BESOIN D'AIDE

[TATAV93]

bonjours a tous!! est ce que qqun serai en mesure de me donner un coup de main???? merci d'avance voici mon rapport hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:04:16, on 24/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\USB Disk Win98 Driver\Res.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Goto Software\Vade Retro\Vaderetro_Mgr.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Guillaume\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,C:\WINDOWS\system32\twext.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DumpTeam] C:\Codage\DumpTeam_Pack_v4.5a3.exe /S

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [soft defy soap wave] C:\Documents and Settings\All Users\Application Data\Stupid Vc Soft Defy\logo blue.exe

O4 - HKLM\..\Run: [VadeRetro Outlook] C:\Program Files\Goto Software\Vade Retro\VrMoRegister.exe -s

O4 - HKLM\..\Run: [VadeRetro Desktop] C:\Program Files\Goto Software\Vade Retro\Vaderetro_Mgr.exe

O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [road draw] C:\DOCUME~1\GUILLA~1\APPLIC~1\FORDER~1\DVD OPTION START.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

 

--

End of file - 13083 bytes

[Thanos]

salut et bienvenue

 

Il y a plusieurs infections sur ton pc!

Voilà la marche à suivre >>

 

1°) Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

***Si le lien ne fonctionne pas, essaie ceux-ci :

http://download.bleepingcomputer.com/andymanchesta/SDFix.exe

http://sdfix.net/SDFix.exe

 

Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\).

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur
  
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  
• Choisis ton compte.
  

Déroule la liste des instructions ci-dessous :

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  
• Appuie sur Y pour commencer le processus de nettoyage.
  
• Il est possible que l'outil demande un redémarrage en mode Sans Échec en début de routine, si une infection particulière est détectée; valide et tapote la touche F8 au redémarrage pour accéder aux options de démarrage.
  
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  
• Appuie sur une touche pour redémarrer le PC.
  
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
  

 

2°) Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan

 

Télécharge Lop S&D < ici

• Double-clique sur Lop S&D.exe présent sur ton bureau
  
• Séléctionne la langue souhaitée, puis choisis l'Option 1 (Recherche)
  
• Patiente jusqu'à la fin du scan
  
• Poste le rapport généré. Si tu ne le vois pas, tu le trouveras dans le répertoire (C\) et il se nomme lopR.txt
  

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

 

Poste ces deux rapports stp ainsi qu'un nouveau rapport hijackthis (que tu lanceras après ces deux étapes)

[TATAV93]

quand je lance sdfix il ce met en route fais des extraction et me renvoi direc sur un bloc note!

[Thanos]

Pas de souci!! ferme le fichier qui s'est ouvert: il ressemble à ca ? >>

SDFix has been extracted to %systemdrive%\SDFix\

(Drive that contains the Windows directory - typically 'C:\SDFix')

 

Open the SDFix folder in Safe Mode then double click the RunThis.bat file to start the fixtool

If run in Normal Mode, options to download and run Anti-Virus command line scanners are displayed

 

Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder

Une fois que tu as fermé ce fichier, redémarre en mode sans échec comme indiqué, puis suis les étapes

[TATAV93]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:14:05, on 25/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\USB Disk Win98 Driver\Res.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Goto Software\Vade Retro\Vaderetro_Mgr.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Guillaume\Bureau\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DumpTeam] C:\Codage\DumpTeam_Pack_v4.5a3.exe /S

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [soft defy soap wave] C:\Documents and Settings\All Users\Application Data\Stupid Vc Soft Defy\logo blue.exe

O4 - HKLM\..\Run: [VadeRetro Outlook] C:\Program Files\Goto Software\Vade Retro\VrMoRegister.exe -s

O4 - HKLM\..\Run: [VadeRetro Desktop] C:\Program Files\Goto Software\Vade Retro\Vaderetro_Mgr.exe

O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [road draw] C:\DOCUME~1\GUILLA~1\APPLIC~1\FORDER~1\DVD OPTION START.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

 

--

End of file - 13263 bytes

 

SDFix: Version 1.228

Run by Guillaume on 25/09/2008 at 00:56

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\Documents and Settings\LocalService\Application Data\sysproc64\sysproc32.sys - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt10.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt100.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt13.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt17.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt19.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt1B.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt1D.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt1F.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt21.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt23.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt25.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt27.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt29.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt2B.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt2D.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt2F.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt32.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt34.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt37.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt3A.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt3D.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt3F.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt41.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt43.tmp - Deleted

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttF4.tmp - Deleted

C:\Documents and Settings\Guillaume\Bureau\.url - Deleted

C:\WINDOWS\system32\sysproc64\sysproc32.sys - Deleted

C:\WINDOWS\system32\sysproc64\sysproc86.sys - Deleted

 

 

 

Folder C:\Documents and Settings\LocalService\Application Data\sysproc64 - Removed

Folder C:\WINDOWS\system32\sysproc64 - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-25 01:07:01

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c55fdf203]

"001963b4cc4d"=hex:8c,26,18,66,b2,8e,f9,7c,a8,44,90,93,a4,87,4b,97

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000c55fdf203]

"001963b4cc4d"=hex:8c,26,18,66,b2,8e,f9,7c,a8,44,90,93,a4,87,4b,97

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:0000006a

"TracesSuccessful"=dword:0000005f

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\\hager\\Taloha\\Apps\\rteng6.exe"="C:\\hager\\Taloha\\Apps\\rteng6.exe:*:Enabled:Adaptive Server Anywhere Database Engine"

"D:\\Temp\\eMule\\eMule.exe"="D:\\Temp\\eMule\\eMule.exe:*:Disabled:eMule Plus"

"F:\\scol_install\\scolsetup.exe"="F:\\scol_install\\scolsetup.exe:*:Disabled:scolsetup"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Wed 13 Dec 2006 201,216 A..H. --- "C:\AMS\Devis Elec\Chantier Cortes\~WRL0005.tmp"

Fri 16 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 15 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

 

Finished!

[TATAV93]

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.73GHz )

BIOS : Phoenix NoteBIOS 4.0 Release 6.0

USER : Guillaume ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Not Activated)

C:\ (Local Disk) - NTFS - Total : 27 Go Free : 5 Go

D:\ (Local Disk) - NTFS - Total : 39 Go Free : 1 Go

E:\ (USB)

F:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )

Option : [1] ( 25/09/2008| 1:19 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[06/03/2008|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[25/05/2008|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Anyware

[28/08/2008|23:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[27/10/2007|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[20/10/2007|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[27/10/2007|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[08/03/2005|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel

[29/08/2008|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[23/09/2008|21:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[20/02/2008|13:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[04/11/2007|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[08/03/2005|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[27/10/2007|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc

[20/10/2007|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation

[31/12/2007|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson

[23/09/2008|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Stupid Vc Soft Defy

[20/10/2007|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[31/12/2007|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca

[09/04/2008|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom

[27/10/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems

[24/09/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro

[20/10/2007|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VAIO Media Platform

[15/11/2007|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[09/09/2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

[08/03/2005|15:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe

[07/03/2005|19:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[08/03/2005|15:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia

[08/03/2005|15:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[08/03/2005|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sony Corporation

[08/03/2005|15:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

 

[16/05/2008|16:04] C:\DOCUME~1\GUILLA~1\APPLIC~1\Adobe

[29/07/2008|16:48] C:\DOCUME~1\GUILLA~1\APPLIC~1\AdobeUM

[23/09/2008|21:09] C:\DOCUME~1\GUILLA~1\APPLIC~1\Ford Error Hide

[19/02/2008|15:30] C:\DOCUME~1\GUILLA~1\APPLIC~1\Google

[07/03/2005|19:21] C:\DOCUME~1\GUILLA~1\APPLIC~1\Identities

[13/12/2007|17:14] C:\DOCUME~1\GUILLA~1\APPLIC~1\Jasc Software Inc

[17/12/2007|13:56] C:\DOCUME~1\GUILLA~1\APPLIC~1\Leadertech

[08/03/2005|15:10] C:\DOCUME~1\GUILLA~1\APPLIC~1\Macromedia

[29/08/2008|22:36] C:\DOCUME~1\GUILLA~1\APPLIC~1\Malwarebytes

[05/09/2008|16:59] C:\DOCUME~1\GUILLA~1\APPLIC~1\Microsoft

[17/12/2007|13:57] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sonic

[24/09/2008|00:35] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sony Corporation

[13/12/2007|16:27] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sony Ericsson

[29/10/2007|00:56] C:\DOCUME~1\GUILLA~1\APPLIC~1\SPAMfighter

[21/10/2007|22:40] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sun

[08/03/2005|15:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\Symantec

[02/01/2008|01:13] C:\DOCUME~1\GUILLA~1\APPLIC~1\Teleca

[05/05/2008|21:43] C:\DOCUME~1\GUILLA~1\APPLIC~1\Ulead Systems

[24/09/2008|12:14] C:\DOCUME~1\GUILLA~1\APPLIC~1\VadeRetro

[02/08/2008|02:19] C:\DOCUME~1\GUILLA~1\APPLIC~1\vlc

 

[16/05/2008|23:59] C:\DOCUME~1\JOS~1\APPLIC~1\Adobe

[04/09/2008|20:34] C:\DOCUME~1\JOS~1\APPLIC~1\AdobeUM

[24/09/2008|19:27] C:\DOCUME~1\JOS~1\APPLIC~1\Ford Error Hide

[21/10/2007|01:22] C:\DOCUME~1\JOS~1\APPLIC~1\Google

[28/03/2008|20:38] C:\DOCUME~1\JOS~1\APPLIC~1\Help

[23/10/2007|21:29] C:\DOCUME~1\JOS~1\APPLIC~1\Identities

[09/12/2007|16:55] C:\DOCUME~1\JOS~1\APPLIC~1\Jasc Software Inc

[26/02/2008|20:18] C:\DOCUME~1\JOS~1\APPLIC~1\Leadertech

[18/11/2007|01:15] C:\DOCUME~1\JOS~1\APPLIC~1\LimeWire

[08/03/2005|15:10] C:\DOCUME~1\JOS~1\APPLIC~1\Macromedia

[09/12/2007|23:06] C:\DOCUME~1\JOS~1\APPLIC~1\Micrografx

[28/08/2008|16:54] C:\DOCUME~1\JOS~1\APPLIC~1\Microsoft

[12/11/2007|18:04] C:\DOCUME~1\JOS~1\APPLIC~1\Microsoft Web Folders

[17/08/2008|21:11] C:\DOCUME~1\JOS~1\APPLIC~1\Mozilla

[26/02/2008|20:18] C:\DOCUME~1\JOS~1\APPLIC~1\Sonic

[24/09/2008|21:13] C:\DOCUME~1\JOS~1\APPLIC~1\Sony Corporation

[08/12/2007|18:01] C:\DOCUME~1\JOS~1\APPLIC~1\Sony Ericsson

[27/10/2007|17:37] C:\DOCUME~1\JOS~1\APPLIC~1\SPAMfighter

[21/10/2007|01:14] C:\DOCUME~1\JOS~1\APPLIC~1\Sun

[08/03/2005|15:05] C:\DOCUME~1\JOS~1\APPLIC~1\Symantec

[31/12/2007|19:52] C:\DOCUME~1\JOS~1\APPLIC~1\Teleca

[04/04/2008|18:03] C:\DOCUME~1\JOS~1\APPLIC~1\TomTom

[27/10/2007|19:47] C:\DOCUME~1\JOS~1\APPLIC~1\Ulead Systems

[24/09/2008|16:12] C:\DOCUME~1\JOS~1\APPLIC~1\VadeRetro

[09/08/2008|00:40] C:\DOCUME~1\JOS~1\APPLIC~1\vlc

 

[08/09/2008|23:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[15/09/2008|12:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\twain_32

 

[26/05/2008|18:05] C:\DOCUME~1\Mimi\APPLIC~1\Adobe

[10/06/2008|16:19] C:\DOCUME~1\Mimi\APPLIC~1\AdobeUM

[24/09/2008|05:53] C:\DOCUME~1\Mimi\APPLIC~1\Ford Error Hide

[21/10/2007|18:41] C:\DOCUME~1\Mimi\APPLIC~1\Google

[07/03/2005|19:21] C:\DOCUME~1\Mimi\APPLIC~1\Identities

[08/03/2005|15:10] C:\DOCUME~1\Mimi\APPLIC~1\Macromedia

[05/09/2008|17:28] C:\DOCUME~1\Mimi\APPLIC~1\Microsoft

[08/03/2005|14:59] C:\DOCUME~1\Mimi\APPLIC~1\Sony Corporation

[08/12/2007|22:45] C:\DOCUME~1\Mimi\APPLIC~1\Sony Ericsson

[31/10/2007|14:51] C:\DOCUME~1\Mimi\APPLIC~1\SPAMfighter

[21/10/2007|18:53] C:\DOCUME~1\Mimi\APPLIC~1\Sun

[08/03/2005|15:05] C:\DOCUME~1\Mimi\APPLIC~1\Symantec

[23/02/2008|20:08] C:\DOCUME~1\Mimi\APPLIC~1\Teleca

[24/09/2008|12:30] C:\DOCUME~1\Mimi\APPLIC~1\VadeRetro

 

[07/03/2005|19:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[15/09/2008|11:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\twain_32

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[25/09/2008 00:00][--ah-----] C:\WINDOWS\tasks\A5FD622592E31629.job

[25/09/2008 01:04][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

( A5FD622592E31629.job )=( c:\docume~1\guilla~1\applic~1\forder~1\32locksmfcd.exe )

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[04/09/2008|20:30] C:\Program Files\Adobe

[28/10/2007|13:37] C:\Program Files\Ahead

[21/10/2007|00:06] C:\Program Files\Alwil Software

[07/03/2005|20:15] C:\Program Files\Apoint

[31/10/2007|22:30] C:\Program Files\ASWO

[28/08/2008|23:01] C:\Program Files\Avira

[24/09/2008|12:46] C:\Program Files\Casperlab Software

[23/09/2008|21:08] C:\Program Files\Circle Developement

[07/03/2005|19:18] C:\Program Files\ComPlus Applications

[15/11/2007|22:07] C:\Program Files\CONEXANT

[24/09/2008|12:18] C:\Program Files\Cookies

[17/11/2007|12:36] C:\Program Files\Crouzet Automatismes

[27/10/2007|12:23] C:\Program Files\CyberLink

[23/09/2008|22:24] C:\Program Files\deo

[28/08/2008|18:25] C:\Program Files\Fichiers communs

[08/03/2005|15:09] C:\Program Files\FlashPlayer

[23/09/2008|21:08] C:\Program Files\Ford Error Hide

[02/11/2007|11:50] C:\Program Files\Google

[24/09/2008|12:14] C:\Program Files\Goto Software

[27/10/2007|20:05] C:\Program Files\Hewlett-Packard

[24/09/2008|21:36] C:\Program Files\InstallShield Installation Information

[08/03/2005|11:23] C:\Program Files\Intel

[15/08/2008|11:45] C:\Program Files\Internet Explorer

[27/10/2007|12:21] C:\Program Files\InterVideo

[31/12/2007|19:52] C:\Program Files\Intuwave

[08/03/2005|15:01] C:\Program Files\ISP

[09/12/2007|16:55] C:\Program Files\Jasc Software Inc

[08/03/2005|14:59] C:\Program Files\Java

[01/05/2008|19:06] C:\Program Files\jet-net

[01/05/2008|19:04] C:\Program Files\jet-net.org

[11/11/2007|21:05] C:\Program Files\Jeux de cartes

[09/09/2008|21:23] C:\Program Files\jv16 PowerTools

[29/08/2008|22:36] C:\Program Files\Malwarebytes' Anti-Malware

[23/09/2008|21:08] C:\Program Files\Messenger Plus! Live

[09/12/2007|17:17] C:\Program Files\Micrografx

[14/01/2008|20:48] C:\Program Files\Microsoft ActiveSync

[15/11/2007|12:12] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[12/11/2007|18:03] C:\Program Files\microsoft frontpage

[09/12/2007|16:31] C:\Program Files\Microsoft Office

[09/09/2008|14:58] C:\Program Files\Microsoft SQL Server Compact Edition

[12/11/2007|18:09] C:\Program Files\Microsoft Visual Studio

[27/10/2007|12:17] C:\Program Files\Microsoft Works

[27/10/2007|20:04] C:\Program Files\MoodLogic

[20/10/2007|19:39] C:\Program Files\Moodlogic HTML

[07/03/2005|19:19] C:\Program Files\Movie Maker

[07/03/2005|19:18] C:\Program Files\MSN Gaming Zone

[22/10/2007|18:31] C:\Program Files\MSXML 4.0

[24/09/2008|00:40] C:\Program Files\Namtuk

[07/03/2005|19:19] C:\Program Files\NetMeeting

[07/03/2005|19:18] C:\Program Files\Online Services

[27/10/2007|12:07] C:\Program Files\Outlook Express

[27/10/2007|19:24] C:\Program Files\QuickTime

[20/10/2007|19:30] C:\Program Files\Raccourcis de programmes

[08/03/2005|10:55] C:\Program Files\Realtek

[28/10/2007|12:56] C:\Program Files\Roxio

[12/06/2008|18:57] C:\Program Files\Scol

[30/10/2007|16:31] C:\Program Files\Securitoo

[07/03/2005|19:19] C:\Program Files\Services en ligne

[18/11/2007|02:19] C:\Program Files\Siemens

[27/10/2007|19:26] C:\Program Files\SmartSound Software

[20/10/2007|19:36] C:\Program Files\Sonic

[24/09/2008|21:39] C:\Program Files\Sony

[31/12/2007|19:51] C:\Program Files\Sony Ericsson

[25/09/2008|01:04] C:\Program Files\SPAMfighter

[09/12/2007|17:17] C:\Program Files\Ssce

[20/10/2007|22:36] C:\Program Files\Symantec

[31/12/2007|19:51] C:\Program Files\Symbian

[06/04/2008|11:19] C:\Program Files\TomTom HOME

[06/04/2008|11:25] C:\Program Files\TomTom HOME 2

[27/10/2007|17:59] C:\Program Files\Ulead Systems

[20/10/2007|19:40] C:\Program Files\Uninstall Information

[20/02/2008|13:28] C:\Program Files\USB Disk Win98 Driver

[25/05/2008|17:08] C:\Program Files\viewON

[06/03/2008|23:16] C:\Program Files\volcelest

[04/11/2007|17:39] C:\Program Files\Wanadoo

[14/09/2008|09:43] C:\Program Files\Windows Live

[27/10/2007|18:00] C:\Program Files\Windows Media Components

[15/11/2007|13:28] C:\Program Files\Windows Media Connect 2

[15/11/2007|13:28] C:\Program Files\Windows Media Player

[07/03/2005|19:17] C:\Program Files\Windows NT

[07/03/2005|19:20] C:\Program Files\WindowsUpdate

[07/03/2005|19:22] C:\Program Files\xerox

[08/03/2005|15:10] C:\Program Files\Yahoo HTML

[14/11/2007|18:09] C:\Program Files\Yahoo!

[08/03/2005|15:10] C:\Program Files\YahooMFU

[18/11/2007|02:19] C:\Program Files\Zero G Registry

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[08/08/2008|13:02] C:\Program Files\Fichiers communs\Adobe

[27/10/2007|12:38] C:\Program Files\Fichiers communs\Ahead

[28/08/2008|18:25] C:\Program Files\Fichiers communs\Ankiro

[28/08/2008|18:25] C:\Program Files\Fichiers communs\Application

[12/11/2007|18:09] C:\Program Files\Fichiers communs\Designer

[09/12/2007|17:17] C:\Program Files\Fichiers communs\iGrafx

[27/10/2007|17:59] C:\Program Files\Fichiers communs\InstallShield

[08/03/2005|14:59] C:\Program Files\Fichiers communs\Java

[21/01/2008|20:08] C:\Program Files\Fichiers communs\Microsoft Shared

[07/03/2005|19:19] C:\Program Files\Fichiers communs\MSSoap

[07/03/2005|20:13] C:\Program Files\Fichiers communs\ODBC

[07/03/2005|19:19] C:\Program Files\Fichiers communs\Services

[27/10/2007|17:59] C:\Program Files\Fichiers communs\SONY Digital Images

[31/12/2007|19:39] C:\Program Files\Fichiers communs\Sony Ericsson Shared

[20/10/2007|19:41] C:\Program Files\Fichiers communs\Sony Shared

[07/03/2005|20:13] C:\Program Files\Fichiers communs\SpeechEngines

[13/01/2008|13:16] C:\Program Files\Fichiers communs\SWF Studio

[20/10/2007|22:36] C:\Program Files\Fichiers communs\Symantec Shared

[12/11/2007|18:08] C:\Program Files\Fichiers communs\System

[31/12/2007|19:51] C:\Program Files\Fichiers communs\Teleca Shared

[27/10/2007|18:00] C:\Program Files\Fichiers communs\Ulead Systems

[14/11/2007|18:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller

 

--------------------\\ Process

 

( 59 Processes )

 

IEXPLORE.EXE ~ [PID:956]

IEXPLORE.EXE ~ [PID:2556]

iexplore.exe ~ [PID:2456]

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\GUILLA~1\APPLIC~1\Ford Error Hide

C:\DOCUME~1\GUILLA~1\APPLIC~1\Ford Error Hide\32locksmfcd.exe

C:\DOCUME~1\GUILLA~1\APPLIC~1\Ford Error Hide\DVD OPTION START.exe

C:\DOCUME~1\GUILLA~1\APPLIC~1\Ford Error Hide\lzelkadh.exe

C:\DOCUME~1\GUILLA~1\APPLIC~1\Ford Error Hide\recttypemapiooze.exe

C:\DOCUME~1\JOS~1\APPLIC~1\Ford Error Hide

C:\DOCUME~1\JOS~1\APPLIC~1\Ford Error Hide\DVD OPTION START.exe

C:\DOCUME~1\Mimi\APPLIC~1\Ford Error Hide

C:\DOCUME~1\Mimi\APPLIC~1\Ford Error Hide\DVD OPTION START.exe

C:\Program Files\Ford Error Hide

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Stupid Vc Soft Defy

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Stupid Vc Soft Defy\logo blue.exe

C:\DOCUME~1\GUILLA~1\APPLIC~1\forder~1

C:\DOCUME~1\GUILLA~1\APPLIC~1\forder~1\32locksmfcd.exe

C:\DOCUME~1\GUILLA~1\APPLIC~1\forder~1\DVD OPTION START.exe

C:\DOCUME~1\GUILLA~1\APPLIC~1\forder~1\lzelkadh.exe

C:\DOCUME~1\GUILLA~1\APPLIC~1\forder~1\recttypemapiooze.exe

C:\DOCUME~1\JOS~1\APPLIC~1\forder~1

C:\DOCUME~1\JOS~1\APPLIC~1\forder~1\DVD OPTION START.exe

C:\DOCUME~1\Mimi\APPLIC~1\forder~1

C:\DOCUME~1\Mimi\APPLIC~1\forder~1\DVD OPTION START.exe

C:\Program Files\forder~1

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\nsi3.tmp

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\nsp3.tmp

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\nsq3.tmp

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\nsqFC.tmp

C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\nsv3.tmp

C:\Program Files\Circle Developement

C:\Program Files\Circle Developement\Uninstall.exe

C:\WINDOWS\Tasks\A5FD622592E31629.job

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"road draw"="C:\\DOCUME~1\\GUILLA~1\\APPLIC~1\\FORDER~1\\DVD OPTION START.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"soft defy soap wave"="C:\\Documents and Settings\\All Users\\Application Data\\Stupid Vc Soft Defy\\logo blue.exe"

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-25 01:20:01

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 1

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:63][D:46]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp

[F:13][D:0]-> C:\DOCUME~1\GUILLA~1\Cookies

[F:1050][D:87]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 25/09/2008| 1:20 - Option : [1]

 

--------------------\\ Fin du rapport a 1:20:53

[Thanos]

Ok! SDFix a fait du nettoyage et on continue comme ceci >>

 

1°) Relance Lop S&D

 

• Choisis cette fois ci l'Option 2 (Suppression)
  
• Ne ferme pas la fenêtre lors de la suppression !
  
• Poste le rapport généré (C:\lopR.txt)
  

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

 

2°) Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,

 

O4 - HKLM\..\Run: [DumpTeam] C:\Codage\DumpTeam_Pack_v4.5a3.exe /S >> connais tu ceci? si non, coche!

-Ferme tous les programmes et clique sur "Fix Checked"

 

3°) Nous alons utiliser un programme que tu possèdes déjà >>

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

• Double clique sur le fichier MBAM.exe qui se trouve sur ton Bureau pour lancer le programme.
  Si tu ne vois pas l'icône du programme, tu la trouveras ici >> C:\Program Files\Malwarebytes' Anti-Malware
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen rapide"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

4°) Poste stp les rapports de LOPS&D/Malwarebytes et le rapport d'un nouveau scan hijackthis.

Modifié le 24 septembre 2008 par Thanos

[TATAV93]

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.73GHz )

BIOS : Phoenix NoteBIOS 4.0 Release 6.0

USER : Guillaume ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)

C:\ (Local Disk) - NTFS - Total : 27 Go Free : 5 Go

D:\ (Local Disk) - NTFS - Total : 39 Go Free : 1 Go

E:\ (USB)

F:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )

Option : [2] ( 25/09/2008|12:06 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\GUILLA~1\APPLIC~1\Ford Error Hide\32locksmfcd.exe

Supprime! - C:\DOCUME~1\GUILLA~1\APPLIC~1\Ford Error Hide\DVD OPTION START.exe

Supprime! - C:\DOCUME~1\GUILLA~1\APPLIC~1\Ford Error Hide\lzelkadh.exe

Supprime! - C:\DOCUME~1\GUILLA~1\APPLIC~1\Ford Error Hide\recttypemapiooze.exe

Supprime! - C:\DOCUME~1\JOS~1\APPLIC~1\Ford Error Hide\DVD OPTION START.exe

Supprime! - C:\DOCUME~1\Mimi\APPLIC~1\Ford Error Hide\DVD OPTION START.exe

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Stupid Vc Soft Defy\logo blue.exe

Supprime! - C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\nsi3.tmp

Supprime! - C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\nsp3.tmp

Supprime! - C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\nsq3.tmp

Supprime! - C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\nsqFC.tmp

Supprime! - C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\nsv3.tmp

Supprime! - C:\Program Files\Circle Developement\Uninstall.exe

Supprime! - C:\WINDOWS\Tasks\A5FD622592E31629.job

Supprime! - C:\DOCUME~1\GUILLA~1\APPLIC~1\Ford Error Hide

Supprime! - C:\DOCUME~1\JOS~1\APPLIC~1\Ford Error Hide

Supprime! - C:\DOCUME~1\Mimi\APPLIC~1\Ford Error Hide

Supprime! - C:\Program Files\Ford Error Hide

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Stupid Vc Soft Defy

Supprime! - C:\Program Files\Circle Developement

-

[ Fichier Hosts ] .. Restaure!

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[06/03/2008|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[25/05/2008|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Anyware

[28/08/2008|23:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[27/10/2007|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[20/10/2007|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[27/10/2007|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[08/03/2005|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel

[29/08/2008|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[23/09/2008|21:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[20/02/2008|13:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[04/11/2007|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[08/03/2005|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[27/10/2007|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc

[20/10/2007|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation

[31/12/2007|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson

[20/10/2007|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[31/12/2007|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca

[09/04/2008|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom

[27/10/2007|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems

[24/09/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro

[20/10/2007|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VAIO Media Platform

[15/11/2007|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[09/09/2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

[08/03/2005|15:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe

[07/03/2005|19:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[08/03/2005|15:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia

[08/03/2005|15:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[08/03/2005|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sony Corporation

[08/03/2005|15:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

 

[16/05/2008|16:04] C:\DOCUME~1\GUILLA~1\APPLIC~1\Adobe

[29/07/2008|16:48] C:\DOCUME~1\GUILLA~1\APPLIC~1\AdobeUM

[19/02/2008|15:30] C:\DOCUME~1\GUILLA~1\APPLIC~1\Google

[07/03/2005|19:21] C:\DOCUME~1\GUILLA~1\APPLIC~1\Identities

[13/12/2007|17:14] C:\DOCUME~1\GUILLA~1\APPLIC~1\Jasc Software Inc

[17/12/2007|13:56] C:\DOCUME~1\GUILLA~1\APPLIC~1\Leadertech

[08/03/2005|15:10] C:\DOCUME~1\GUILLA~1\APPLIC~1\Macromedia

[29/08/2008|22:36] C:\DOCUME~1\GUILLA~1\APPLIC~1\Malwarebytes

[05/09/2008|16:59] C:\DOCUME~1\GUILLA~1\APPLIC~1\Microsoft

[17/12/2007|13:57] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sonic

[24/09/2008|00:35] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sony Corporation

[13/12/2007|16:27] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sony Ericsson

[29/10/2007|00:56] C:\DOCUME~1\GUILLA~1\APPLIC~1\SPAMfighter

[21/10/2007|22:40] C:\DOCUME~1\GUILLA~1\APPLIC~1\Sun

[08/03/2005|15:05] C:\DOCUME~1\GUILLA~1\APPLIC~1\Symantec

[02/01/2008|01:13] C:\DOCUME~1\GUILLA~1\APPLIC~1\Teleca

[05/05/2008|21:43] C:\DOCUME~1\GUILLA~1\APPLIC~1\Ulead Systems

[24/09/2008|12:14] C:\DOCUME~1\GUILLA~1\APPLIC~1\VadeRetro

[02/08/2008|02:19] C:\DOCUME~1\GUILLA~1\APPLIC~1\vlc

 

[16/05/2008|23:59] C:\DOCUME~1\JOS~1\APPLIC~1\Adobe

[04/09/2008|20:34] C:\DOCUME~1\JOS~1\APPLIC~1\AdobeUM

[21/10/2007|01:22] C:\DOCUME~1\JOS~1\APPLIC~1\Google

[28/03/2008|20:38] C:\DOCUME~1\JOS~1\APPLIC~1\Help

[23/10/2007|21:29] C:\DOCUME~1\JOS~1\APPLIC~1\Identities

[09/12/2007|16:55] C:\DOCUME~1\JOS~1\APPLIC~1\Jasc Software Inc

[26/02/2008|20:18] C:\DOCUME~1\JOS~1\APPLIC~1\Leadertech

[18/11/2007|01:15] C:\DOCUME~1\JOS~1\APPLIC~1\LimeWire

[08/03/2005|15:10] C:\DOCUME~1\JOS~1\APPLIC~1\Macromedia

[09/12/2007|23:06] C:\DOCUME~1\JOS~1\APPLIC~1\Micrografx

[28/08/2008|16:54] C:\DOCUME~1\JOS~1\APPLIC~1\Microsoft

[12/11/2007|18:04] C:\DOCUME~1\JOS~1\APPLIC~1\Microsoft Web Folders

[17/08/2008|21:11] C:\DOCUME~1\JOS~1\APPLIC~1\Mozilla

[26/02/2008|20:18] C:\DOCUME~1\JOS~1\APPLIC~1\Sonic

[24/09/2008|21:13] C:\DOCUME~1\JOS~1\APPLIC~1\Sony Corporation

[08/12/2007|18:01] C:\DOCUME~1\JOS~1\APPLIC~1\Sony Ericsson

[27/10/2007|17:37] C:\DOCUME~1\JOS~1\APPLIC~1\SPAMfighter

[21/10/2007|01:14] C:\DOCUME~1\JOS~1\APPLIC~1\Sun

[08/03/2005|15:05] C:\DOCUME~1\JOS~1\APPLIC~1\Symantec

[31/12/2007|19:52] C:\DOCUME~1\JOS~1\APPLIC~1\Teleca

[04/04/2008|18:03] C:\DOCUME~1\JOS~1\APPLIC~1\TomTom

[27/10/2007|19:47] C:\DOCUME~1\JOS~1\APPLIC~1\Ulead Systems

[24/09/2008|16:12] C:\DOCUME~1\JOS~1\APPLIC~1\VadeRetro

[09/08/2008|00:40] C:\DOCUME~1\JOS~1\APPLIC~1\vlc

 

[08/09/2008|23:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[15/09/2008|12:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\twain_32

 

[26/05/2008|18:05] C:\DOCUME~1\Mimi\APPLIC~1\Adobe

[10/06/2008|16:19] C:\DOCUME~1\Mimi\APPLIC~1\AdobeUM

[21/10/2007|18:41] C:\DOCUME~1\Mimi\APPLIC~1\Google

[07/03/2005|19:21] C:\DOCUME~1\Mimi\APPLIC~1\Identities

[08/03/2005|15:10] C:\DOCUME~1\Mimi\APPLIC~1\Macromedia

[05/09/2008|17:28] C:\DOCUME~1\Mimi\APPLIC~1\Microsoft

[08/03/2005|14:59] C:\DOCUME~1\Mimi\APPLIC~1\Sony Corporation

[08/12/2007|22:45] C:\DOCUME~1\Mimi\APPLIC~1\Sony Ericsson

[31/10/2007|14:51] C:\DOCUME~1\Mimi\APPLIC~1\SPAMfighter

[21/10/2007|18:53] C:\DOCUME~1\Mimi\APPLIC~1\Sun

[08/03/2005|15:05] C:\DOCUME~1\Mimi\APPLIC~1\Symantec

[23/02/2008|20:08] C:\DOCUME~1\Mimi\APPLIC~1\Teleca

[24/09/2008|12:30] C:\DOCUME~1\Mimi\APPLIC~1\VadeRetro

 

[07/03/2005|19:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[15/09/2008|11:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\twain_32

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[25/09/2008 05:34][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[04/09/2008|20:30] C:\Program Files\Adobe

[28/10/2007|13:37] C:\Program Files\Ahead

[21/10/2007|00:06] C:\Program Files\Alwil Software

[07/03/2005|20:15] C:\Program Files\Apoint

[31/10/2007|22:30] C:\Program Files\ASWO

[28/08/2008|23:01] C:\Program Files\Avira

[24/09/2008|12:46] C:\Program Files\Casperlab Software

[07/03/2005|19:18] C:\Program Files\ComPlus Applications

[15/11/2007|22:07] C:\Program Files\CONEXANT

[24/09/2008|12:18] C:\Program Files\Cookies

[17/11/2007|12:36] C:\Program Files\Crouzet Automatismes

[27/10/2007|12:23] C:\Program Files\CyberLink

[23/09/2008|22:24] C:\Program Files\deo

[28/08/2008|18:25] C:\Program Files\Fichiers communs

[08/03/2005|15:09] C:\Program Files\FlashPlayer

[02/11/2007|11:50] C:\Program Files\Google

[24/09/2008|12:14] C:\Program Files\Goto Software

[27/10/2007|20:05] C:\Program Files\Hewlett-Packard

[24/09/2008|21:36] C:\Program Files\InstallShield Installation Information

[08/03/2005|11:23] C:\Program Files\Intel

[15/08/2008|11:45] C:\Program Files\Internet Explorer

[27/10/2007|12:21] C:\Program Files\InterVideo

[31/12/2007|19:52] C:\Program Files\Intuwave

[08/03/2005|15:01] C:\Program Files\ISP

[09/12/2007|16:55] C:\Program Files\Jasc Software Inc

[08/03/2005|14:59] C:\Program Files\Java

[01/05/2008|19:06] C:\Program Files\jet-net

[01/05/2008|19:04] C:\Program Files\jet-net.org

[11/11/2007|21:05] C:\Program Files\Jeux de cartes

[09/09/2008|21:23] C:\Program Files\jv16 PowerTools

[29/08/2008|22:36] C:\Program Files\Malwarebytes' Anti-Malware

[23/09/2008|21:08] C:\Program Files\Messenger Plus! Live

[09/12/2007|17:17] C:\Program Files\Micrografx

[14/01/2008|20:48] C:\Program Files\Microsoft ActiveSync

[15/11/2007|12:12] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[12/11/2007|18:03] C:\Program Files\microsoft frontpage

[09/12/2007|16:31] C:\Program Files\Microsoft Office

[09/09/2008|14:58] C:\Program Files\Microsoft SQL Server Compact Edition

[12/11/2007|18:09] C:\Program Files\Microsoft Visual Studio

[27/10/2007|12:17] C:\Program Files\Microsoft Works

[27/10/2007|20:04] C:\Program Files\MoodLogic

[20/10/2007|19:39] C:\Program Files\Moodlogic HTML

[07/03/2005|19:19] C:\Program Files\Movie Maker

[07/03/2005|19:18] C:\Program Files\MSN Gaming Zone

[22/10/2007|18:31] C:\Program Files\MSXML 4.0

[24/09/2008|00:40] C:\Program Files\Namtuk

[07/03/2005|19:19] C:\Program Files\NetMeeting

[07/03/2005|19:18] C:\Program Files\Online Services

[27/10/2007|12:07] C:\Program Files\Outlook Express

[27/10/2007|19:24] C:\Program Files\QuickTime

[20/10/2007|19:30] C:\Program Files\Raccourcis de programmes

[08/03/2005|10:55] C:\Program Files\Realtek

[28/10/2007|12:56] C:\Program Files\Roxio

[12/06/2008|18:57] C:\Program Files\Scol

[30/10/2007|16:31] C:\Program Files\Securitoo

[07/03/2005|19:19] C:\Program Files\Services en ligne

[18/11/2007|02:19] C:\Program Files\Siemens

[27/10/2007|19:26] C:\Program Files\SmartSound Software

[20/10/2007|19:36] C:\Program Files\Sonic

[24/09/2008|21:39] C:\Program Files\Sony

[31/12/2007|19:51] C:\Program Files\Sony Ericsson

[25/09/2008|05:35] C:\Program Files\SPAMfighter

[09/12/2007|17:17] C:\Program Files\Ssce

[20/10/2007|22:36] C:\Program Files\Symantec

[31/12/2007|19:51] C:\Program Files\Symbian

[06/04/2008|11:19] C:\Program Files\TomTom HOME

[06/04/2008|11:25] C:\Program Files\TomTom HOME 2

[27/10/2007|17:59] C:\Program Files\Ulead Systems

[20/10/2007|19:40] C:\Program Files\Uninstall Information

[20/02/2008|13:28] C:\Program Files\USB Disk Win98 Driver

[25/05/2008|17:08] C:\Program Files\viewON

[06/03/2008|23:16] C:\Program Files\volcelest

[04/11/2007|17:39] C:\Program Files\Wanadoo

[14/09/2008|09:43] C:\Program Files\Windows Live

[27/10/2007|18:00] C:\Program Files\Windows Media Components

[15/11/2007|13:28] C:\Program Files\Windows Media Connect 2

[15/11/2007|13:28] C:\Program Files\Windows Media Player

[07/03/2005|19:17] C:\Program Files\Windows NT

[07/03/2005|19:20] C:\Program Files\WindowsUpdate

[07/03/2005|19:22] C:\Program Files\xerox

[08/03/2005|15:10] C:\Program Files\Yahoo HTML

[14/11/2007|18:09] C:\Program Files\Yahoo!

[08/03/2005|15:10] C:\Program Files\YahooMFU

[18/11/2007|02:19] C:\Program Files\Zero G Registry

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[08/08/2008|13:02] C:\Program Files\Fichiers communs\Adobe

[27/10/2007|12:38] C:\Program Files\Fichiers communs\Ahead

[28/08/2008|18:25] C:\Program Files\Fichiers communs\Ankiro

[28/08/2008|18:25] C:\Program Files\Fichiers communs\Application

[12/11/2007|18:09] C:\Program Files\Fichiers communs\Designer

[09/12/2007|17:17] C:\Program Files\Fichiers communs\iGrafx

[27/10/2007|17:59] C:\Program Files\Fichiers communs\InstallShield

[08/03/2005|14:59] C:\Program Files\Fichiers communs\Java

[21/01/2008|20:08] C:\Program Files\Fichiers communs\Microsoft Shared

[07/03/2005|19:19] C:\Program Files\Fichiers communs\MSSoap

[07/03/2005|20:13] C:\Program Files\Fichiers communs\ODBC

[07/03/2005|19:19] C:\Program Files\Fichiers communs\Services

[27/10/2007|17:59] C:\Program Files\Fichiers communs\SONY Digital Images

[31/12/2007|19:39] C:\Program Files\Fichiers communs\Sony Ericsson Shared

[20/10/2007|19:41] C:\Program Files\Fichiers communs\Sony Shared

[07/03/2005|20:13] C:\Program Files\Fichiers communs\SpeechEngines

[13/01/2008|13:16] C:\Program Files\Fichiers communs\SWF Studio

[20/10/2007|22:36] C:\Program Files\Fichiers communs\Symantec Shared

[12/11/2007|18:08] C:\Program Files\Fichiers communs\System

[31/12/2007|19:51] C:\Program Files\Fichiers communs\Teleca Shared

[27/10/2007|18:00] C:\Program Files\Fichiers communs\Ulead Systems

[14/11/2007|18:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller

 

--------------------\\ Process

 

( 52 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\GUILLA~1\Cookies\guillaume@adopt.euroclick[1].txt

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-25 12:07:13

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 1

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:63][D:41]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp

[F:24][D:0]-> C:\DOCUME~1\GUILLA~1\Cookies

[F:862][D:87]-> C:\DOCUME~1\GUILLA~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 25/09/2008| 1:20 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 25/09/2008|12:08 - Option : [2]

 

--------------------\\ Fin du rapport a 12:08:20

[Thanos]

salut TATAV93

 

Ok pour le rapport de LOPS&D qui montre que l'infection CID(LOP) a bien été éradiquée

Pour ton info: L'infection CID (éliminée grace à LOP S&D), on la crée nous même sans le savoir lors de l'installation de MessengerPlus! 3. (et de certains programmes du type BitTorrent)

Lorsque tu installes ce programme, il ne faut surtout pas accepter les sponsors > il faut cocher le bouton radio "Je refuse d'apporter mon soutien...." >>

 

en attente des rapports de MBAM et d'un nouveau rapport hijackthis.

[TATAV93]

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1203

Windows 5.1.2600 Service Pack 2

 

25/09/2008 12:23:06

mbam-log-2008-09-25 (12-23-06).txt

 

Type de recherche: Examen rapide

Eléments examinés: 55026

Temps écoulé: 6 minute(s), 1 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 5

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 3

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Delete on reboot.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Delete on reboot.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:24:54, on 25/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\USB Disk Win98 Driver\Res.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Goto Software\Vade Retro\Vaderetro_Mgr.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Apoint\Apntex.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Guillaume\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DumpTeam] C:\Codage\DumpTeam_Pack_v4.5a3.exe /S

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [VadeRetro Outlook] C:\Program Files\Goto Software\Vade Retro\VrMoRegister.exe -s

O4 - HKLM\..\Run: [VadeRetro Desktop] C:\Program Files\Goto Software\Vade Retro\Vaderetro_Mgr.exe

O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

 

--

End of file - 12712 bytes