05/2008|18:14] C:\ProgramData\Sizesendsend.3gg9io0

[05/05/2008|20:08] C:\ProgramData\Sizesendsend.3pn6b

[28/04/2008|20:01] C:\ProgramData\Sizesendsend.592py1

[02/05/2008|19:33] C:\ProgramData\Sizesendsend.5l65p

[05/05/2008|23:15] C:\ProgramData\Sizesendsend.6f5z44

[03/05/2008|20:04] C:\ProgramData\Sizesendsend.7dlza

[03/05/2008|19:42] C:\ProgramData\Sizesendsend.7ms85o

[29/04/2008|20:32] C:\ProgramData\Sizesendsend.7qiaqbm

[02/05/2008|18:27] C:\ProgramData\Sizesendsend.7s542x

[02/05/2008|22:45] C:\ProgramData\Sizesendsend.7sgna

[28/03/2008|20:34] C:\ProgramData\Sizesendsend.83eh9ms

[06/05/2008|17:28] C:\ProgramData\Sizesendsend.87hqxo

[07/05/2008|14:38] C:\ProgramData\Sizesendsend.8ffozhf

[05/05/2008|19:46] C:\ProgramData\Sizesendsend.8fnl6

[06/05/2008|20:37] C:\ProgramData\Sizesendsend.923wyf

[04/05/2008|20:48] C:\ProgramData\Sizesendsend.9kwkq

[28/04/2008|20:45] C:\ProgramData\Sizesendsend.a200be0

[30/04/2008|22:57] C:\ProgramData\Sizesendsend.a4u661

[06/05/2008|20:15] C:\ProgramData\Sizesendsend.acasf4

[08/05/2008|14:15] C:\ProgramData\Sizesendsend.ahz8l

[29/04/2008|18:49] C:\ProgramData\Sizesendsend.aptw1if

[02/05/2008|18:49] C:\ProgramData\Sizesendsend.b3du7ip

[04/05/2008|13:30] C:\ProgramData\Sizesendsend.c1ecc

[04/05/2008|20:04] C:\ProgramData\Sizesendsend.cxbedej

[04/05/2008|16:03] C:\ProgramData\Sizesendsend.d0dcn00

[05/05/2008|22:54] C:\ProgramData\Sizesendsend.dg5gf4

[04/05/2008|14:14] C:\ProgramData\Sizesendsend.dl3jjv4

[07/05/2008|21:54] C:\ProgramData\Sizesendsend.dmq303

[08/05/2008|14:37] C:\ProgramData\Sizesendsend.dsebm

[29/04/2008|19:49] C:\ProgramData\Sizesendsend.ed1zcid

[04/05/2008|16:47] C:\ProgramData\Sizesendsend.efuat

[04/05/2008|14:57] C:\ProgramData\Sizesendsend.f9nvzg

[04/05/2008|22:37] C:\ProgramData\Sizesendsend.gbctw4v

[28/04/2008|18:56] C:\ProgramData\Sizesendsend.gg38z7

[28/04/2008|19:40] C:\ProgramData\Sizesendsend.glulsx

[02/05/2008|21:00] C:\ProgramData\Sizesendsend.gws2ruz

[28/04/2008|23:24] C:\ProgramData\Sizesendsend.gxexd7p

[28/04/2008|18:33] C:\ProgramData\Sizesendsend.hc9ei

[04/05/2008|14:36] C:\ProgramData\Sizesendsend.ibccgip

[29/04/2008|20:10] C:\ProgramData\Sizesendsend.k7ktuw

[28/04/2008|18:33] C:\ProgramData\Sizesendsend.kgfwse

[04/05/2008|15:19] C:\ProgramData\Sizesendsend.ks0f6k

[06/05/2008|22:11] C:\ProgramData\Sizesendsend.l8jpez

[30/04/2008|18:27] C:\ProgramData\Sizesendsend.ldadgg1

[30/04/2008|22:13] C:\ProgramData\Sizesendsend.m2vjp

[06/06/2008|20:43] C:\ProgramData\Sizesendsend.n1xsck

[07/05/2008|13:32] C:\ProgramData\Sizesendsend.n3q4t

[03/05/2008|19:20] C:\ProgramData\Sizesendsend.n5x15

[04/05/2008|21:31] C:\ProgramData\Sizesendsend.n9u3ru

[04/05/2008|18:58] C:\ProgramData\Sizesendsend.nlmqm

[06/05/2008|23:17] C:\ProgramData\Sizesendsend.nnblkk

[06/05/2008|19:31] C:\ProgramData\Sizesendsend.nyxe8b

[04/05/2008|17:31] C:\ProgramData\Sizesendsend.olm36

[04/05/2008|21:09] C:\ProgramData\Sizesendsend.on60kal

[06/05/2008|16:45] C:\ProgramData\Sizesendsend.oq2ro0

[06/05/2008|17:07] C:\ProgramData\Sizesendsend.p829zx

[04/05/2008|19:20] C:\ProgramData\Sizesendsend.p8o8fu

[28/04/2008|19:18] C:\ProgramData\Sizesendsend.qmv6j

[08/05/2008|13:46] C:\ProgramData\Sizesendsend.qnfpddb

[06/06/2008|20:43] C:\ProgramData\Sizesendsend.qvyfeej

[29/04/2008|22:58] C:\ProgramData\Sizesendsend.qxlb3a0

[04/05/2008|17:08] C:\ProgramData\Sizesendsend.rllcu

[30/04/2008|13:41] C:\ProgramData\Sizesendsend.rxhs7

[04/05/2008|21:53] C:\ProgramData\Sizesendsend.s1hu3h

[04/05/2008|18:36] C:\ProgramData\Sizesendsend.s67hdb

[05/05/2008|19:02] C:\ProgramData\Sizesendsend.sfdmy

[06/05/2008|19:53] C:\ProgramData\Sizesendsend.sht7t

[29/04/2008|18:06] C:\ProgramData\Sizesendsend.syrpe

[04/05/2008|12:46] C:\ProgramData\Sizesendsend.szn9o

[02/05/2008|19:55] C:\ProgramData\Sizesendsend.t27la

[06/05/2008|22:33] C:\ProgramData\Sizesendsend.t5xw5

[02/05/2008|21:22] C:\ProgramData\Sizesendsend.td7v08

[08/05/2008|00:04] C:\ProgramData\Sizesendsend.tjj51e

[04/05/2008|12:24] C:\ProgramData\Sizesendsend.u3nj22m

[06/05/2008|22:55] C:\ProgramData\Sizesendsend.u5ejk

[04/05/2008|15:41] C:\ProgramData\Sizesendsend.ucavhq

[30/04/2008|22:35] C:\ProgramData\Sizesendsend.ur98c

[02/05/2008|18:06] C:\ProgramData\Sizesendsend.uzho0fl

[29/04/2008|22:36] C:\ProgramData\Sizesendsend.vgag9n

[04/05/2008|13:52] C:\ProgramData\Sizesendsend.vqd8l

[04/05/2008|17:53] C:\ProgramData\Sizesendsend.x9i6i5

[04/05/2008|13:08] C:\ProgramData\Sizesendsend.xbrm3ju

[30/04/2008|20:17] C:\ProgramData\Sizesendsend.xd2mf

[05/05/2008|19:24] C:\ProgramData\Sizesendsend.xfu00

[06/05/2008|19:10] C:\ProgramData\Sizesendsend.xwgqz

[04/05/2008|22:59] C:\ProgramData\Sizesendsend.xxsbz

[02/05/2008|20:17] C:\ProgramData\Sizesendsend.xyl7ia

[02/05/2008|19:11] C:\ProgramData\Sizesendsend.yj8s5

[04/05/2008|12:03] C:\ProgramData\Sizesendsend.ytor5y

[30/04/2008|19:12] C:\ProgramData\Sizesendsend.yvk79

[03/05/2008|18:59] C:\ProgramData\Sizesendsend.z0znd4

[30/04/2008|19:55] C:\ProgramData\Sizesendsend.z27er4o

[30/04/2008|21:52] C:\ProgramData\Sizesendsend.z3olj2

[04/05/2008|20:25] C:\ProgramData\Sizesendsend.z6ih5m

[28/04/2008|20:23] C:\ProgramData\Sizesendsend.zod7v

[18/10/2007|23:38] C:\ProgramData\Sonic

[02/11/2006|15:02] C:\ProgramData\Start Menu

[08/05/2008|15:52] C:\ProgramData\Symantec

[03/03/2008|19:29] C:\ProgramData\TEMP

[02/11/2006|15:02] C:\ProgramData\Templates

[10/06/2008|19:00] C:\ProgramData\UDL

[18/06/2008|23:13] C:\ProgramData\WLInstaller

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[10/02/2008|16:37] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

[18/10/2007|23:46] C:\Program Files\Adobe

[08/03/2008|15:20] C:\Program Files\Alwil Software

[18/10/2007|23:32] C:\Program Files\ATI

[18/10/2007|23:33] C:\Program Files\ATI Technologies

[19/02/2008|00:11] C:\Program Files\Boonty

[19/02/2008|00:11] C:\Program Files\BoontyGames

[08/05/2008|15:47] C:\Program Files\Common Files

[06/03/2008|15:04] C:\Program Files\Damien DOISELET

[09/03/2008|13:44] C:\Program Files\desktop.ini

[19/10/2007|08:39] C:\Program Files\EasyBits

[08/03/2008|19:29] C:\Program Files\eMule

[08/05/2008|15:37] C:\Program Files\EoRezo

[10/06/2008|18:56] C:\Program Files\epson

[10/06/2008|18:57] C:\Program Files\EPSON Print CD

[01/02/2008|19:41] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]

[08/03/2008|15:10] C:\Program Files\Google

[18/10/2007|23:52] C:\Program Files\Hewlett-Packard

[18/10/2007|23:47] C:\Program Files\HP

[17/06/2008|18:48] C:\Program Files\Icone

[10/06/2008|19:06] C:\Program Files\InstallShield Installation Information

[11/06/2008|11:54] C:\Program Files\Internet Explorer

[09/04/2008|14:16] C:\Program Files\IVT Corporation

[18/10/2007|23:47] C:\Program Files\Java

[04/04/2008|18:04] C:\Program Files\JCA2000

[17/06/2008|18:48] C:\Program Files\LETMIN

[18/06/2008|23:22] C:\Program Files\Messenger Plus! Live

[09/03/2008|13:08] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[26/02/2008|19:21] C:\Program Files\Microsoft FrontPage

[02/11/2006|14:37] C:\Program Files\Microsoft Games

[26/02/2008|19:18] C:\Program Files\Microsoft Office

[08/03/2008|18:10] C:\Program Files\Microsoft SQL Server Compact Edition

[26/02/2008|19:22] C:\Program Files\Microsoft Visual Studio

[10/02/2008|16:36] C:\Program Files\Microsoft Works

[10/02/2008|16:35] C:\Program Files\Microsoft.NET

[22/05/2008|18:02] C:\Program Files\MioNet

[19/10/2007|08:51] C:\Program Files\Movie Maker

[02/04/2008|18:46] C:\Program Files\Mozilla Firefox

[02/11/2006|14:37] C:\Program Files\MSBuild

[03/02/2008|18:52] C:\Program Files\MSECache

[02/11/2006|14:37] C:\Program Files\MSN

[08/03/2008|18:54] C:\Program Files\MSXML 4.0

[18/10/2007|23:45] C:\Program Files\muvee Technologies

[08/03/2008|15:02] C:\Program Files\Orange HSS

[19/10/2007|00:06] C:\Program Files\PC-Doctor 5 for Windows

[22/05/2008|15:34] C:\Program Files\Philips

[14/04/2008|18:52] C:\Program Files\Real

[18/10/2007|23:35] C:\Program Files\Realtek

[02/11/2006|14:37] C:\Program Files\Reference Assemblies

[18/10/2007|23:44] C:\Program Files\Roxio

[08/03/2008|14:56] C:\Program Files\SAGEM

[08/03/2008|14:52] C:\Program Files\Securitoo

[18/10/2007|23:54] C:\Program Files\Services en ligne

[02/11/2006|15:01] C:\Program Files\Uninstall Information

[29/03/2008|22:48] C:\Program Files\VideoLAN

[09/03/2008|13:40] C:\Program Files\Windows Calendar

[19/10/2007|08:51] C:\Program Files\Windows Collaboration

[19/10/2007|08:58] C:\Program Files\Windows Defender

[19/10/2007|08:51] C:\Program Files\Windows Journal

[10/06/2008|18:15] C:\Program Files\Windows Live

[10/06/2008|18:05] C:\Program Files\Windows Live Toolbar

[11/06/2008|11:54] C:\Program Files\Windows Mail

[09/03/2008|13:40] C:\Program Files\Windows Media Player

[01/02/2008|19:41] C:\Program Files\Windows NT

[19/10/2007|08:51] C:\Program Files\Windows Photo Gallery

[09/03/2008|13:40] C:\Program Files\Windows Sidebar

[18/06/2008|23:11] C:\Program Files\Yahoo!

 

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

 

[18/10/2007|23:46] C:\Program Files\Common Files\Adobe

[06/03/2008|15:12] C:\Program Files\Common Files\Alhademic Group

[10/02/2008|16:35] C:\Program Files\Common Files\DESIGNER

[08/03/2008|14:59] C:\Program Files\Common Files\France Telecom

[18/10/2007|23:37] C:\Program Files\Common Files\HP

[10/06/2008|19:03] C:\Program Files\Common Files\InstallShield

[18/10/2007|23:46] C:\Program Files\Common Files\Java

[18/10/2007|23:45] C:\Program Files\Common Files\LightScribe

[18/10/2007|23:45] C:\Program Files\Common Files\LS Getting Started

[09/06/2008|13:10] C:\Program Files\Common Files\microsoft shared

[18/10/2007|23:45] C:\Program Files\Common Files\muvee Technologies

[18/10/2007|23:44] C:\Program Files\Common Files\PX Storage Engine

[14/04/2008|18:52] C:\Program Files\Common Files\Real

[18/10/2007|23:44] C:\Program Files\Common Files\Roxio Shared

[02/11/2006|13:18] C:\Program Files\Common Files\Services

[18/10/2007|23:44] C:\Program Files\Common Files\Sonic Shared

[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines

[18/10/2007|23:38] C:\Program Files\Common Files\SureThing Shared

[08/05/2008|15:48] C:\Program Files\Common Files\Symantec Shared

[26/02/2008|19:21] C:\Program Files\Common Files\System

[08/03/2008|18:01] C:\Program Files\Common Files\WindowsLiveInstaller

[14/04/2008|18:52] C:\Program Files\Common Files\xing shared

 

---------------------------[ Process ]--------------------------

 

... 52

 

... OK !

 

----------------------[ Recherche avec S_Lop ]---------------------

 

Aucun fichier / dossier Lop trouvé !

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

C:\ProgramData\aim rect help creative

C:\ProgramData\aim rect help creative\love pop.exe

C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies\caroline@adopt.euroclick[2].txt

 

----------------------[ Verification du Registre ]----------------------

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------[ Verification du fichier Hosts ]---------------------

 

Fichier Hosts PROPRE

 

 

----------------[ Recherche de fichiers avec Catchme ]-----------------

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-21 16:15:14

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------[ Recherche d'autres infections ]---------------------

 

 

Aucune autre infection trouvée !

 

[F:29][D:9]-> C:\Users\Caroline\AppData\Local\Temp

[F:1241][D:1]-> C:\Users\Caroline\AppData\Roaming\MICROS~1\Windows\Cookies

[F:1248][D:8]-> C:\Users\Caroline\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:21][D:6]-> C:\$Recycle.Bin

 

[ UAC => 1 ]

 

--------------------[ Fin du rapport a 16:15:40,23 ]----------------------

titecaro Junior Member

titecaro

Posté(e)
  • Auteur
Posté(e)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:47:50, on 21/06/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L98JVIE0\HiJackThis[1].exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getad...t&x_dp_id=9

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [64 sect] "C:\ProgramData\Sizesendsend.n1xsck"

O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\Windows\TEMP\E_S63D4.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.orange.fr

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 7818 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

On va récupérer des fichiers pour analyses et pour le développeur de Lop S&D (Eric_71).

Je te prépare tout ça. :P

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Re, on va préparer les fichiers à envoyer, et shooter les vilains. :P

 

* Ouvre le Bloc-notes.

* Assure toi que dans le menu "format", retour "automatique à la ligne" n'est pas coché, sinon clique dessus pour décocher.

* Copie colle ce qui est dans la boite code (ci dessous) dans le Bloc-notes :

@echo off

attrib -a -r -h -s "C:\ProgramData\Sizesendsend.*" >NUL
attrib -a -r -h -s "C:\ProgramData\BAGSTONSJUMP\*" /S /D >NUL

md "%UserProfile%\Desktop\Upload"
md "%Userprofile%\Desktop\BAGSTONSJUMP"

move /y "C:\ProgramData\Sizesendsend.*" "%UserProfile%\Desktop\Upload" >NUL
copy /y "C:\ProgramData\BAGSTONSJUMP\*" "%Userprofile%\Desktop\BAGSTONSJUMP" >NUL

del /A/F/Q "%Userprofile%\Desktop\BAGSTONSJUMP\*.*"
rd /S/Q "%Userprofile%\Desktop\BAGSTONSJUMP"

if not exist "%UserProfile%\Desktop\Upload\Sizesendsend.*" (
copy /y "C:\ProgramData\Sizesendsend.*" "%UserProfile%\Desktop\Upload"
del /a/f/q "C:\ProgramData\Sizesendsend.*" >NUL 2&1)

exit

 

* Fais menu "fichier", "enregistrer sous", et enregistre vers ton bureau, en nommant upload.bat le fichier (et pas .txt)

* Cela va créer sur ton bureau un fichier comme ça : uploadbat.gif l'icône doit être avec un engrenage, pas celle des fichiers texte.

 

** Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).

 

* Démarrer > Panneau de Configuration

* Double clique sur l'icône Comptes d'utilisateurs

* Clique ensuite sur Désactiver et valide.

 

* Double clique sur upload.bat, tu vas voir une fenêtre noire apparaître et disparaître un dossier upload va être créé sur ton bureau.

* Confirme-moi la création de ce dossier sur le bureau, et par clic droit dessus, puis propriétés, dis moi sa taille.

 

N'hésite pas à poser des questions en cas de pépin ou de doute. :P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...