jwrsfeha.exe et +

[Ghepito]

Bonjour

Voici donc un rapport d'analyse que je vous soumet car je n'ai pas trouvé sur la toile ce qu'est jwrsfeha.

Merci d'avance pour votre aide !

 

Ghepito

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:31:12, on 09/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\Seigneur\CD-Rom\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\DRIVERS\WtSrv.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\All Users\Application Data\tgtofuxu\jwrsfeha.exe

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Seigneur\securite\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Seigneur\Internet\eChanblard\emule.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Seigneur\securite\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Seigneur\Internet\FlashGet\fgiebar.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [WService] WService.EXE

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Seigneur\securite\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [fvPZEN3pcQ] C:\Documents and Settings\All Users\Application Data\tgtofuxu\jwrsfeha.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Seigneur\Internet\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Seigneur\Internet\FlashGet\flashget.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Seigneur\securite\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Seigneur\securite\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137351113640

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FCE7E0EF-3FAF-43BD-9FAE-4DC4C9DB4D5C}: NameServer = 212.27.53.252,212.27.54.252

O20 - Winlogon Notify: tuvtsssQ - tuvtsssQ.dll (file missing)

O21 - SSODL: EnApp - {20B17D48-25ED-E87E-422F-0441FA001D8F} - C:\Program Files\ucsmvhg\EnApp.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Seigneur\CD-Rom\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Seigneur\Outils\TuneUp\WinStylerThemeSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

 

--

End of file - 10898 bytes

[chrifleur]

bonjour et bienvenue

pas mal infecté en effet

on commence

 

Télécharger Lop S&D.exe de eric71 et angeldark

http://eric.71.mespages.googlepages.com/Lop.sd.exe

scanne ton Pc option1

poste le rapport obtenu

 

 

Télécharge VundoFix.exe (par Atribune) sur ton Bureau

http://www.atribune.org/ccount/click.php?id=4

 

Le PC va être redémarré lors du passage de VundoFix, je te conseille donc de fermer et enregistrer tout ce que tu as en cours!

 

Fais un double clic sur VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque l'analyse de ton PC est terminée, clique sur le bouton Fix Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique sur YES

Après avoir cliqué sur Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer

Clique sur OK

 

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage.

Coche les fichiers à supprimer qui te sont proposés

Clique sur Fix Vundo et laisse Vundofix redémarrer le PC

Renouvelle l'opération si demandé.

 

 

Copie/colle le contenu du rapport situé dans C:\VundoFix.txt (si XP est installé sur C:\ dans le cas contraire, il sera à la racine de ta partition système) ainsi qu'un nouveau rapport Hijack This dans ta prochaine réponse

[Ghepito]

Bonsoir Chrifleur

Tout d'abord merci de prendre de ton temps pour résoudre mes problemes.

Ce soir je t'envoi déja le fichier issu du scan de Lop S&D.

Je lancerai la 2émme opération par VundoFix demain midi ou soir (mes horaires boulot sont trés élastiques...).

Quoi qu'il en soit je viendrai sur le forum demain midi voir si tu a posté quelquechose.

Bonne soirée

 

 

--------------------\\ Lop S&D 4.2.4-2 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Athlon XP 2100+ )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : Papa ( Administrator )

BOOT : Normal boot

Antivirus : Bitdefender Antivirus 8.0 (Activated)

Firewall : Sunbelt Personal Firewall 4.6.1845 T (Activated)

 

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )

Option : [1] ( 09/09/2008|22:24 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[07/01/2006|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[29/12/2005|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead

[23/07/2008|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk

[29/07/2008|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender

[01/05/2007|15:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOC423

[17/08/2008|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software

[09/02/2006|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cloanto

[06/10/2007|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Diskeeper Corporation

[06/07/2008|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink

[25/03/2006|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5

[28/07/2006|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Firefly Studios

[20/05/2006|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[05/01/2008|17:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kristanix Software

[02/09/2008|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[25/11/2007|16:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd

[23/07/2006|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

[09/03/2008|10:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX

[02/09/2008|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[02/07/2008|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[25/11/2007|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software

[23/11/2007|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound

[08/08/2006|23:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA

[29/12/2006|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle

[29/12/2006|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio

[16/03/2007|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PokerAcademyPro2

[11/03/2006|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software

[19/02/2006|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[16/11/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SimCity Societies

[11/05/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline

[15/07/2008|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft

[01/04/2008|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc

[08/09/2008|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[02/09/2008|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

[12/02/2008|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith

[02/09/2008|13:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tgtofuxu

[27/12/2005|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software

[21/10/2006|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems

[31/12/2005|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[18/07/2008|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

 

[21/12/2005|20:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[02/08/2006|12:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\BitDefender

[20/01/2007|10:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia

[29/01/2007|20:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[21/12/2005|20:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[10/02/2008|23:13] C:\DOCUME~1\Papa\APPLIC~1\Adobe

[26/07/2008|14:02] C:\DOCUME~1\Papa\APPLIC~1\AdobeUM

[29/10/2006|19:57] C:\DOCUME~1\Papa\APPLIC~1\Ahead

[25/09/2007|19:17] C:\DOCUME~1\Papa\APPLIC~1\Anuman Interactive

[31/01/2008|14:04] C:\DOCUME~1\Papa\APPLIC~1\Atari

[23/07/2008|13:13] C:\DOCUME~1\Papa\APPLIC~1\Autodesk

[29/07/2008|18:48] C:\DOCUME~1\Papa\APPLIC~1\BitDefender

[25/02/2007|21:07] C:\DOCUME~1\Papa\APPLIC~1\BSDh9

[17/01/2008|19:45] C:\DOCUME~1\Papa\APPLIC~1\Consultia

[20/01/2008|11:56] C:\DOCUME~1\Papa\APPLIC~1\Cycling '74

[20/10/2007|22:14] C:\DOCUME~1\Papa\APPLIC~1\DivX

[29/01/2007|21:15] C:\DOCUME~1\Papa\APPLIC~1\Download Manager

[26/07/2008|11:56] C:\DOCUME~1\Papa\APPLIC~1\dvdcss

[25/03/2008|20:20] C:\DOCUME~1\Papa\APPLIC~1\fltk.org

[14/01/2008|23:50] C:\DOCUME~1\Papa\APPLIC~1\FolderPrint

[31/03/2008|19:46] C:\DOCUME~1\Papa\APPLIC~1\GibbHill Properties Ltd

[21/01/2006|00:24] C:\DOCUME~1\Papa\APPLIC~1\Google

[05/09/2008|16:25] C:\DOCUME~1\Papa\APPLIC~1\GrabIt

[02/12/2007|13:36] C:\DOCUME~1\Papa\APPLIC~1\Graphisoft

[30/12/2005|19:26] C:\DOCUME~1\Papa\APPLIC~1\Help

[24/08/2008|12:39] C:\DOCUME~1\Papa\APPLIC~1\Identities

[06/06/2006|21:40] C:\DOCUME~1\Papa\APPLIC~1\IDMComp

[07/03/2008|18:54] C:\DOCUME~1\Papa\APPLIC~1\Imperium Romanum

[29/01/2007|21:13] C:\DOCUME~1\Papa\APPLIC~1\InstallShield

[27/09/2007|20:28] C:\DOCUME~1\Papa\APPLIC~1\InstallShield Installation Information

[15/02/2008|14:05] C:\DOCUME~1\Papa\APPLIC~1\InterVideo

[05/01/2008|17:18] C:\DOCUME~1\Papa\APPLIC~1\Kristanix Software

[10/11/2007|09:56] C:\DOCUME~1\Papa\APPLIC~1\Lavasoft

[22/12/2005|19:48] C:\DOCUME~1\Papa\APPLIC~1\Leadertech

[23/07/2006|19:06] C:\DOCUME~1\Papa\APPLIC~1\Logitech

[03/03/2007|00:36] C:\DOCUME~1\Papa\APPLIC~1\Macromedia

[09/03/2008|12:24] C:\DOCUME~1\Papa\APPLIC~1\MAGIX

[02/09/2008|20:26] C:\DOCUME~1\Papa\APPLIC~1\Malwarebytes

[07/05/2006|16:06] C:\DOCUME~1\Papa\APPLIC~1\Media Player Classic

[01/09/2007|13:56] C:\DOCUME~1\Papa\APPLIC~1\Micrografx

[26/08/2008|21:16] C:\DOCUME~1\Papa\APPLIC~1\Microsoft

[25/07/2006|18:32] C:\DOCUME~1\Papa\APPLIC~1\Mozilla

[01/01/2008|22:34] C:\DOCUME~1\Papa\APPLIC~1\Mp3tag

[23/11/2007|18:27] C:\DOCUME~1\Papa\APPLIC~1\NCH Swift Sound

[11/08/2008|17:48] C:\DOCUME~1\Papa\APPLIC~1\Nvu

[06/09/2008|11:17] C:\DOCUME~1\Papa\APPLIC~1\OpenOffice.org2

[14/08/2007|21:27] C:\DOCUME~1\Papa\APPLIC~1\PACE Anti-Piracy

[12/10/2007|23:05] C:\DOCUME~1\Papa\APPLIC~1\PCF-VLC

[29/01/2007|21:42] C:\DOCUME~1\Papa\APPLIC~1\Pinnacle Systems

[19/06/2007|22:39] C:\DOCUME~1\Papa\APPLIC~1\Planetside Software

[16/03/2007|18:31] C:\DOCUME~1\Papa\APPLIC~1\PokerAcademyPro2

[23/12/2007|22:59] C:\DOCUME~1\Papa\APPLIC~1\ppstream

[19/01/2008|23:29] C:\DOCUME~1\Papa\APPLIC~1\Propellerhead Software

[21/03/2008|20:08] C:\DOCUME~1\Papa\APPLIC~1\Publish Providers

[03/02/2007|22:59] C:\DOCUME~1\Papa\APPLIC~1\Real

[27/07/2008|21:36] C:\DOCUME~1\Papa\APPLIC~1\Reallusion

[10/02/2008|23:47] C:\DOCUME~1\Papa\APPLIC~1\RssBandit

[06/09/2006|18:02] C:\DOCUME~1\Papa\APPLIC~1\SecuROM

[16/12/2006|20:10] C:\DOCUME~1\Papa\APPLIC~1\Skype

[15/01/2007|20:11] C:\DOCUME~1\Papa\APPLIC~1\Sony

[25/07/2006|18:34] C:\DOCUME~1\Papa\APPLIC~1\Steganos VPN

[25/03/2006|17:34] C:\DOCUME~1\Papa\APPLIC~1\Sun

[08/09/2008|13:04] C:\DOCUME~1\Papa\APPLIC~1\SUPERAntiSpyware.com

[27/12/2005|10:29] C:\DOCUME~1\Papa\APPLIC~1\TuneUp Software

[05/04/2008|10:17] C:\DOCUME~1\Papa\APPLIC~1\U3

[19/06/2007|22:54] C:\DOCUME~1\Papa\APPLIC~1\uk.co.planetside

[06/02/2007|14:32] C:\DOCUME~1\Papa\APPLIC~1\vlc

[06/04/2006|18:23] C:\DOCUME~1\Papa\APPLIC~1\WholeSecurity

[09/06/2007|12:16] C:\DOCUME~1\Papa\APPLIC~1\WinRAR

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[09/09/2008 06:51][--a------] C:\WINDOWS\tasks\SCHEDLGU.TXT

[09/09/2008 22:00][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{BA8FC79A-2635-461A-8EE9-1D446C27F9A5}.job

[09/09/2008 06:48][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[31/08/2008|12:05] C:\Program Files\Activision

[15/08/2007|13:52] C:\Program Files\Adobe

[15/08/2007|17:21] C:\Program Files\AdorageI-GfxDatas

[07/06/2007|08:46] C:\Program Files\AdorageI-SAL

[24/08/2007|19:23] C:\Program Files\AGEIA Technologies

[19/06/2008|22:18] C:\Program Files\AnalyseSI

[08/10/2007|19:50] C:\Program Files\Anuman Interactive

[16/11/2007|19:38] C:\Program Files\ASIO4ALL v2

[06/04/2006|18:15] C:\Program Files\ASUS

[29/07/2008|18:48] C:\Program Files\BitDefender

[09/12/2007|13:03] C:\Program Files\Boris FX, Inc

[08/04/2008|17:35] C:\Program Files\Borland

[18/07/2008|13:36] C:\Program Files\CCleaner

[22/11/2007|21:42] C:\Program Files\Combined Community Codec Pack

[19/08/2008|19:05] C:\Program Files\Common Files

[18/01/2008|18:39] C:\Program Files\CROUZET

[20/07/2008|11:22] C:\Program Files\Crouzet Automatismes

[23/07/2006|18:52] C:\Program Files\CyberLink

[24/06/2007|20:41] C:\Program Files\DAEMON Tools

[16/12/2007|09:12] C:\Program Files\DaViDeo2006VHS

[07/12/2006|14:04] C:\Program Files\DigiDesign

[19/06/2008|13:29] C:\Program Files\DipiSoft

[30/01/2006|13:30] C:\Program Files\directx

[06/10/2007|17:52] C:\Program Files\Diskeeper Corporation

[20/10/2007|13:57] C:\Program Files\DivX

[06/11/2007|21:10] C:\Program Files\DMV

[10/01/2008|14:23] C:\Program Files\Domotix

[02/07/2008|13:31] C:\Program Files\DtectOr

[04/12/2007|20:30] C:\Program Files\Duplicate Cleaner

[09/09/2008|19:50] C:\Program Files\EA Games

[31/08/2008|12:10] C:\Program Files\Elaborate Bytes

[17/06/2008|13:11] C:\Program Files\Electronic Arts

[05/10/2007|22:35] C:\Program Files\Executive Software

[26/08/2008|22:37] C:\Program Files\Fichiers communs

[11/08/2008|15:52] C:\Program Files\Free

[29/08/2008|22:44] C:\Program Files\Free Audio Pack

[06/09/2008|10:31] C:\Program Files\Futuremark

[16/01/2008|21:17] C:\Program Files\GeForceTweakUtility

[27/01/2008|18:58] C:\Program Files\Google

[21/12/2006|07:53] C:\Program Files\GuitarFX 3

[09/09/2008|13:22] C:\Program Files\HappyCollection_V2.5

[27/01/2008|12:22] C:\Program Files\Hijackthis Version Fran‡aise

[14/01/2007|16:20] C:\Program Files\Ige+Xao

[15/06/2007|18:11] C:\Program Files\IGN Rando

[07/12/2006|14:04] C:\Program Files\IK Multimedia

[01/04/2007|21:34] C:\Program Files\IKEA HomePlanner

[09/09/2008|12:49] C:\Program Files\InstallShield Installation Information

[25/08/2008|13:23] C:\Program Files\Internet Explorer

[13/02/2008|23:02] C:\Program Files\InterVideo

[11/10/2007|18:41] C:\Program Files\IRAI

[23/04/2008|21:10] C:\Program Files\Java

[05/10/2007|21:08] C:\Program Files\jv16 PowerTools 2005

[02/09/2008|17:57] C:\Program Files\Lavasoft

[02/01/2008|19:00] C:\Program Files\Logitech

[15/04/2007|21:38] C:\Program Files\MaCuisineLapeyre

[09/03/2008|10:40] C:\Program Files\MAGIX

[02/09/2008|20:26] C:\Program Files\Malwarebytes' Anti-Malware

[04/09/2006|18:45] C:\Program Files\Marvell

[09/05/2007|07:40] C:\Program Files\MatroskaProp

[31/12/2007|15:36] C:\Program Files\MediaMonkey

[16/08/2008|00:07] C:\Program Files\Messenger

[31/08/2008|12:13] C:\Program Files\Micro Application

[01/09/2007|13:50] C:\Program Files\Micrografx

[02/03/2008|17:44] C:\Program Files\micronet-soft

[21/12/2006|22:03] C:\Program Files\Microsoft Baseline Security Analyzer 2

[03/01/2008|13:52] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[10/05/2008|15:09] C:\Program Files\Microsoft Digital Image 10

[21/12/2005|20:34] C:\Program Files\microsoft frontpage

[23/07/2008|12:42] C:\Program Files\Microsoft Office

[29/12/2006|22:34] C:\Program Files\Microsoft SQL Server

[03/01/2006|13:32] C:\Program Files\Microsoft Works

[02/07/2008|17:59] C:\Program Files\Microsoft.NET

[19/08/2008|19:07] C:\Program Files\Motorola Phone Tools

[21/12/2005|20:32] C:\Program Files\Movie Maker

[01/01/2008|16:56] C:\Program Files\Mp3tag

[23/07/2008|12:40] C:\Program Files\MSBuild

[23/04/2008|13:12] C:\Program Files\MSECache

[21/12/2005|20:30] C:\Program Files\MSN

[21/12/2005|20:31] C:\Program Files\MSN Gaming Zone

[24/09/2006|22:21] C:\Program Files\MSXML 4.0

[29/10/2007|13:32] C:\Program Files\MSXML 6.0

[03/11/2007|22:06] C:\Program Files\Native Instruments

[21/12/2005|20:32] C:\Program Files\NetMeeting

[12/11/2007|20:17] C:\Program Files\NVIDIA Corporation

[11/08/2008|17:51] C:\Program Files\Nvu

[25/01/2008|22:37] C:\Program Files\Omron

[21/12/2005|20:31] C:\Program Files\Online Services

[24/06/2008|12:50] C:\Program Files\OpenAL

[21/06/2008|13:30] C:\Program Files\OpenOffice.org 2.4

[13/06/2007|13:06] C:\Program Files\Outlook Express

[14/08/2007|21:53] C:\Program Files\PhotoGenetics

[26/08/2008|12:59] C:\Program Files\PicLensIE

[19/02/2008|23:12] C:\Program Files\Pinnacle

[19/07/2008|20:59] C:\Program Files\PrestoNotes

[29/01/2007|23:14] C:\Program Files\proDAD

[29/03/2008|19:33] C:\Program Files\ProgDVB

[29/03/2008|19:18] C:\Program Files\ProgDVB(2)

[21/07/2008|21:11] C:\Program Files\Project64 1.6

[19/01/2008|23:25] C:\Program Files\Propellerhead

[07/01/2006|20:08] C:\Program Files\QuickTime

[03/02/2007|22:18] C:\Program Files\Real

[23/07/2008|12:37] C:\Program Files\Reference Assemblies

[05/01/2008|19:42] C:\Program Files\Rename-It!

[21/12/2005|20:33] C:\Program Files\Services en ligne

[09/09/2008|21:05] C:\Program Files\SIEMENS

[11/05/2008|22:36] C:\Program Files\Skyline

[15/07/2008|20:24] C:\Program Files\SlySoft

[28/03/2008|08:34] C:\Program Files\SmartSound Software

[02/08/2006|11:58] C:\Program Files\Softwin

[15/01/2007|20:02] C:\Program Files\Sony

[31/03/2008|21:19] C:\Program Files\Stardock

[27/06/2007|21:10] C:\Program Files\stg

[09/04/2008|21:10] C:\Program Files\Stokouti V5.11

[20/12/2007|18:56] C:\Program Files\Sunbelt Software

[08/09/2008|13:04] C:\Program Files\SUPERAntiSpyware

[06/11/2007|20:53] C:\Program Files\SystemRequirementsLab

[11/06/2008|13:11] C:\Program Files\TABLET

[16/08/2007|11:37] C:\Program Files\Tablette

[17/08/2006|17:50] C:\Program Files\Team MediaPortal

[27/07/2008|13:32] C:\Program Files\Trend Micro

[28/08/2008|21:57] C:\Program Files\UberIcon

[02/09/2008|13:40] C:\Program Files\ucsmvhg

[21/01/2007|20:19] C:\Program Files\UltraISO

[15/01/2007|20:05] C:\Program Files\Uninstall Information

[08/03/2007|20:37] C:\Program Files\UNO Freeware

[10/02/2008|00:13] C:\Program Files\VBSdocs

[23/03/2008|12:51] C:\Program Files\VstPlugins

[24/08/2006|19:19] C:\Program Files\WinASO

[01/06/2007|20:35] C:\Program Files\WinASPI

[06/04/2006|18:21] C:\Program Files\Winbond

[28/10/2007|13:04] C:\Program Files\Windows Media Connect 2

[28/10/2007|13:04] C:\Program Files\Windows Media Player

[21/12/2005|20:31] C:\Program Files\Windows NT

[21/12/2005|20:33] C:\Program Files\WindowsUpdate

[25/03/2008|14:17] C:\Program Files\winMd5Sum

[05/05/2007|20:14] C:\Program Files\WMV9_VCM

[21/12/2005|20:34] C:\Program Files\xerox

[11/10/2007|18:45] C:\Program Files\XviD

[18/07/2008|13:36] C:\Program Files\Yahoo!

[26/08/2008|22:38] C:\Program Files\YouTUBE movie downloader

[08/04/2007|10:12] C:\Program Files\YouTube Downloader

[21/07/2008|20:37] C:\Program Files\Zattoo

[02/09/2008|17:45] C:\Program Files\ZebHelpProcess 2

[06/04/2006|21:07] C:\Program Files\Zero G Registry

[30/03/2008|14:00] C:\Program Files\ZGuideTV

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[15/08/2007|13:52] C:\Program Files\Fichiers communs\Adobe

[29/12/2005|19:15] C:\Program Files\Fichiers communs\Ahead

[30/07/2008|20:38] C:\Program Files\Fichiers communs\Autodesk Shared

[11/08/2008|15:27] C:\Program Files\Fichiers communs\BitDefender

[09/02/2006|22:44] C:\Program Files\Fichiers communs\Cloanto

[07/02/2006|22:05] C:\Program Files\Fichiers communs\DAZ

[23/07/2008|12:42] C:\Program Files\Fichiers communs\designer

[03/11/2007|21:53] C:\Program Files\Fichiers communs\Digidesign

[25/12/2005|21:42] C:\Program Files\Fichiers communs\DirectX

[10/10/2006|22:58] C:\Program Files\Fichiers communs\Editions ENI

[06/04/2006|21:02] C:\Program Files\Fichiers communs\element5 Shared

[21/01/2007|20:18] C:\Program Files\Fichiers communs\EZB Systems

[29/01/2007|18:34] C:\Program Files\Fichiers communs\G DATA

[31/12/2005|13:22] C:\Program Files\Fichiers communs\GTK

[20/05/2006|13:14] C:\Program Files\Fichiers communs\InstallShield

[25/03/2006|17:32] C:\Program Files\Fichiers communs\Java

[02/01/2008|19:00] C:\Program Files\Fichiers communs\Logitech

[17/08/2008|17:52] C:\Program Files\Fichiers communs\Microsoft Shared

[17/08/2008|18:36] C:\Program Files\Fichiers communs\Motorola Shared

[21/12/2005|20:32] C:\Program Files\Fichiers communs\MSSoap

[03/11/2007|21:53] C:\Program Files\Fichiers communs\Native Instruments

[21/10/2006|21:20] C:\Program Files\Fichiers communs\NVIDIA Shared

[21/12/2005|20:41] C:\Program Files\Fichiers communs\ODBC

[14/08/2007|21:26] C:\Program Files\Fichiers communs\PACE Anti-Piracy

[03/02/2007|22:59] C:\Program Files\Fichiers communs\Real

[21/12/2005|20:32] C:\Program Files\Fichiers communs\Services

[02/08/2006|11:58] C:\Program Files\Fichiers communs\Softwin

[21/12/2005|20:41] C:\Program Files\Fichiers communs\SpeechEngines

[31/03/2008|21:19] C:\Program Files\Fichiers communs\stardock

[02/07/2008|17:59] C:\Program Files\Fichiers communs\System

[21/10/2006|21:23] C:\Program Files\Fichiers communs\Ulead Systems

[08/09/2008|13:04] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 51 Processes )

 

iexplore.exe ~ [PID:892]

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-09 22:29:36

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:10][D:4]-> C:\DOCUME~1\Papa\LOCALS~1\Temp

[F:53][D:0]-> C:\DOCUME~1\Papa\Cookies

[F:1973][D:11]-> C:\DOCUME~1\Papa\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 09/09/2008|20:55 - Option : [1]

 

--------------------\\ Fin du rapport a 22:32:56

[chrifleur]

j'attends donc ton rapport vundofix...

[Ghepito]

Bonjour chrifleur !

 

Voici comme convenu le rapport de vundofix, merci d'y jeter un coup d'oeil.

 

Bonne journée

 

 

VundoFix V7.0.6

 

Scan started at 22:51:11 09/09/2008

 

Listing files found while scanning....

 

No infected files were found.

[chrifleur]

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

 

* Double-clique sur RSIT.exe afin de lancer RSIT.

* Clique Continue à l'écran Disclaimer.

* Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)

ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

[Ghepito]

Hello chrifleur

 

J'ai bien lancé random's system information tool mais il est resté "bloqué" sur la phase performing registry dump pendant + 1h30 !!

 

Je l'ai killé, fallait-il attendre encore ou alors il y a eu un bug ?

 

Merci de ta réponce

 

Ghepito

[chrifleur]

il y a eu un bug surement

on va faire autrement

* Télécharge DiagHelp.zip sur ton bureau(Merci Malekal) Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php

* Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.

* Un nouveau dossier chercher va être créé.

* Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)

* Une fenêtre va s'ouvrir, choisis l'option 1

* L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

* Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.

* Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)

* Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.

* Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

[chrifleur]

afin de voir ce qui éventuellement ne fonctionne pas ou mal avec RSIT, voudrais tu rechercher ces 2 fichiers et me les poster stp

log.txt

ainsi que info.txt

tu devrais les trouver à la racine de C:\ ou dans le dossier RSIT

merci