[Résolu]Processus iexplore

[LUD0243]

Bonjour à tous ^^

 

J' ais un souci. Je voudrais installé un programme mais pour cela, ce programme me demande de fermer certaines applications. Comme firefox ou internet explorer. Seulement, j' utilises jamais internet explorer (6 sur mon ordi). Même le programme fermé, il me met qu' il faut arrêté l' application iexplorer pour installer le programme. Dans "Gestionnaire des tâches de windows" dans l' onglet processus, il y a 2 iexplore. Un qui utilises 2,892 Ko de mémoire et un autre de 12,868 Ko. En terminant le processus de l' un des 2 il revient quelques secondes après. Cela fait longtemps que j' ais sa mais sa ne m' ennuie pas jusqu' à aujourd'hui. Mais j' ais quand même des pop up internet explorer qui apparaisses parfois même sans avoir voulu ouvrir internet.

 

Je me suis beaucoup renseigné sur google. Apparement, je ne peux trouvé la solution seul. J' ais besoin d' une gentil âme qui pourra m' aider ^^ D' ailleur mon antivirus AVG n' a pas su m' aider après un scan de 4H00.

 

J' ais utilisé hijackthis pour faire un log je crois, enfin, je sais plus, je m' y connais pas trop je dois dire ^^'

 

Voici le résultat:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:52:20, on 15/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\system32\hphmon03.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Documents and Settings\Utilisateur\Bureau\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Utilisateur\Bureau\kav8_fr_Google.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = gyukiuk

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [1B171C19221E1B221] 625E63606965626.exe

O4 - HKLM\..\Run: [services] C:\WINDOWS\system32\ohwyppcf.exe

O4 - HKLM\..\Run: [E3E4E7E] EAEBE.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [clock blue jugs wait] C:\Documents and Settings\All Users\Application Data\internet settings clock blue\Bash Hold.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Utilisateur\Bureau\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ViewStyle] C:\DOCUME~1\UTILIS~1\APPLIC~1\REGSBO~1\borearmyfunk.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200090105692

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: crypt - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 7799 bytes

 

 

Faut-il quelques choses de plus?

 

Et merci d' avance à ceux qui m' aideront en espèrant qu' il y aie une solution.

Modifié le 17 février 2009 par LUD0243

[Apollo]

Bonsoir,

 

Il faudra de toute façon installer Explorer 7 même si ce n'est pas ton navigateur par défaut.

Il est plus sécurisé que le 6; de plus, ilest indispensable pour les mises à jour logicielles des antivirus rien que pour prendre un exemple. (ou windows update).

 

Donc ne JAMAIS suivre le conseil d'un inconscient qui écrit dans un topic: "vire Explorer!" Certains forums sont fréquentés par des illuminés hein...

 

1)

Télécharge MSNFix.zip (de !aur3n7) sur le bureau:

Aide en images: http://www.malekal.com/tutorial_MSNFix.php

 

http://sosvirus.changelog.fr/MSNFix.zip

 

Adresse secondaire: http://cfasi.fr/MSNFix/MSNFix.zip

Décompresse-le (clic droit : Extraire ici).

 

Ouvre-le et double clique sur le fichier MSNFix.bat c

---> Sous Vista: Clic droit/exécuter en temps qu'administrateur!

.

- Exécutez l'option R.

- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.

- Sauvegarde ce rapport puis fais-en un copier/coller sur le forum, ainsi qu'un scan HijackThis fait en mode normal.

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

 

NB:

Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

 

Poste le rapport stp.

 

Il est conseillé de prévenir tous tes contacts afin qu'ils procédent à la même opération car cette infection s'envoie toute seule avec ton adresse à tout ton carnet d'adresses et ainsi de suite par eux vers d'autres internautes.

 

2) Télécharge Lop S&D.exe sur ton Bureau.

http://eric.71.mespages.googlepages.com/LopSD.exe

 

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

Sous Vista: Clic droit/exécuter en temps qu'administrateur ***

 

Sélectionne la langue souhaitée , puis choisis l'option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

@++

[LUD0243]

Salut,

 

Eh bien voilà le rapport qui est apparaît sur mon bureau après avoir suivi le tutoriel:

 

read file error: C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.

read file error: C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.

read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.

 

 

Il y avait bien infection, j' ais du redémarrer mon ordinateur. J' ais relancé le programme.bat moi même et refais la manipulation pour avoir un fichier texte sur mon bureau nommé "cathme" qui contient le rapport ci-dessus. Pas très bon signe apparement...

 

EDIT:

 

Je suis en train de faire la 2eme étape. Celle avec Lop S&D. Je poste le rapport dés que c' est terminé.

 

EDIT2:

 

Voilà le rapport:

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1600MHz )

BIOS : Rev 1.0 XXX

USER : Utilisateur ( Administrator )

BOOT : Normal boot

Antivirus : AVG Internet Security 8.0 (Activated)

C:\ (Local Disk) - NTFS - Total:38 Go (Free:2 Go)

D:\ (Local Disk) - NTFS - Total:36 Go (Free:4 Go)

E:\ (USB)

F:\ (CD or DVD)

G:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( dim. 15/02/2009|22:00 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[22/04/2008|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[18/01/2009|16:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[24/11/2007|12:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

 

[19/11/2007|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[19/11/2007|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

[03/11/2007|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[01/12/2007|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[15/02/2009|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8

[16/10/2007|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[14/02/2009|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue

[18/06/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[18/01/2009|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[17/05/2008|23:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle

[17/05/2008|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin

[25/11/2007|23:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm

[07/04/2008|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[21/01/2008|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[18/01/2009|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro

[17/05/2008|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin

[07/11/2007|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[22/04/2008|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

[15/10/2007|15:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[22/11/2008|20:21] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Adobe

[12/01/2008|12:21] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Apple Computer

[16/05/2008|06:38] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\BitTorrent

[17/06/2008|18:23] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\DivX

[17/11/2007|20:32] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[17/11/2007|20:33] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[07/05/2008|18:13] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Google

[21/10/2007|17:29] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Identities

[24/03/2008|11:58] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\LimeWire

[22/10/2007|14:37] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Macromedia

[22/05/2008|19:28] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Microsoft

[17/09/2008|16:21] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Mozilla

[17/06/2008|18:22] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Pegasys Inc

[05/12/2007|16:10] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Sun

 

[18/01/2009|16:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[16/06/2008|17:34] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Adobe

[15/12/2007|23:32] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\AdobeUM

[01/12/2007|23:21] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Apple Computer

[17/06/2008|16:58] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Canon

[13/12/2007|17:23] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\CyberLink

[15/06/2008|15:07] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\DivX

[17/11/2007|19:48] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[17/11/2007|19:48] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[20/10/2007|07:48] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Identities

[17/12/2008|11:31] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Lavasoft

[13/12/2008|13:52] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\LimeWire

[20/10/2007|07:51] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Macromedia

[15/06/2008|19:36] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Media Player Classic

[19/03/2008|21:28] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Microsoft

[31/08/2008|15:34] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Mozilla

[06/04/2008|18:18] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\MSNInstaller

[19/11/2007|21:35] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Opera

[15/06/2008|15:51] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Pegasys Inc

[14/02/2009|15:36] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Regs Bows Wma

[02/12/2007|00:41] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Sun

 

[22/11/2008|18:41] C:\DOCUME~1\Miiman!\APPLIC~1\Adobe

[17/05/2008|13:57] C:\DOCUME~1\Miiman!\APPLIC~1\AdobeUM

[11/12/2007|14:09] C:\DOCUME~1\Miiman!\APPLIC~1\Apple Computer

[17/05/2008|13:42] C:\DOCUME~1\Miiman!\APPLIC~1\DivX

[05/10/2008|07:20] C:\DOCUME~1\Miiman!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[17/11/2007|19:59] C:\DOCUME~1\Miiman!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[08/11/2008|14:38] C:\DOCUME~1\Miiman!\APPLIC~1\Help

[17/05/2008|13:32] C:\DOCUME~1\Miiman!\APPLIC~1\Identities

[08/11/2008|14:21] C:\DOCUME~1\Miiman!\APPLIC~1\Jasc

[20/01/2008|18:47] C:\DOCUME~1\Miiman!\APPLIC~1\LimeWire

[22/11/2008|18:44] C:\DOCUME~1\Miiman!\APPLIC~1\Macromedia

[17/05/2008|13:42] C:\DOCUME~1\Miiman!\APPLIC~1\Media Player Classic

[18/01/2009|17:29] C:\DOCUME~1\Miiman!\APPLIC~1\Microsoft

[17/11/2007|20:12] C:\DOCUME~1\Miiman!\APPLIC~1\Microsoft Web Folders

[16/09/2008|18:13] C:\DOCUME~1\Miiman!\APPLIC~1\Mozilla

[21/10/2007|16:08] C:\DOCUME~1\Miiman!\APPLIC~1\MSNInstaller

[03/02/2009|21:02] C:\DOCUME~1\Miiman!\APPLIC~1\Regs Bows Wma

[11/01/2009|14:13] C:\DOCUME~1\Miiman!\APPLIC~1\Sun

 

[16/12/2008|22:46] C:\DOCUME~1\NETWOR~1\APPLIC~1\DivX

[18/01/2009|16:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[16/06/2008|18:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe

[03/10/2008|15:38] C:\DOCUME~1\UTILIS~1\APPLIC~1\AdobeUM

[25/03/2008|14:34] C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer

[15/02/2009|11:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\BitTorrent

[11/06/2008|18:20] C:\DOCUME~1\UTILIS~1\APPLIC~1\Canon

[29/11/2008|23:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\codeblocks

[29/11/2008|23:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\Dev-Cpp

[12/05/2008|16:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\DivX

[02/09/2008|16:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\DNA

[21/11/2007|14:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[21/11/2007|14:44] C:\DOCUME~1\UTILIS~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[08/02/2009|20:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\Help

[16/10/2007|08:38] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities

[07/11/2008|21:40] C:\DOCUME~1\UTILIS~1\APPLIC~1\Jasc

[16/10/2007|10:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\Lavasoft

[16/10/2007|11:28] C:\DOCUME~1\UTILIS~1\APPLIC~1\Leadertech

[19/12/2008|17:16] C:\DOCUME~1\UTILIS~1\APPLIC~1\LimeWire

[19/10/2007|21:33] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia

[26/12/2007|20:01] C:\DOCUME~1\UTILIS~1\APPLIC~1\Media Player Classic

[18/01/2009|16:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft

[30/08/2008|18:40] C:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla

[09/02/2009|23:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Opera

[01/02/2009|12:51] C:\DOCUME~1\UTILIS~1\APPLIC~1\Regs Bows Wma

[26/01/2008|01:10] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun

[17/12/2007|16:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\teamspeak2

[02/09/2008|19:27] C:\DOCUME~1\UTILIS~1\APPLIC~1\U3

[15/02/2009|00:18] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[15/02/2009 22:00][--ah-----] C:\WINDOWS\tasks\AE490D48918ABDF4.job

[15/02/2009 18:12][--a------] C:\WINDOWS\tasks\Norton Security Scan for Utilisateur.job

[15/02/2009 22:00][--ah-----] C:\WINDOWS\tasks\AD4B83C192F837ED.job

[01/01/2009 15:15][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[15/02/2009 21:08][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

( AD4B83C192F837ED.job )=( c:\docume~1\utilis~1\applic~1\regsbo~1\pilecorndart.exe )

( AE490D48918ABDF4.job )=( c:\docume~1\lououz~1.!\applic~1\regsbo~1\pilecorndart.exe )

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[20/11/2008|17:34] C:\Program Files\7-Zip

[26/12/2007|20:12] C:\Program Files\AC3Filter

[17/11/2007|19:48] C:\Program Files\ACD Systems

[16/06/2008|17:21] C:\Program Files\Adobe

[01/07/2008|22:37] C:\Program Files\Advanced Batch Converter

[16/10/2007|10:02] C:\Program Files\Ahead

[10/02/2009|00:49] C:\Program Files\Alcohol Soft

[01/12/2007|23:16] C:\Program Files\Apple Software Update

[12/08/2008|20:50] C:\Program Files\Audacity

[18/01/2009|16:59] C:\Program Files\AVG

[25/01/2008|20:15] C:\Program Files\BitTorrent

[17/05/2008|22:09] C:\Program Files\Bobyte

[17/11/2007|19:05] C:\Program Files\Canon

[12/08/2008|21:39] C:\Program Files\CDex_151

[12/08/2008|20:41] C:\Program Files\CDex_170b2

[16/12/2008|15:35] C:\Program Files\Cheat Engine

[01/02/2009|13:15] C:\Program Files\Circle Developement

[29/11/2008|23:06] C:\Program Files\CodeBlocks

[26/12/2007|19:58] C:\Program Files\Combined Community Codec Pack

[15/10/2007|14:38] C:\Program Files\ComPlus Applications

[10/02/2009|00:50] C:\Program Files\Conduit

[16/10/2007|10:22] C:\Program Files\CyberLink

[29/10/2007|20:24] C:\Program Files\directx

[16/10/2007|11:26] C:\Program Files\Diskeeper Corporation

[15/06/2008|15:51] C:\Program Files\DivX

[02/09/2008|16:17] C:\Program Files\DNA

[21/01/2009|14:54] C:\Program Files\Dofus

[11/04/2008|16:04] C:\Program Files\Dr4iNLiF3 Products

[03/11/2008|18:05] C:\Program Files\Eltima Software

[20/12/2007|15:08] C:\Program Files\eMule

[11/02/2009|18:47] C:\Program Files\Fichiers communs

[15/02/2009|12:58] C:\Program Files\free-downloads.net

[29/01/2009|18:04] C:\Program Files\Helper

[17/11/2007|19:46] C:\Program Files\Hewlett-Packard

[17/11/2007|19:39] C:\Program Files\hp photosmart

[01/07/2008|22:25] C:\Program Files\ImageConverter Plus

[08/05/2008|17:29] C:\Program Files\InstallShield Installation Information

[15/02/2009|20:51] C:\Program Files\Internet Explorer

[01/12/2007|23:21] C:\Program Files\iPod

[01/12/2007|23:21] C:\Program Files\iTunes

[07/11/2008|21:39] C:\Program Files\Jasc Software Inc

[18/01/2009|17:08] C:\Program Files\Java

[12/05/2008|16:06] C:\Program Files\K-Lite Codec Pack

[16/10/2007|10:29] C:\Program Files\Lavasoft

[07/10/2008|22:45] C:\Program Files\LimeWire

[21/10/2007|17:58] C:\Program Files\Maxis

[13/12/2008|08:23] C:\Program Files\Messenger

[23/11/2008|17:22] C:\Program Files\Messenger Plus! Live

[17/11/2007|20:24] C:\Program Files\microsoft frontpage

[18/01/2009|17:22] C:\Program Files\Microsoft Office

[22/04/2008|20:53] C:\Program Files\Microsoft SQL Server Compact Edition

[18/01/2009|17:21] C:\Program Files\Microsoft.NET

[21/09/2008|17:19] C:\Program Files\Mindscape

[12/12/2008|18:34] C:\Program Files\Movie Maker

[15/02/2009|21:12] C:\Program Files\Mozilla Firefox

[06/04/2008|18:19] C:\Program Files\MSN

[15/10/2007|14:32] C:\Program Files\MSN Gaming Zone

[12/12/2008|18:26] C:\Program Files\NetMeeting

[15/02/2009|00:20] C:\Program Files\Noel Danjou

[15/02/2009|18:00] C:\Program Files\Norton Security Scan

[15/10/2007|14:32] C:\Program Files\Online Services

[09/02/2009|23:54] C:\Program Files\Opera

[15/02/2009|21:04] C:\Program Files\Outerinfo

[12/12/2008|18:26] C:\Program Files\Outlook Express

[08/11/2008|14:15] C:\Program Files\PhotoFiltre

[17/05/2008|23:35] C:\Program Files\Pinnacle

[29/11/2008|16:57] C:\Program Files\Project64 1.6

[01/12/2007|23:20] C:\Program Files\QuickTime

[26/12/2007|20:29] C:\Program Files\Red Kawa

[14/02/2009|15:35] C:\Program Files\Regs Bows Wma

[08/05/2008|17:29] C:\Program Files\Samsung

[15/10/2007|14:41] C:\Program Files\Services en ligne

[10/02/2009|00:19] C:\Program Files\SlySoft

[29/11/2007|17:56] C:\Program Files\SM

[18/10/2008|19:29] C:\Program Files\Speed Gear 5

[21/01/2008|20:02] C:\Program Files\Spybot - Search & Destroy

[17/12/2007|16:47] C:\Program Files\Teamspeak2_RC2

[30/11/2007|21:55] C:\Program Files\ThriXXX

[15/02/2009|18:51] C:\Program Files\Trend Micro

[21/10/2007|11:20] C:\Program Files\Ubi Soft

[16/10/2007|08:38] C:\Program Files\Uninstall Information

[14/02/2009|23:47] C:\Program Files\VideoLAN

[04/05/2008|21:12] C:\Program Files\Windows Live

[05/11/2007|15:50] C:\Program Files\Windows Media Connect 2

[12/12/2008|18:26] C:\Program Files\Windows Media Player

[12/12/2008|18:26] C:\Program Files\Windows NT

[15/10/2007|14:42] C:\Program Files\WindowsUpdate

[16/10/2007|10:33] C:\Program Files\WinRAR

[15/10/2007|15:13] C:\Program Files\xerox

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[15/02/2009|11:05] C:\Program Files\Fichiers communs\Adobe

[19/11/2007|16:34] C:\Program Files\Fichiers communs\Adobe Systems Shared

[16/10/2007|10:02] C:\Program Files\Fichiers communs\Ahead

[01/12/2007|23:15] C:\Program Files\Fichiers communs\Apple

[18/01/2009|17:22] C:\Program Files\Fichiers communs\DESIGNER

[20/09/2008|12:54] C:\Program Files\Fichiers communs\GTK

[19/11/2007|17:28] C:\Program Files\Fichiers communs\InstallShield

[21/10/2007|17:47] C:\Program Files\Fichiers communs\Java

[21/01/2009|18:06] C:\Program Files\Fichiers communs\Microsoft Shared

[15/10/2007|14:40] C:\Program Files\Fichiers communs\MSSoap

[15/10/2007|16:05] C:\Program Files\Fichiers communs\ODBC

[15/10/2007|14:40] C:\Program Files\Fichiers communs\Services

[15/10/2007|16:05] C:\Program Files\Fichiers communs\SpeechEngines

[15/02/2009|18:06] C:\Program Files\Fichiers communs\Symantec Shared

[18/01/2009|17:21] C:\Program Files\Fichiers communs\System

[01/08/2008|11:46] C:\Program Files\Fichiers communs\tjd

[22/04/2008|20:47] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[17/05/2008|23:35] C:\Program Files\Fichiers communs\Yahoo!

 

--------------------\\ Process

 

( 55 Processes )

 

IEXPLORE.EXE ~ [PID:3984]

IEXPLORE.EXE ~ [PID:2316]

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue

C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\Bash Hold.dat

C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\Bash Hold.exe

C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\Gram Type.dat

C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\Gram Type.exe

C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\TYPE ROAM.dat

C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\TYPE ROAM.exe

C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\regsbo~1

C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\regsbo~1\borearmyfunk.exe

C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\regsbo~1\onsgzady.exe

C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\regsbo~1\OwnsStupidBoneSettings.exe

C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\regsbo~1\pilecorndart.exe

C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1

C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1\borearmyfunk.exe

C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1\OwnsStupidBoneSettings.exe

C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1\pilecorndart.exe

C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1\qnxilozk.exe

C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1\smoqzjjv.exe

C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1

C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1\axmjsslq.exe

C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1\borearmyfunk.exe

C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1\OwnsStupidBoneSettings.exe

C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1\pilecorndart.exe

C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1\uwmwbfdn.exe

C:\Program Files\regsbo~1

C:\Program Files\Circle Developement

C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@advertstream[1].txt

C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@adin.bigpoint[2].txt

C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@fr1.seafight.bigpoint[2].txt

C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@pacificpoker[1].txt

C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@fr1.seafight.bigpoint[2].txt

C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@32vegas[1].txt

C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@banner.32vegas[2].txt

C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@royalvegas[1].txt

C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@www.royalvegas[1].txt

C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@888[2].txt

C:\WINDOWS\Tasks\AD4B83C192F837ED.job

C:\WINDOWS\Tasks\AE490D48918ABDF4.job

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ViewStyle"="C:\\DOCUME~1\\UTILIS~1\\APPLIC~1\\REGSBO~1\\borearmyfunk.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"clock blue jugs wait"="C:\\Documents and Settings\\All Users\\Application Data\\internet settings clock blue\\Bash Hold.exe"

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts MODIFIE

 

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

 

-> 58 [ 56 ## added by CiD ]

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-15 22:01:50

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 297

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\UTILIS~1\Bureau\Patch\flash_CS4_Crack.exe

C:\DOCUME~1\UTILIS~1\Local Settings\Temp\Adobe_Flash_CS4_Professional_v10.0___Crack___PCFORUM89.4459784.TPB.torrent

 

 

[F:3818][D:107]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp

[F:195][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies

[F:899][D:5]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - dim. 15/02/2009|21:52 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - dim. 15/02/2009|22:03 - Option : [1]

 

--------------------\\ Fin du rapport a 22:03:08

Modifié le 15 février 2009 par LUD0243

[Apollo]

Re,

 

Oui et il y en a encore; on emploiera l'artillerie lourde si nécessaire.

 

Bon les cracks, faut pas chercher plus loin, ça vient de là les infections.

 

Relance Lop S&D

 

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

Après ce rapport, poste un nouveau log Hijackthis stp.

 

@++

[LUD0243]

Re salut!

 

Voilà, j' ais fait ce que tu m' as dis ^^

 

 

Rapport Lop S&D:

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1600MHz )

BIOS : Rev 1.0 XXX

USER : Utilisateur ( Administrator )

BOOT : Normal boot

Antivirus : AVG Internet Security 8.0 (Activated)

C:\ (Local Disk) - NTFS - Total:38 Go (Free:2 Go)

D:\ (Local Disk) - NTFS - Total:36 Go (Free:4 Go)

E:\ (USB)

F:\ (CD or DVD)

G:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( dim. 15/02/2009|22:37 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\Bash Hold.dat

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\Bash Hold.exe

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\Gram Type.dat

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\Gram Type.exe

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\TYPE ROAM.dat

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue\TYPE ROAM.exe

Supprime! - C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\regsbo~1\borearmyfunk.exe

Supprime! - C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\regsbo~1\onsgzady.exe

Supprime! - C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\regsbo~1\OwnsStupidBoneSettings.exe

Supprime! - C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\regsbo~1\pilecorndart.exe

Supprime! - C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1\borearmyfunk.exe

Supprime! - C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1\OwnsStupidBoneSettings.exe

Supprime! - C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1\pilecorndart.exe

Supprime! - C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1\qnxilozk.exe

Supprime! - C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1\smoqzjjv.exe

Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1\axmjsslq.exe

Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1\borearmyfunk.exe

Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1\OwnsStupidBoneSettings.exe

Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1\pilecorndart.exe

Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1\uwmwbfdn.exe

Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@advertstream[1].txt

Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@adin.bigpoint[2].txt

Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@fr1.seafight.bigpoint[2].txt

Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@pacificpoker[1].txt

Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@32vegas[1].txt

Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@banner.32vegas[2].txt

Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@royalvegas[1].txt

Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@www.royalvegas[1].txt

Supprime! - C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@888[2].txt

Supprime! - C:\WINDOWS\Tasks\AD4B83C192F837ED.job

Supprime! - C:\WINDOWS\Tasks\AE490D48918ABDF4.job

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\internet settings clock blue

Supprime! - C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\regsbo~1

Supprime! - C:\DOCUME~1\Miiman!\APPLIC~1\regsbo~1

Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\regsbo~1

Supprime! - C:\Program Files\regsbo~1

Supprime! - C:\Program Files\Circle Developement

-

[ Fichier Hosts ] .. Restaure!

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[22/04/2008|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[18/01/2009|16:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[24/11/2007|12:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

 

[19/11/2007|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[19/11/2007|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

[03/11/2007|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[01/12/2007|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[15/02/2009|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8

[16/10/2007|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[18/06/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[18/01/2009|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[17/05/2008|23:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle

[17/05/2008|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin

[25/11/2007|23:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm

[07/04/2008|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[21/01/2008|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[18/01/2009|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro

[17/05/2008|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin

[07/11/2007|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[22/04/2008|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

[15/10/2007|15:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[22/11/2008|20:21] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Adobe

[12/01/2008|12:21] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Apple Computer

[16/05/2008|06:38] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\BitTorrent

[17/06/2008|18:23] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\DivX

[17/11/2007|20:32] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[17/11/2007|20:33] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[07/05/2008|18:13] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Google

[21/10/2007|17:29] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Identities

[24/03/2008|11:58] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\LimeWire

[22/10/2007|14:37] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Macromedia

[22/05/2008|19:28] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Microsoft

[17/09/2008|16:21] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Mozilla

[17/06/2008|18:22] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Pegasys Inc

[05/12/2007|16:10] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Sun

 

[18/01/2009|16:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[16/06/2008|17:34] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Adobe

[15/12/2007|23:32] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\AdobeUM

[01/12/2007|23:21] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Apple Computer

[17/06/2008|16:58] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Canon

[13/12/2007|17:23] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\CyberLink

[15/06/2008|15:07] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\DivX

[17/11/2007|19:48] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[17/11/2007|19:48] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[20/10/2007|07:48] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Identities

[17/12/2008|11:31] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Lavasoft

[13/12/2008|13:52] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\LimeWire

[20/10/2007|07:51] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Macromedia

[15/06/2008|19:36] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Media Player Classic

[19/03/2008|21:28] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Microsoft

[31/08/2008|15:34] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Mozilla

[06/04/2008|18:18] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\MSNInstaller

[19/11/2007|21:35] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Opera

[15/06/2008|15:51] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Pegasys Inc

[02/12/2007|00:41] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Sun

 

[22/11/2008|18:41] C:\DOCUME~1\Miiman!\APPLIC~1\Adobe

[17/05/2008|13:57] C:\DOCUME~1\Miiman!\APPLIC~1\AdobeUM

[11/12/2007|14:09] C:\DOCUME~1\Miiman!\APPLIC~1\Apple Computer

[17/05/2008|13:42] C:\DOCUME~1\Miiman!\APPLIC~1\DivX

[05/10/2008|07:20] C:\DOCUME~1\Miiman!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[17/11/2007|19:59] C:\DOCUME~1\Miiman!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[08/11/2008|14:38] C:\DOCUME~1\Miiman!\APPLIC~1\Help

[17/05/2008|13:32] C:\DOCUME~1\Miiman!\APPLIC~1\Identities

[08/11/2008|14:21] C:\DOCUME~1\Miiman!\APPLIC~1\Jasc

[20/01/2008|18:47] C:\DOCUME~1\Miiman!\APPLIC~1\LimeWire

[22/11/2008|18:44] C:\DOCUME~1\Miiman!\APPLIC~1\Macromedia

[17/05/2008|13:42] C:\DOCUME~1\Miiman!\APPLIC~1\Media Player Classic

[18/01/2009|17:29] C:\DOCUME~1\Miiman!\APPLIC~1\Microsoft

[17/11/2007|20:12] C:\DOCUME~1\Miiman!\APPLIC~1\Microsoft Web Folders

[16/09/2008|18:13] C:\DOCUME~1\Miiman!\APPLIC~1\Mozilla

[21/10/2007|16:08] C:\DOCUME~1\Miiman!\APPLIC~1\MSNInstaller

[11/01/2009|14:13] C:\DOCUME~1\Miiman!\APPLIC~1\Sun

 

[16/12/2008|22:46] C:\DOCUME~1\NETWOR~1\APPLIC~1\DivX

[18/01/2009|16:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[16/06/2008|18:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe

[03/10/2008|15:38] C:\DOCUME~1\UTILIS~1\APPLIC~1\AdobeUM

[25/03/2008|14:34] C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer

[15/02/2009|11:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\BitTorrent

[11/06/2008|18:20] C:\DOCUME~1\UTILIS~1\APPLIC~1\Canon

[29/11/2008|23:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\codeblocks

[29/11/2008|23:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\Dev-Cpp

[12/05/2008|16:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\DivX

[02/09/2008|16:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\DNA

[21/11/2007|14:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[21/11/2007|14:44] C:\DOCUME~1\UTILIS~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[08/02/2009|20:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\Help

[16/10/2007|08:38] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities

[07/11/2008|21:40] C:\DOCUME~1\UTILIS~1\APPLIC~1\Jasc

[16/10/2007|10:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\Lavasoft

[16/10/2007|11:28] C:\DOCUME~1\UTILIS~1\APPLIC~1\Leadertech

[19/12/2008|17:16] C:\DOCUME~1\UTILIS~1\APPLIC~1\LimeWire

[19/10/2007|21:33] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia

[26/12/2007|20:01] C:\DOCUME~1\UTILIS~1\APPLIC~1\Media Player Classic

[18/01/2009|16:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft

[30/08/2008|18:40] C:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla

[09/02/2009|23:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Opera

[26/01/2008|01:10] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun

[17/12/2007|16:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\teamspeak2

[02/09/2008|19:27] C:\DOCUME~1\UTILIS~1\APPLIC~1\U3

[15/02/2009|00:18] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[15/02/2009 18:12][--a------] C:\WINDOWS\tasks\Norton Security Scan for Utilisateur.job

[01/01/2009 15:15][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[15/02/2009 21:08][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[20/11/2008|17:34] C:\Program Files\7-Zip

[26/12/2007|20:12] C:\Program Files\AC3Filter

[17/11/2007|19:48] C:\Program Files\ACD Systems

[16/06/2008|17:21] C:\Program Files\Adobe

[01/07/2008|22:37] C:\Program Files\Advanced Batch Converter

[16/10/2007|10:02] C:\Program Files\Ahead

[10/02/2009|00:49] C:\Program Files\Alcohol Soft

[01/12/2007|23:16] C:\Program Files\Apple Software Update

[12/08/2008|20:50] C:\Program Files\Audacity

[18/01/2009|16:59] C:\Program Files\AVG

[25/01/2008|20:15] C:\Program Files\BitTorrent

[17/05/2008|22:09] C:\Program Files\Bobyte

[17/11/2007|19:05] C:\Program Files\Canon

[12/08/2008|21:39] C:\Program Files\CDex_151

[12/08/2008|20:41] C:\Program Files\CDex_170b2

[16/12/2008|15:35] C:\Program Files\Cheat Engine

[29/11/2008|23:06] C:\Program Files\CodeBlocks

[26/12/2007|19:58] C:\Program Files\Combined Community Codec Pack

[15/10/2007|14:38] C:\Program Files\ComPlus Applications

[10/02/2009|00:50] C:\Program Files\Conduit

[16/10/2007|10:22] C:\Program Files\CyberLink

[29/10/2007|20:24] C:\Program Files\directx

[16/10/2007|11:26] C:\Program Files\Diskeeper Corporation

[15/06/2008|15:51] C:\Program Files\DivX

[02/09/2008|16:17] C:\Program Files\DNA

[21/01/2009|14:54] C:\Program Files\Dofus

[11/04/2008|16:04] C:\Program Files\Dr4iNLiF3 Products

[03/11/2008|18:05] C:\Program Files\Eltima Software

[20/12/2007|15:08] C:\Program Files\eMule

[11/02/2009|18:47] C:\Program Files\Fichiers communs

[15/02/2009|12:58] C:\Program Files\free-downloads.net

[29/01/2009|18:04] C:\Program Files\Helper

[17/11/2007|19:46] C:\Program Files\Hewlett-Packard

[17/11/2007|19:39] C:\Program Files\hp photosmart

[01/07/2008|22:25] C:\Program Files\ImageConverter Plus

[08/05/2008|17:29] C:\Program Files\InstallShield Installation Information

[15/02/2009|20:51] C:\Program Files\Internet Explorer

[01/12/2007|23:21] C:\Program Files\iPod

[01/12/2007|23:21] C:\Program Files\iTunes

[07/11/2008|21:39] C:\Program Files\Jasc Software Inc

[18/01/2009|17:08] C:\Program Files\Java

[12/05/2008|16:06] C:\Program Files\K-Lite Codec Pack

[16/10/2007|10:29] C:\Program Files\Lavasoft

[07/10/2008|22:45] C:\Program Files\LimeWire

[21/10/2007|17:58] C:\Program Files\Maxis

[13/12/2008|08:23] C:\Program Files\Messenger

[23/11/2008|17:22] C:\Program Files\Messenger Plus! Live

[17/11/2007|20:24] C:\Program Files\microsoft frontpage

[18/01/2009|17:22] C:\Program Files\Microsoft Office

[22/04/2008|20:53] C:\Program Files\Microsoft SQL Server Compact Edition

[18/01/2009|17:21] C:\Program Files\Microsoft.NET

[21/09/2008|17:19] C:\Program Files\Mindscape

[12/12/2008|18:34] C:\Program Files\Movie Maker

[15/02/2009|21:12] C:\Program Files\Mozilla Firefox

[06/04/2008|18:19] C:\Program Files\MSN

[15/10/2007|14:32] C:\Program Files\MSN Gaming Zone

[12/12/2008|18:26] C:\Program Files\NetMeeting

[15/02/2009|00:20] C:\Program Files\Noel Danjou

[15/02/2009|18:00] C:\Program Files\Norton Security Scan

[15/10/2007|14:32] C:\Program Files\Online Services

[09/02/2009|23:54] C:\Program Files\Opera

[15/02/2009|21:04] C:\Program Files\Outerinfo

[12/12/2008|18:26] C:\Program Files\Outlook Express

[08/11/2008|14:15] C:\Program Files\PhotoFiltre

[17/05/2008|23:35] C:\Program Files\Pinnacle

[29/11/2008|16:57] C:\Program Files\Project64 1.6

[01/12/2007|23:20] C:\Program Files\QuickTime

[26/12/2007|20:29] C:\Program Files\Red Kawa

[08/05/2008|17:29] C:\Program Files\Samsung

[15/10/2007|14:41] C:\Program Files\Services en ligne

[10/02/2009|00:19] C:\Program Files\SlySoft

[29/11/2007|17:56] C:\Program Files\SM

[18/10/2008|19:29] C:\Program Files\Speed Gear 5

[21/01/2008|20:02] C:\Program Files\Spybot - Search & Destroy

[17/12/2007|16:47] C:\Program Files\Teamspeak2_RC2

[30/11/2007|21:55] C:\Program Files\ThriXXX

[15/02/2009|18:51] C:\Program Files\Trend Micro

[21/10/2007|11:20] C:\Program Files\Ubi Soft

[16/10/2007|08:38] C:\Program Files\Uninstall Information

[14/02/2009|23:47] C:\Program Files\VideoLAN

[04/05/2008|21:12] C:\Program Files\Windows Live

[05/11/2007|15:50] C:\Program Files\Windows Media Connect 2

[12/12/2008|18:26] C:\Program Files\Windows Media Player

[12/12/2008|18:26] C:\Program Files\Windows NT

[15/10/2007|14:42] C:\Program Files\WindowsUpdate

[16/10/2007|10:33] C:\Program Files\WinRAR

[15/10/2007|15:13] C:\Program Files\xerox

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[15/02/2009|11:05] C:\Program Files\Fichiers communs\Adobe

[19/11/2007|16:34] C:\Program Files\Fichiers communs\Adobe Systems Shared

[16/10/2007|10:02] C:\Program Files\Fichiers communs\Ahead

[01/12/2007|23:15] C:\Program Files\Fichiers communs\Apple

[18/01/2009|17:22] C:\Program Files\Fichiers communs\DESIGNER

[20/09/2008|12:54] C:\Program Files\Fichiers communs\GTK

[19/11/2007|17:28] C:\Program Files\Fichiers communs\InstallShield

[21/10/2007|17:47] C:\Program Files\Fichiers communs\Java

[21/01/2009|18:06] C:\Program Files\Fichiers communs\Microsoft Shared

[15/10/2007|14:40] C:\Program Files\Fichiers communs\MSSoap

[15/10/2007|16:05] C:\Program Files\Fichiers communs\ODBC

[15/10/2007|14:40] C:\Program Files\Fichiers communs\Services

[15/10/2007|16:05] C:\Program Files\Fichiers communs\SpeechEngines

[15/02/2009|18:06] C:\Program Files\Fichiers communs\Symantec Shared

[18/01/2009|17:21] C:\Program Files\Fichiers communs\System

[01/08/2008|11:46] C:\Program Files\Fichiers communs\tjd

[22/04/2008|20:47] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[17/05/2008|23:35] C:\Program Files\Fichiers communs\Yahoo!

 

--------------------\\ Process

 

( 52 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-15 22:39:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 297

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\UTILIS~1\Bureau\Patch\flash_CS4_Crack.exe

C:\DOCUME~1\UTILIS~1\Local Settings\Temp\Adobe_Flash_CS4_Professional_v10.0___Crack___PCFORUM89.4459784.TPB.torrent

 

 

[F:3820][D:108]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp

[F:186][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies

[F:899][D:5]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - dim. 15/02/2009|21:52 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - dim. 15/02/2009|22:03 - Option : [1]

3 - "C:\Lop SD\LopR_3.txt" - dim. 15/02/2009|22:40 - Option : [2]

 

--------------------\\ Fin du rapport a 22:40:53

 

 

 

 

 

 

 

 

Et là le log:

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:44:32, on 15/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\system32\hphmon03.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = gyukiuk

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [1B171C19221E1B221] 625E63606965626.exe

O4 - HKLM\..\Run: [E3E4E7E] EAEBE.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Utilisateur\Bureau\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200090105692

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: crypt - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 7626 bytes

 

 

Voili voilou ^^ C' est gentil de m' aider

[Apollo]

Relance Lop S&D et choisis l'option 4.

 

Une page va s'ouvrir.

 

Copie/colle ce qui se trouve dans l'espace code ci-dessous puis ferme la page:

 

Il va y avoir une demande pour enregistrer les fichiers, clique sur Enregistrer.

 

 

C:\DOCUME~1\UTILIS~1\Bureau\Patch\flash_CS4_Crack.exe
C:\DOCUME~1\UTILIS~1\Local Settings\Temp\Adobe_Flash_CS4_Professional_v10.0___Crack___PCFORUM89.4459784.TPB.torrent

 

L'outil va travailler, supprimer les dossiers ou fichiers infectés et générer un rapport.

 

Ne ferme pas la fenêtre pendant la suppression!

 

Copie/colle le contenu de ce rapport dans ta prochaine réponse.

 

Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Si le lien ne fonctionne pas, télécharger ICI

 

 

Ce logiciel est à garder, il rendra encore de grands services!

 

En cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

Mises à jour + récentes pour MBAM

 

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

Si MBAM demande à être redémarré, redémarre le pc.

 

Poste un nouveau log Hijackthis après le redémarrage de la machine stp.

 

@++

[LUD0243]

Salut,

 

voilà le résultat:

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1600MHz )

BIOS : Rev 1.0 XXX

USER : Utilisateur ( Administrator )

BOOT : Normal boot

Antivirus : AVG Internet Security 8.0 (Activated)

C:\ (Local Disk) - NTFS - Total:38 Go (Free:2 Go)

D:\ (Local Disk) - NTFS - Total:36 Go (Free:4 Go)

E:\ (USB)

F:\ (CD or DVD)

G:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [4] ( dim. 15/02/2009|23:01 )

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

 

C:\DOCUME~1\UTILIS~1\Bureau\Patch\flash_CS4_Crack.exe

C:\DOCUME~1\UTILIS~1\Local Settings\Temp\Adobe_Flash_CS4_Professional_v10.0___Crack___PCFORUM89.4459784.TPB.torrent

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\UTILIS~1\Bureau\Patch\flash_CS4_Crack.exe

Supprime! - C:\DOCUME~1\UTILIS~1\Local Settings\Temp\Adobe_Flash_CS4_Professional_v10.0___Crack___PCFORUM89.4459784.TPB.torrent

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[22/04/2008|16:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[18/01/2009|16:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[24/11/2007|12:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

 

[19/11/2007|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[19/11/2007|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

[03/11/2007|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[01/12/2007|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[15/02/2009|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8

[16/10/2007|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[18/06/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[18/01/2009|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[17/05/2008|23:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle

[17/05/2008|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin

[25/11/2007|23:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm

[07/04/2008|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[21/01/2008|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[18/01/2009|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro

[17/05/2008|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin

[07/11/2007|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[22/04/2008|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

[15/10/2007|15:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[22/11/2008|20:21] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Adobe

[12/01/2008|12:21] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Apple Computer

[16/05/2008|06:38] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\BitTorrent

[17/06/2008|18:23] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\DivX

[17/11/2007|20:32] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[17/11/2007|20:33] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[07/05/2008|18:13] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Google

[21/10/2007|17:29] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Identities

[24/03/2008|11:58] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\LimeWire

[22/10/2007|14:37] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Macromedia

[22/05/2008|19:28] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Microsoft

[17/09/2008|16:21] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Mozilla

[17/06/2008|18:22] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Pegasys Inc

[05/12/2007|16:10] C:\DOCUME~1\FLOUTC~1.!\APPLIC~1\Sun

 

[18/01/2009|16:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[16/06/2008|17:34] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Adobe

[15/12/2007|23:32] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\AdobeUM

[01/12/2007|23:21] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Apple Computer

[17/06/2008|16:58] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Canon

[13/12/2007|17:23] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\CyberLink

[15/06/2008|15:07] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\DivX

[17/11/2007|19:48] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[17/11/2007|19:48] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[20/10/2007|07:48] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Identities

[17/12/2008|11:31] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Lavasoft

[13/12/2008|13:52] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\LimeWire

[20/10/2007|07:51] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Macromedia

[15/06/2008|19:36] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Media Player Classic

[19/03/2008|21:28] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Microsoft

[31/08/2008|15:34] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Mozilla

[06/04/2008|18:18] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\MSNInstaller

[19/11/2007|21:35] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Opera

[15/06/2008|15:51] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Pegasys Inc

[02/12/2007|00:41] C:\DOCUME~1\LOUOUZ~1.!\APPLIC~1\Sun

 

[22/11/2008|18:41] C:\DOCUME~1\Miiman!\APPLIC~1\Adobe

[17/05/2008|13:57] C:\DOCUME~1\Miiman!\APPLIC~1\AdobeUM

[11/12/2007|14:09] C:\DOCUME~1\Miiman!\APPLIC~1\Apple Computer

[17/05/2008|13:42] C:\DOCUME~1\Miiman!\APPLIC~1\DivX

[05/10/2008|07:20] C:\DOCUME~1\Miiman!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[17/11/2007|19:59] C:\DOCUME~1\Miiman!\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[08/11/2008|14:38] C:\DOCUME~1\Miiman!\APPLIC~1\Help

[17/05/2008|13:32] C:\DOCUME~1\Miiman!\APPLIC~1\Identities

[08/11/2008|14:21] C:\DOCUME~1\Miiman!\APPLIC~1\Jasc

[20/01/2008|18:47] C:\DOCUME~1\Miiman!\APPLIC~1\LimeWire

[22/11/2008|18:44] C:\DOCUME~1\Miiman!\APPLIC~1\Macromedia

[17/05/2008|13:42] C:\DOCUME~1\Miiman!\APPLIC~1\Media Player Classic

[18/01/2009|17:29] C:\DOCUME~1\Miiman!\APPLIC~1\Microsoft

[17/11/2007|20:12] C:\DOCUME~1\Miiman!\APPLIC~1\Microsoft Web Folders

[16/09/2008|18:13] C:\DOCUME~1\Miiman!\APPLIC~1\Mozilla

[21/10/2007|16:08] C:\DOCUME~1\Miiman!\APPLIC~1\MSNInstaller

[11/01/2009|14:13] C:\DOCUME~1\Miiman!\APPLIC~1\Sun

 

[16/12/2008|22:46] C:\DOCUME~1\NETWOR~1\APPLIC~1\DivX

[18/01/2009|16:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[16/06/2008|18:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe

[03/10/2008|15:38] C:\DOCUME~1\UTILIS~1\APPLIC~1\AdobeUM

[25/03/2008|14:34] C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer

[15/02/2009|11:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\BitTorrent

[11/06/2008|18:20] C:\DOCUME~1\UTILIS~1\APPLIC~1\Canon

[29/11/2008|23:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\codeblocks

[29/11/2008|23:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\Dev-Cpp

[12/05/2008|16:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\DivX

[02/09/2008|16:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\DNA

[21/11/2007|14:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[21/11/2007|14:44] C:\DOCUME~1\UTILIS~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web

[08/02/2009|20:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\Help

[16/10/2007|08:38] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities

[07/11/2008|21:40] C:\DOCUME~1\UTILIS~1\APPLIC~1\Jasc

[16/10/2007|10:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\Lavasoft

[16/10/2007|11:28] C:\DOCUME~1\UTILIS~1\APPLIC~1\Leadertech

[19/12/2008|17:16] C:\DOCUME~1\UTILIS~1\APPLIC~1\LimeWire

[19/10/2007|21:33] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia

[26/12/2007|20:01] C:\DOCUME~1\UTILIS~1\APPLIC~1\Media Player Classic

[18/01/2009|16:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft

[30/08/2008|18:40] C:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla

[09/02/2009|23:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Opera

[26/01/2008|01:10] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun

[17/12/2007|16:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\teamspeak2

[02/09/2008|19:27] C:\DOCUME~1\UTILIS~1\APPLIC~1\U3

[15/02/2009|00:18] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[15/02/2009 18:12][--a------] C:\WINDOWS\tasks\Norton Security Scan for Utilisateur.job

[01/01/2009 15:15][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[15/02/2009 21:08][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[20/11/2008|17:34] C:\Program Files\7-Zip

[26/12/2007|20:12] C:\Program Files\AC3Filter

[17/11/2007|19:48] C:\Program Files\ACD Systems

[16/06/2008|17:21] C:\Program Files\Adobe

[01/07/2008|22:37] C:\Program Files\Advanced Batch Converter

[16/10/2007|10:02] C:\Program Files\Ahead

[10/02/2009|00:49] C:\Program Files\Alcohol Soft

[01/12/2007|23:16] C:\Program Files\Apple Software Update

[12/08/2008|20:50] C:\Program Files\Audacity

[18/01/2009|16:59] C:\Program Files\AVG

[25/01/2008|20:15] C:\Program Files\BitTorrent

[17/05/2008|22:09] C:\Program Files\Bobyte

[17/11/2007|19:05] C:\Program Files\Canon

[12/08/2008|21:39] C:\Program Files\CDex_151

[12/08/2008|20:41] C:\Program Files\CDex_170b2

[16/12/2008|15:35] C:\Program Files\Cheat Engine

[29/11/2008|23:06] C:\Program Files\CodeBlocks

[26/12/2007|19:58] C:\Program Files\Combined Community Codec Pack

[15/10/2007|14:38] C:\Program Files\ComPlus Applications

[10/02/2009|00:50] C:\Program Files\Conduit

[16/10/2007|10:22] C:\Program Files\CyberLink

[29/10/2007|20:24] C:\Program Files\directx

[16/10/2007|11:26] C:\Program Files\Diskeeper Corporation

[15/06/2008|15:51] C:\Program Files\DivX

[02/09/2008|16:17] C:\Program Files\DNA

[21/01/2009|14:54] C:\Program Files\Dofus

[11/04/2008|16:04] C:\Program Files\Dr4iNLiF3 Products

[03/11/2008|18:05] C:\Program Files\Eltima Software

[20/12/2007|15:08] C:\Program Files\eMule

[11/02/2009|18:47] C:\Program Files\Fichiers communs

[15/02/2009|12:58] C:\Program Files\free-downloads.net

[29/01/2009|18:04] C:\Program Files\Helper

[17/11/2007|19:46] C:\Program Files\Hewlett-Packard

[17/11/2007|19:39] C:\Program Files\hp photosmart

[01/07/2008|22:25] C:\Program Files\ImageConverter Plus

[08/05/2008|17:29] C:\Program Files\InstallShield Installation Information

[15/02/2009|20:51] C:\Program Files\Internet Explorer

[01/12/2007|23:21] C:\Program Files\iPod

[01/12/2007|23:21] C:\Program Files\iTunes

[07/11/2008|21:39] C:\Program Files\Jasc Software Inc

[18/01/2009|17:08] C:\Program Files\Java

[12/05/2008|16:06] C:\Program Files\K-Lite Codec Pack

[16/10/2007|10:29] C:\Program Files\Lavasoft

[07/10/2008|22:45] C:\Program Files\LimeWire

[21/10/2007|17:58] C:\Program Files\Maxis

[13/12/2008|08:23] C:\Program Files\Messenger

[23/11/2008|17:22] C:\Program Files\Messenger Plus! Live

[17/11/2007|20:24] C:\Program Files\microsoft frontpage

[18/01/2009|17:22] C:\Program Files\Microsoft Office

[22/04/2008|20:53] C:\Program Files\Microsoft SQL Server Compact Edition

[18/01/2009|17:21] C:\Program Files\Microsoft.NET

[21/09/2008|17:19] C:\Program Files\Mindscape

[12/12/2008|18:34] C:\Program Files\Movie Maker

[15/02/2009|21:12] C:\Program Files\Mozilla Firefox

[06/04/2008|18:19] C:\Program Files\MSN

[15/10/2007|14:32] C:\Program Files\MSN Gaming Zone

[12/12/2008|18:26] C:\Program Files\NetMeeting

[15/02/2009|00:20] C:\Program Files\Noel Danjou

[15/02/2009|18:00] C:\Program Files\Norton Security Scan

[15/10/2007|14:32] C:\Program Files\Online Services

[09/02/2009|23:54] C:\Program Files\Opera

[15/02/2009|21:04] C:\Program Files\Outerinfo

[12/12/2008|18:26] C:\Program Files\Outlook Express

[08/11/2008|14:15] C:\Program Files\PhotoFiltre

[17/05/2008|23:35] C:\Program Files\Pinnacle

[29/11/2008|16:57] C:\Program Files\Project64 1.6

[01/12/2007|23:20] C:\Program Files\QuickTime

[26/12/2007|20:29] C:\Program Files\Red Kawa

[08/05/2008|17:29] C:\Program Files\Samsung

[15/10/2007|14:41] C:\Program Files\Services en ligne

[10/02/2009|00:19] C:\Program Files\SlySoft

[29/11/2007|17:56] C:\Program Files\SM

[18/10/2008|19:29] C:\Program Files\Speed Gear 5

[21/01/2008|20:02] C:\Program Files\Spybot - Search & Destroy

[17/12/2007|16:47] C:\Program Files\Teamspeak2_RC2

[30/11/2007|21:55] C:\Program Files\ThriXXX

[15/02/2009|18:51] C:\Program Files\Trend Micro

[21/10/2007|11:20] C:\Program Files\Ubi Soft

[16/10/2007|08:38] C:\Program Files\Uninstall Information

[14/02/2009|23:47] C:\Program Files\VideoLAN

[04/05/2008|21:12] C:\Program Files\Windows Live

[05/11/2007|15:50] C:\Program Files\Windows Media Connect 2

[12/12/2008|18:26] C:\Program Files\Windows Media Player

[12/12/2008|18:26] C:\Program Files\Windows NT

[15/10/2007|14:42] C:\Program Files\WindowsUpdate

[16/10/2007|10:33] C:\Program Files\WinRAR

[15/10/2007|15:13] C:\Program Files\xerox

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[15/02/2009|11:05] C:\Program Files\Fichiers communs\Adobe

[19/11/2007|16:34] C:\Program Files\Fichiers communs\Adobe Systems Shared

[16/10/2007|10:02] C:\Program Files\Fichiers communs\Ahead

[01/12/2007|23:15] C:\Program Files\Fichiers communs\Apple

[18/01/2009|17:22] C:\Program Files\Fichiers communs\DESIGNER

[20/09/2008|12:54] C:\Program Files\Fichiers communs\GTK

[19/11/2007|17:28] C:\Program Files\Fichiers communs\InstallShield

[21/10/2007|17:47] C:\Program Files\Fichiers communs\Java

[21/01/2009|18:06] C:\Program Files\Fichiers communs\Microsoft Shared

[15/10/2007|14:40] C:\Program Files\Fichiers communs\MSSoap

[15/10/2007|16:05] C:\Program Files\Fichiers communs\ODBC

[15/10/2007|14:40] C:\Program Files\Fichiers communs\Services

[15/10/2007|16:05] C:\Program Files\Fichiers communs\SpeechEngines

[15/02/2009|18:06] C:\Program Files\Fichiers communs\Symantec Shared

[18/01/2009|17:21] C:\Program Files\Fichiers communs\System

[01/08/2008|11:46] C:\Program Files\Fichiers communs\tjd

[22/04/2008|20:47] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[17/05/2008|23:35] C:\Program Files\Fichiers communs\Yahoo!

 

--------------------\\ Process

 

( 50 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-15 23:04:00

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 297

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:3817][D:108]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp

[F:186][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies

[F:899][D:5]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - dim. 15/02/2009|21:52 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - dim. 15/02/2009|22:03 - Option : [1]

3 - "C:\Lop SD\LopR_3.txt" - dim. 15/02/2009|22:40 - Option : [2]

4 - "C:\Lop SD\LopR_4.txt" - dim. 15/02/2009|23:05 - Option : [4]

 

--------------------\\ Fin du rapport a 23:05:25

 

 

Et pour la 2 éme étape:

 

Malwarebytes' Anti-Malware 1.34

Version de la base de données: 1764

Windows 5.1.2600 Service Pack 3

 

16/02/2009 1:54:22

mbam-log-2009-02-16 (01-54-22).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 291471

Temps écoulé: 2 hour(s), 27 minute(s), 15 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 9

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 3

Fichier(s) infecté(s): 6

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f10587e9-0e47-4cbe-84ae-7dd20b8684cc} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f10587e9-0e47-4cbe-84ae-7dd20b8684cc} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\free-downloads.net toolbar (Adware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Program Files\free-downloads.net\free-downloads.netToolbarHelper.exe (Adware.NetPumper) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\Terms.MSNFix (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\chrome.MSNFix (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\install.MSNFix (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\components\OuterinfoAds.MSNFix (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ (Trojan.Downloader) -> Delete on reboot.

 

 

Le log hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:06:51, on 16/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\system32\hphmon03.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Documents and Settings\Utilisateur\Bureau\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = gyukiuk

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [1B171C19221E1B221] 625E63606965626.exe

O4 - HKLM\..\Run: [E3E4E7E] EAEBE.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Utilisateur\Bureau\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200090105692

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 7630 bytes

 

 

Je suis allé voir dans les processus, et je ne vois plus les 2 iexplorer. Mon problème serait-il résolu?

Modifié le 16 février 2009 par LUD0243

[Apollo]

Ok

 

redémarre la machine et poste un nouveau log Hijackthis stp.

 

Il y a du mieux je présume.

 

@++

[LUD0243]

Ok

 

redémarre la machine et poste un nouveau log Hijackthis stp.

 

Il y a du mieux je présume.

 

@++

 

Oups désolé, je viens d' éditer mon message. lol Le log est juste au dessus.

[Apollo]

Presque

 

Lance Hijackthis avec do a system scan only et coche cette case:

 

O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)Ferle les applications et clique sur Fix Checked.

 

Relance Lop S&D et choisis l'option 4.

 

Une page va s'ouvrir.

 

Copie/colle ce qui se trouve dans l'espace code ci-dessous puis ferme la page:

 

Il va y avoir une demande pour enregistrer les fichiers, clique sur Enregistrer.

 

 

 C:\Documents and Settings\Utilisateur\Bureau\msnmsgr.exe

 

L'outil va travailler, supprimer les dossiers ou fichiers infectés et générer un rapport.

 

Ne ferme pas la fenêtre pendant la suppression!

 

Copie/colle le contenu de ce rapport dans ta prochaine réponse.

 

Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide

 

On fera un scan en ligne mais avant ça, il faut installer la denière console java et supprimer les anciennes:

 

 

Ta console Java n'est pas à jour; pour corriger cela, va chez Java Sun et télécharge la dernière version. Installe-la de suite.

 

En cas de problèmes chez Sun, tu peux aller télécharger la dernière version chez File Hippo

Utilise ensuite ceci: crée un nouveau dossier sur le bureau ou dans "mes documents"; nomme-le JavaRa.

 

Enregistre ce fichier compressé (zip) dans le dossier nouvellement créé : http://raproducts.org/click/click.php?id=1

 

Patiente le temps de téléchargement.

 

Clic droit/extraire ici.

 

Double clique sur l'icône "soleil" et n'utilise que le bouton "Remove Older Versions".

--> Pour Vista: clic droit/exécuter en temps qu'administrateur <--

 

Ca va virer les versions obsolètes et libérer de l'espace disque.

 

Poste le rapport sauvé sur le C:\ stp. (ou dans le dossier JavaRa)

 

************

Avant le scan, désinstalle les outils spéciaux:

 

 

Pour désinstaller les outils utilisés:

 

Télécharger ToolsCleaner! de A.Rothstein pour enlever les programmes utilisés pendant la procédure.

http://pc-system.fr/TC/ToolsCleaner2.exe

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant qu' Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

 

Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés, cliquez sur "Suppression" afin de les supprimer.

Fermez le programme en cliquant sur "Quitter ".

 

Postez le rapport qui se trouve ici >>> C:\TCleaner.txt

 

Options facultatives

 

A utiliser si vous le souhaitez :

 

Création d'un nouveau point de restauration (conseillé)

Vidage de la corbeille

Nettoyage de vos fichiers temporaires

 

**************

Fais un scan en ligne avec Kaspersky.

 

TUTO: http://www.vista-xp.fr/forum/topic109.html

 

• Fais un scan en ligne Kaspersky
  
• Clique sur Accept
  
• Patiente le temps d'installation du Webscanner.
  
• Les bases de mises à jour vont s'installer, patiente un moment
  
• Clique sur Next.
  
• Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
  

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

@ demain, dodo.