Virus dans windows xp / boot camp!
jaibesoindelaide
Messages postés
149
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
il y a pleins de pop-ups et voicis un log de hijack this.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:34 PM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CITY LOUD LOCKS EQ] C:\Documents and Settings\All Users\Application Data\About Obj City Loud\Grim Mpeg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HeckPoll] C:\DOCUME~1\Pablo\APPLIC~1\MANAGE~1\junk trans logo.exe
O4 - Startup: Center.lnk = C:\WINDOWS\system32\Center.exe
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
il y a pleins de pop-ups et voicis un log de hijack this.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:34 PM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CITY LOUD LOCKS EQ] C:\Documents and Settings\All Users\Application Data\About Obj City Loud\Grim Mpeg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HeckPoll] C:\DOCUME~1\Pablo\APPLIC~1\MANAGE~1\junk trans logo.exe
O4 - Startup: Center.lnk = C:\WINDOWS\system32\Center.exe
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
A voir également:
- Virus dans windows xp / boot camp!
- Boot camp - Télécharger - Systèmes d'exploitation
- Cle windows xp - Guide
- Dual boot - Guide
- Clé boot windows - Guide
- Hiren's boot - Télécharger - Divers Utilitaires
10 réponses
Salut,
Télécharge Lop S&D
▶ Double-clique dessus pour lancer l'installation
▶ Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
▶ Séléctionne la langue souhaitée
▶ Puis choisis l'Option 1 ( Recherche )
▶ Patiente jusqu'à la fin du scan
▶ Poste le rapport généré ( C:lopR.txt )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Télécharge Lop S&D
▶ Double-clique dessus pour lancer l'installation
▶ Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
▶ Séléctionne la langue souhaitée
▶ Puis choisis l'Option 1 ( Recherche )
▶ Patiente jusqu'à la fin du scan
▶ Poste le rapport généré ( C:lopR.txt )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz )
BIOS : Default System BIOS
USER : Pablo ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:31 Go (Free:7 Go)
D:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 01/06/2009|13:43 )
--------------------\\ Listing des dossiers dans APPLIC~1
[01/06/2009|04:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> About Obj City Loud
[12/26/2008|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[12/20/2008|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[01/01/2009|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[12/24/2008|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[01/06/2009|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[01/06/2009|04:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/06/2009|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Games
[12/26/2008|06:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[12/24/2008|02:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[01/06/2009|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[12/20/2008|09:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[12/20/2008|09:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[12/24/2008|04:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio
[12/20/2008|09:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[12/26/2008|08:06] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Adobe
[12/20/2008|09:55] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Identities
[12/26/2008|08:04] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Macromedia
[01/06/2009|04:37] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> managersetupbold
[01/06/2009|04:37] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Microsoft
[01/06/2009|08:10] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Microsoft Game Studios
[01/06/2009|05:03] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Mozilla
[12/24/2008|05:42] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Roxio
[12/26/2008|08:07] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> SecuROM
[01/03/2009|10:28] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> U3
[01/06/2009|08:08] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> WinRAR
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[01/06/2009 05:00 PM][--ah-----] C:\WINDOWS\tasks\AE2142909186F474.job
[12/20/2008 10:02 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/06/2009 05:31 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( AE2142909186F474.job )=( c:\docume~1\pablo\applic~1\manage~1\WarnHopeRegs.exe )
--------------------\\ Listing des dossiers dans C:\Program Files
[12/26/2008|08:05] C:\Program Files\<DIR> Adobe
[01/06/2009|08:20] C:\Program Files\<DIR> All Mortal Combat PC Games Collection
[12/20/2008|10:02] C:\Program Files\<DIR> Apple Software Update
[01/01/2009|06:31] C:\Program Files\<DIR> AVG
[12/20/2008|10:05] C:\Program Files\<DIR> Boot Camp
[01/06/2009|04:36] C:\Program Files\<DIR> Circle Developement
[01/06/2009|04:33] C:\Program Files\<DIR> Common Files
[12/20/2008|09:44] C:\Program Files\<DIR> ComPlus Applications
[12/20/2008|10:02] C:\Program Files\<DIR> DIFX
[12/24/2008|02:34] C:\Program Files\<DIR> DivX
[01/03/2009|10:27] C:\Program Files\<DIR> EA Sports
[01/04/2009|08:33] C:\Program Files\<DIR> Electronic Arts
[12/26/2008|07:25] C:\Program Files\<DIR> InstallShield Installation Information
[12/20/2008|10:06] C:\Program Files\<DIR> Intel
[12/24/2008|02:31] C:\Program Files\<DIR> Internet Explorer
[01/06/2009|04:36] C:\Program Files\<DIR> managersetupbold
[12/20/2008|09:43] C:\Program Files\<DIR> Messenger
[01/06/2009|04:36] C:\Program Files\<DIR> Messenger Plus! Live
[12/20/2008|09:47] C:\Program Files\<DIR> microsoft frontpage
[01/06/2009|08:12] C:\Program Files\<DIR> Microsoft Games
[12/20/2008|10:04] C:\Program Files\<DIR> Motorola
[12/20/2008|09:45] C:\Program Files\<DIR> Movie Maker
[01/06/2009|01:33] C:\Program Files\<DIR> Mozilla Firefox
[12/20/2008|09:43] C:\Program Files\<DIR> MSN
[12/20/2008|09:43] C:\Program Files\<DIR> MSN Gaming Zone
[12/20/2008|09:45] C:\Program Files\<DIR> NetMeeting
[12/20/2008|09:43] C:\Program Files\<DIR> Online Services
[12/20/2008|09:45] C:\Program Files\<DIR> Outlook Express
[12/20/2008|10:04] C:\Program Files\<DIR> Realtek
[01/03/2009|10:23] C:\Program Files\<DIR> Scrabble
[12/20/2008|10:03] C:\Program Files\<DIR> SigmaTel
[01/03/2009|10:22] C:\Program Files\<DIR> Tap'Touche
[01/06/2009|05:19] C:\Program Files\<DIR> Trend Micro
[12/20/2008|09:55] C:\Program Files\<DIR> Uninstall Information
[01/06/2009|04:35] C:\Program Files\<DIR> Windows Live
[12/24/2008|02:34] C:\Program Files\<DIR> Windows Media Player
[12/20/2008|09:43] C:\Program Files\<DIR> Windows NT
[12/20/2008|09:46] C:\Program Files\<DIR> WindowsUpdate
[01/06/2009|08:08] C:\Program Files\<DIR> WinRAR
[12/20/2008|09:47] C:\Program Files\<DIR> xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[12/26/2008|08:04] C:\Program Files\Common Files\<DIR> Adobe
[12/26/2008|08:04] C:\Program Files\Common Files\<DIR> Adobe AIR
[12/24/2008|02:37] C:\Program Files\Common Files\<DIR> InstallShield
[01/06/2009|04:33] C:\Program Files\Common Files\<DIR> Microsoft Shared
[12/20/2008|09:45] C:\Program Files\Common Files\<DIR> MSSoap
[12/19/2008|10:28] C:\Program Files\Common Files\<DIR> ODBC
[12/24/2008|02:37] C:\Program Files\Common Files\<DIR> Roxio Shared
[12/20/2008|09:45] C:\Program Files\Common Files\<DIR> Services
[12/26/2008|06:39] C:\Program Files\Common Files\<DIR> Sonic Shared
[12/19/2008|10:28] C:\Program Files\Common Files\<DIR> SpeechEngines
[12/20/2008|09:44] C:\Program Files\Common Files\<DIR> System
[01/06/2009|04:35] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
--------------------\\ Process
( 42 Processes )
iexplore.exe ~ [PID:1012]
iexplore.exe ~ [PID:2984]
iexplore.exe ~ [PID:2996]
--------------------\\ Recherche avec S_Lop
C:\DOCUME~1\Pablo\LOCALS~1\Temp\bis2E.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\Pablo\APPLIC~1\manage~1
C:\DOCUME~1\Pablo\APPLIC~1\manage~1\arawdgpr.exe
C:\DOCUME~1\Pablo\APPLIC~1\manage~1\junk trans logo.exe
C:\DOCUME~1\Pablo\APPLIC~1\manage~1\scr mail acid base.exe
C:\DOCUME~1\Pablo\APPLIC~1\manage~1\Warn Hope Regs.exe
C:\Program Files\manage~1
C:\DOCUME~1\Pablo\LOCALS~1\Temp\nsmD0.tmp
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\Pablo\Cookies\pablo@partypoker[2].txt
C:\DOCUME~1\Pablo\Cookies\pablo@888[2].txt
C:\WINDOWS\Tasks\AE2142909186F474.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HeckPoll"="C:\\DOCUME~1\\Pablo\\APPLIC~1\\MANAGE~1\\junk trans logo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 13:44:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:239][D:44]-> C:\DOCUME~1\Pablo\LOCALS~1\Temp
[F:52][D:0]-> C:\DOCUME~1\Pablo\Cookies
[F:1202][D:4]-> C:\DOCUME~1\Pablo\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Tue 01/06/2009|13:44 - Option : [1]
--------------------\\ Fin du rapport a 13:44:42
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz )
BIOS : Default System BIOS
USER : Pablo ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:31 Go (Free:7 Go)
D:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 01/06/2009|13:43 )
--------------------\\ Listing des dossiers dans APPLIC~1
[01/06/2009|04:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> About Obj City Loud
[12/26/2008|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[12/20/2008|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[01/01/2009|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[12/24/2008|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[01/06/2009|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[01/06/2009|04:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/06/2009|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Games
[12/26/2008|06:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[12/24/2008|02:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[01/06/2009|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[12/20/2008|09:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[12/20/2008|09:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[12/24/2008|04:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio
[12/20/2008|09:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[12/26/2008|08:06] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Adobe
[12/20/2008|09:55] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Identities
[12/26/2008|08:04] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Macromedia
[01/06/2009|04:37] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> managersetupbold
[01/06/2009|04:37] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Microsoft
[01/06/2009|08:10] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Microsoft Game Studios
[01/06/2009|05:03] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Mozilla
[12/24/2008|05:42] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Roxio
[12/26/2008|08:07] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> SecuROM
[01/03/2009|10:28] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> U3
[01/06/2009|08:08] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> WinRAR
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[01/06/2009 05:00 PM][--ah-----] C:\WINDOWS\tasks\AE2142909186F474.job
[12/20/2008 10:02 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/06/2009 05:31 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( AE2142909186F474.job )=( c:\docume~1\pablo\applic~1\manage~1\WarnHopeRegs.exe )
--------------------\\ Listing des dossiers dans C:\Program Files
[12/26/2008|08:05] C:\Program Files\<DIR> Adobe
[01/06/2009|08:20] C:\Program Files\<DIR> All Mortal Combat PC Games Collection
[12/20/2008|10:02] C:\Program Files\<DIR> Apple Software Update
[01/01/2009|06:31] C:\Program Files\<DIR> AVG
[12/20/2008|10:05] C:\Program Files\<DIR> Boot Camp
[01/06/2009|04:36] C:\Program Files\<DIR> Circle Developement
[01/06/2009|04:33] C:\Program Files\<DIR> Common Files
[12/20/2008|09:44] C:\Program Files\<DIR> ComPlus Applications
[12/20/2008|10:02] C:\Program Files\<DIR> DIFX
[12/24/2008|02:34] C:\Program Files\<DIR> DivX
[01/03/2009|10:27] C:\Program Files\<DIR> EA Sports
[01/04/2009|08:33] C:\Program Files\<DIR> Electronic Arts
[12/26/2008|07:25] C:\Program Files\<DIR> InstallShield Installation Information
[12/20/2008|10:06] C:\Program Files\<DIR> Intel
[12/24/2008|02:31] C:\Program Files\<DIR> Internet Explorer
[01/06/2009|04:36] C:\Program Files\<DIR> managersetupbold
[12/20/2008|09:43] C:\Program Files\<DIR> Messenger
[01/06/2009|04:36] C:\Program Files\<DIR> Messenger Plus! Live
[12/20/2008|09:47] C:\Program Files\<DIR> microsoft frontpage
[01/06/2009|08:12] C:\Program Files\<DIR> Microsoft Games
[12/20/2008|10:04] C:\Program Files\<DIR> Motorola
[12/20/2008|09:45] C:\Program Files\<DIR> Movie Maker
[01/06/2009|01:33] C:\Program Files\<DIR> Mozilla Firefox
[12/20/2008|09:43] C:\Program Files\<DIR> MSN
[12/20/2008|09:43] C:\Program Files\<DIR> MSN Gaming Zone
[12/20/2008|09:45] C:\Program Files\<DIR> NetMeeting
[12/20/2008|09:43] C:\Program Files\<DIR> Online Services
[12/20/2008|09:45] C:\Program Files\<DIR> Outlook Express
[12/20/2008|10:04] C:\Program Files\<DIR> Realtek
[01/03/2009|10:23] C:\Program Files\<DIR> Scrabble
[12/20/2008|10:03] C:\Program Files\<DIR> SigmaTel
[01/03/2009|10:22] C:\Program Files\<DIR> Tap'Touche
[01/06/2009|05:19] C:\Program Files\<DIR> Trend Micro
[12/20/2008|09:55] C:\Program Files\<DIR> Uninstall Information
[01/06/2009|04:35] C:\Program Files\<DIR> Windows Live
[12/24/2008|02:34] C:\Program Files\<DIR> Windows Media Player
[12/20/2008|09:43] C:\Program Files\<DIR> Windows NT
[12/20/2008|09:46] C:\Program Files\<DIR> WindowsUpdate
[01/06/2009|08:08] C:\Program Files\<DIR> WinRAR
[12/20/2008|09:47] C:\Program Files\<DIR> xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[12/26/2008|08:04] C:\Program Files\Common Files\<DIR> Adobe
[12/26/2008|08:04] C:\Program Files\Common Files\<DIR> Adobe AIR
[12/24/2008|02:37] C:\Program Files\Common Files\<DIR> InstallShield
[01/06/2009|04:33] C:\Program Files\Common Files\<DIR> Microsoft Shared
[12/20/2008|09:45] C:\Program Files\Common Files\<DIR> MSSoap
[12/19/2008|10:28] C:\Program Files\Common Files\<DIR> ODBC
[12/24/2008|02:37] C:\Program Files\Common Files\<DIR> Roxio Shared
[12/20/2008|09:45] C:\Program Files\Common Files\<DIR> Services
[12/26/2008|06:39] C:\Program Files\Common Files\<DIR> Sonic Shared
[12/19/2008|10:28] C:\Program Files\Common Files\<DIR> SpeechEngines
[12/20/2008|09:44] C:\Program Files\Common Files\<DIR> System
[01/06/2009|04:35] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
--------------------\\ Process
( 42 Processes )
iexplore.exe ~ [PID:1012]
iexplore.exe ~ [PID:2984]
iexplore.exe ~ [PID:2996]
--------------------\\ Recherche avec S_Lop
C:\DOCUME~1\Pablo\LOCALS~1\Temp\bis2E.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\Pablo\APPLIC~1\manage~1
C:\DOCUME~1\Pablo\APPLIC~1\manage~1\arawdgpr.exe
C:\DOCUME~1\Pablo\APPLIC~1\manage~1\junk trans logo.exe
C:\DOCUME~1\Pablo\APPLIC~1\manage~1\scr mail acid base.exe
C:\DOCUME~1\Pablo\APPLIC~1\manage~1\Warn Hope Regs.exe
C:\Program Files\manage~1
C:\DOCUME~1\Pablo\LOCALS~1\Temp\nsmD0.tmp
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\Pablo\Cookies\pablo@partypoker[2].txt
C:\DOCUME~1\Pablo\Cookies\pablo@888[2].txt
C:\WINDOWS\Tasks\AE2142909186F474.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HeckPoll"="C:\\DOCUME~1\\Pablo\\APPLIC~1\\MANAGE~1\\junk trans logo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 13:44:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:239][D:44]-> C:\DOCUME~1\Pablo\LOCALS~1\Temp
[F:52][D:0]-> C:\DOCUME~1\Pablo\Cookies
[F:1202][D:4]-> C:\DOCUME~1\Pablo\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Tue 01/06/2009|13:44 - Option : [1]
--------------------\\ Fin du rapport a 13:44:42
Re,
▶ Relance Lop S&D
▶ Choisis cette fois ci l'Option 2 ( Suppression )
▶ Ne ferme pas la fenêtre lors de la suppression !
▶ Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,
Nouvelle tâche, tape explorer.exe et valide )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
▶ Relance Lop S&D
▶ Choisis cette fois ci l'Option 2 ( Suppression )
▶ Ne ferme pas la fenêtre lors de la suppression !
▶ Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,
Nouvelle tâche, tape explorer.exe et valide )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz )
BIOS : Default System BIOS
USER : Pablo ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:31 Go (Free:7 Go)
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Tue 01/06/2009|14:12 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\Pablo\APPLIC~1\manage~1\arawdgpr.exe
Supprime! - C:\DOCUME~1\Pablo\APPLIC~1\manage~1\junk trans logo.exe
Supprime! - C:\DOCUME~1\Pablo\APPLIC~1\manage~1\scr mail acid base.exe
Supprime! - C:\DOCUME~1\Pablo\APPLIC~1\manage~1\Warn Hope Regs.exe
Supprime! - C:\DOCUME~1\Pablo\LOCALS~1\Temp\nsmD0.tmp
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\DOCUME~1\Pablo\Cookies\pablo@partypoker[2].txt
Supprime! - C:\DOCUME~1\Pablo\Cookies\pablo@888[2].txt
Supprime! - C:\WINDOWS\Tasks\AE2142909186F474.job
Supprime! - C:\DOCUME~1\Pablo\LOCALS~1\Temp\bis2E.exe
Supprime! - C:\DOCUME~1\Pablo\APPLIC~1\manage~1
Supprime! - C:\Program Files\manage~1
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[01/06/2009|04:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> About Obj City Loud
[12/26/2008|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[12/20/2008|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[01/01/2009|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[12/24/2008|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[01/06/2009|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[01/06/2009|04:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/06/2009|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Games
[12/26/2008|06:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[12/24/2008|02:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[01/06/2009|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[12/20/2008|09:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[12/20/2008|09:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[12/24/2008|04:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio
[12/20/2008|09:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[12/26/2008|08:06] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Adobe
[12/20/2008|09:55] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Identities
[12/26/2008|08:04] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Macromedia
[01/06/2009|04:37] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Microsoft
[01/06/2009|08:10] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Microsoft Game Studios
[01/06/2009|05:03] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Mozilla
[12/24/2008|05:42] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Roxio
[12/26/2008|08:07] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> SecuROM
[01/03/2009|10:28] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> U3
[01/06/2009|08:08] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> WinRAR
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[12/20/2008 10:02 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/06/2009 06:11 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[12/26/2008|08:05] C:\Program Files\<DIR> Adobe
[01/06/2009|08:20] C:\Program Files\<DIR> All Mortal Combat PC Games Collection
[12/20/2008|10:02] C:\Program Files\<DIR> Apple Software Update
[01/01/2009|06:31] C:\Program Files\<DIR> AVG
[12/20/2008|10:05] C:\Program Files\<DIR> Boot Camp
[01/06/2009|04:33] C:\Program Files\<DIR> Common Files
[12/20/2008|09:44] C:\Program Files\<DIR> ComPlus Applications
[12/20/2008|10:02] C:\Program Files\<DIR> DIFX
[12/24/2008|02:34] C:\Program Files\<DIR> DivX
[01/03/2009|10:27] C:\Program Files\<DIR> EA Sports
[01/04/2009|08:33] C:\Program Files\<DIR> Electronic Arts
[12/26/2008|07:25] C:\Program Files\<DIR> InstallShield Installation Information
[12/20/2008|10:06] C:\Program Files\<DIR> Intel
[12/24/2008|02:31] C:\Program Files\<DIR> Internet Explorer
[12/20/2008|09:43] C:\Program Files\<DIR> Messenger
[01/06/2009|04:36] C:\Program Files\<DIR> Messenger Plus! Live
[12/20/2008|09:47] C:\Program Files\<DIR> microsoft frontpage
[01/06/2009|08:12] C:\Program Files\<DIR> Microsoft Games
[12/20/2008|10:04] C:\Program Files\<DIR> Motorola
[12/20/2008|09:45] C:\Program Files\<DIR> Movie Maker
[01/06/2009|01:33] C:\Program Files\<DIR> Mozilla Firefox
[12/20/2008|09:43] C:\Program Files\<DIR> MSN
[12/20/2008|09:43] C:\Program Files\<DIR> MSN Gaming Zone
[12/20/2008|09:45] C:\Program Files\<DIR> NetMeeting
[12/20/2008|09:43] C:\Program Files\<DIR> Online Services
[12/20/2008|09:45] C:\Program Files\<DIR> Outlook Express
[12/20/2008|10:04] C:\Program Files\<DIR> Realtek
[01/03/2009|10:23] C:\Program Files\<DIR> Scrabble
[12/20/2008|10:03] C:\Program Files\<DIR> SigmaTel
[01/03/2009|10:22] C:\Program Files\<DIR> Tap'Touche
[01/06/2009|05:19] C:\Program Files\<DIR> Trend Micro
[12/20/2008|09:55] C:\Program Files\<DIR> Uninstall Information
[01/06/2009|04:35] C:\Program Files\<DIR> Windows Live
[12/24/2008|02:34] C:\Program Files\<DIR> Windows Media Player
[12/20/2008|09:43] C:\Program Files\<DIR> Windows NT
[12/20/2008|09:46] C:\Program Files\<DIR> WindowsUpdate
[01/06/2009|08:08] C:\Program Files\<DIR> WinRAR
[12/20/2008|09:47] C:\Program Files\<DIR> xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[12/26/2008|08:04] C:\Program Files\Common Files\<DIR> Adobe
[12/26/2008|08:04] C:\Program Files\Common Files\<DIR> Adobe AIR
[12/24/2008|02:37] C:\Program Files\Common Files\<DIR> InstallShield
[01/06/2009|04:33] C:\Program Files\Common Files\<DIR> Microsoft Shared
[12/20/2008|09:45] C:\Program Files\Common Files\<DIR> MSSoap
[12/19/2008|10:28] C:\Program Files\Common Files\<DIR> ODBC
[12/24/2008|02:37] C:\Program Files\Common Files\<DIR> Roxio Shared
[12/20/2008|09:45] C:\Program Files\Common Files\<DIR> Services
[12/26/2008|06:39] C:\Program Files\Common Files\<DIR> Sonic Shared
[12/19/2008|10:28] C:\Program Files\Common Files\<DIR> SpeechEngines
[12/20/2008|09:44] C:\Program Files\Common Files\<DIR> System
[01/06/2009|04:35] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
--------------------\\ Process
( 38 Processes )
iexplore.exe ~ [PID:2904]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 14:13:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:229][D:43]-> C:\DOCUME~1\Pablo\LOCALS~1\Temp
[F:77][D:0]-> C:\DOCUME~1\Pablo\Cookies
[F:1716][D:4]-> C:\DOCUME~1\Pablo\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Tue 01/06/2009|13:44 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Tue 01/06/2009|14:14 - Option : [2]
--------------------\\ Fin du rapport a 14:14:04
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz )
BIOS : Default System BIOS
USER : Pablo ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:31 Go (Free:7 Go)
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Tue 01/06/2009|14:12 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\Pablo\APPLIC~1\manage~1\arawdgpr.exe
Supprime! - C:\DOCUME~1\Pablo\APPLIC~1\manage~1\junk trans logo.exe
Supprime! - C:\DOCUME~1\Pablo\APPLIC~1\manage~1\scr mail acid base.exe
Supprime! - C:\DOCUME~1\Pablo\APPLIC~1\manage~1\Warn Hope Regs.exe
Supprime! - C:\DOCUME~1\Pablo\LOCALS~1\Temp\nsmD0.tmp
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\DOCUME~1\Pablo\Cookies\pablo@partypoker[2].txt
Supprime! - C:\DOCUME~1\Pablo\Cookies\pablo@888[2].txt
Supprime! - C:\WINDOWS\Tasks\AE2142909186F474.job
Supprime! - C:\DOCUME~1\Pablo\LOCALS~1\Temp\bis2E.exe
Supprime! - C:\DOCUME~1\Pablo\APPLIC~1\manage~1
Supprime! - C:\Program Files\manage~1
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[01/06/2009|04:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> About Obj City Loud
[12/26/2008|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[12/20/2008|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[01/01/2009|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[12/24/2008|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[01/06/2009|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[01/06/2009|04:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/06/2009|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Games
[12/26/2008|06:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[12/24/2008|02:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[01/06/2009|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[12/20/2008|09:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[12/20/2008|09:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[12/24/2008|04:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio
[12/20/2008|09:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[12/26/2008|08:06] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Adobe
[12/20/2008|09:55] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Identities
[12/26/2008|08:04] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Macromedia
[01/06/2009|04:37] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Microsoft
[01/06/2009|08:10] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Microsoft Game Studios
[01/06/2009|05:03] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Mozilla
[12/24/2008|05:42] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> Roxio
[12/26/2008|08:07] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> SecuROM
[01/03/2009|10:28] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> U3
[01/06/2009|08:08] C:\DOCUME~1\Pablo\APPLIC~1\<DIR> WinRAR
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[12/20/2008 10:02 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/06/2009 06:11 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[12/26/2008|08:05] C:\Program Files\<DIR> Adobe
[01/06/2009|08:20] C:\Program Files\<DIR> All Mortal Combat PC Games Collection
[12/20/2008|10:02] C:\Program Files\<DIR> Apple Software Update
[01/01/2009|06:31] C:\Program Files\<DIR> AVG
[12/20/2008|10:05] C:\Program Files\<DIR> Boot Camp
[01/06/2009|04:33] C:\Program Files\<DIR> Common Files
[12/20/2008|09:44] C:\Program Files\<DIR> ComPlus Applications
[12/20/2008|10:02] C:\Program Files\<DIR> DIFX
[12/24/2008|02:34] C:\Program Files\<DIR> DivX
[01/03/2009|10:27] C:\Program Files\<DIR> EA Sports
[01/04/2009|08:33] C:\Program Files\<DIR> Electronic Arts
[12/26/2008|07:25] C:\Program Files\<DIR> InstallShield Installation Information
[12/20/2008|10:06] C:\Program Files\<DIR> Intel
[12/24/2008|02:31] C:\Program Files\<DIR> Internet Explorer
[12/20/2008|09:43] C:\Program Files\<DIR> Messenger
[01/06/2009|04:36] C:\Program Files\<DIR> Messenger Plus! Live
[12/20/2008|09:47] C:\Program Files\<DIR> microsoft frontpage
[01/06/2009|08:12] C:\Program Files\<DIR> Microsoft Games
[12/20/2008|10:04] C:\Program Files\<DIR> Motorola
[12/20/2008|09:45] C:\Program Files\<DIR> Movie Maker
[01/06/2009|01:33] C:\Program Files\<DIR> Mozilla Firefox
[12/20/2008|09:43] C:\Program Files\<DIR> MSN
[12/20/2008|09:43] C:\Program Files\<DIR> MSN Gaming Zone
[12/20/2008|09:45] C:\Program Files\<DIR> NetMeeting
[12/20/2008|09:43] C:\Program Files\<DIR> Online Services
[12/20/2008|09:45] C:\Program Files\<DIR> Outlook Express
[12/20/2008|10:04] C:\Program Files\<DIR> Realtek
[01/03/2009|10:23] C:\Program Files\<DIR> Scrabble
[12/20/2008|10:03] C:\Program Files\<DIR> SigmaTel
[01/03/2009|10:22] C:\Program Files\<DIR> Tap'Touche
[01/06/2009|05:19] C:\Program Files\<DIR> Trend Micro
[12/20/2008|09:55] C:\Program Files\<DIR> Uninstall Information
[01/06/2009|04:35] C:\Program Files\<DIR> Windows Live
[12/24/2008|02:34] C:\Program Files\<DIR> Windows Media Player
[12/20/2008|09:43] C:\Program Files\<DIR> Windows NT
[12/20/2008|09:46] C:\Program Files\<DIR> WindowsUpdate
[01/06/2009|08:08] C:\Program Files\<DIR> WinRAR
[12/20/2008|09:47] C:\Program Files\<DIR> xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[12/26/2008|08:04] C:\Program Files\Common Files\<DIR> Adobe
[12/26/2008|08:04] C:\Program Files\Common Files\<DIR> Adobe AIR
[12/24/2008|02:37] C:\Program Files\Common Files\<DIR> InstallShield
[01/06/2009|04:33] C:\Program Files\Common Files\<DIR> Microsoft Shared
[12/20/2008|09:45] C:\Program Files\Common Files\<DIR> MSSoap
[12/19/2008|10:28] C:\Program Files\Common Files\<DIR> ODBC
[12/24/2008|02:37] C:\Program Files\Common Files\<DIR> Roxio Shared
[12/20/2008|09:45] C:\Program Files\Common Files\<DIR> Services
[12/26/2008|06:39] C:\Program Files\Common Files\<DIR> Sonic Shared
[12/19/2008|10:28] C:\Program Files\Common Files\<DIR> SpeechEngines
[12/20/2008|09:44] C:\Program Files\Common Files\<DIR> System
[01/06/2009|04:35] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
--------------------\\ Process
( 38 Processes )
iexplore.exe ~ [PID:2904]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 14:13:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:229][D:43]-> C:\DOCUME~1\Pablo\LOCALS~1\Temp
[F:77][D:0]-> C:\DOCUME~1\Pablo\Cookies
[F:1716][D:4]-> C:\DOCUME~1\Pablo\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Tue 01/06/2009|13:44 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Tue 01/06/2009|14:14 - Option : [2]
--------------------\\ Fin du rapport a 14:14:04
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur ' continue ' à l'écran Disclaimer.
▶ Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur ' continue ' à l'écran Disclaimer.
▶ Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Logfile of random's system information tool 1.05 (written by random/random)
Run by Pablo at 2009-01-06 14:30:15
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 8 GB (24%) free of 33 GB
Total RAM: 1005 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:21 PM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Center.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pablo.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CITY LOUD LOCKS EQ] C:\Documents and Settings\All Users\Application Data\About Obj City Loud\Grim Mpeg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Center.lnk = C:\WINDOWS\system32\Center.exe
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
Run by Pablo at 2009-01-06 14:30:15
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 8 GB (24%) free of 33 GB
Total RAM: 1005 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:21 PM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Center.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pablo.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CITY LOUD LOCKS EQ] C:\Documents and Settings\All Users\Application Data\About Obj City Loud\Grim Mpeg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Center.lnk = C:\WINDOWS\system32\Center.exe
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
info.txt logfile of random's system information tool 1.05 2009-01-06 14:30:22
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Boot Camp Services-->MsiExec.exe /I{F0E45628-1218-4865-A516-8E8A54272ADC}
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EA SPORTS online 2008-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EA SPORTS™ NBA LIVE 08-->MsiExec.exe /X{4A0EB804-0413-11DC-8FA2-83B655D89593}
FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
Halo 2 for Windows Vista-->C:\Program Files\Microsoft Games\Halo 2\StartUp.exe /tnp:/remove
Halo 2 for Windows XP [by RoboMASTER]-->C:\Program Files\UninstallHalo2.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
LIVE gaming on Windows Runtime Version 1.0.6027-->MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Madden NFL 08-->C:\Program Files\EA Sports\Madden NFL 08\EAUninstall.exe
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NHL® 08-->MsiExec.exe /X{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Scrabble-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Scrabble\Uninst.isu"
Tap'Touche-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Tap'Touche\DeIsL1.isu" -c"C:\Program Files\Tap'Touche\_ISREG32.DLL"
Tiger Woods PGA TOUR 08-->C:\Program Files\EA Sports\Tiger Woods PGA TOUR 08\EAUninstall.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applebt_5F5CDDBA8C90066BFACA98E240B0E384FD78D0E5\applebt.inf
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\bthkicker_22481FFE232728F300C3EA4B9D04741F71A78A6F\bthkicker.inf
Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\isight_457E352673E04E3628F3481F96106C5726855272\isight.inf
Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\irfilter_6BAE4C4E6E43E4AF7524F089CA605ACCDD038710\irfilter.inf
Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\keymagic_5748EA9D9741D5BA6763BCAC4C6D158F8A7EF029\keymagic.inf
Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\aapltp_BF219E1F63B7461D0F5D650033C78F989EDEE0FB\aapltp.inf
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\aapltctp_762C22B15E03318F1DF4F3D7EEB1E5C1D51F5032\aapltctp.inf
Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applenull_853A42E440968266FB61B6DCC69BD2406D991F68\applenull.inf
Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5211_83E4E86F1350732D629D737DAECF97C35FD29B0F\net5211.inf
Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5416_011416A5D099921307D4CC88E2E5BD075CE39446\net5416.inf
Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\bcmwl5_52A7865A91A2795EC5D7A8EC9B1E1622EA863FFF\bcmwl5.inf
Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\e1000325_4D2F92D840FE9D1A0C33FEC20BFC7747BB0608EA\e1000325.inf
Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\e1e5132_A95FC331A737294D9476DAB83E0F4371146BDFDE\e1e5132.inf
Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\yk51x86_98FE2F08F37A78F4FF0C10AACFE1E827854D61AE\yk51x86.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
=====HijackThis Backups=====
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
======Security center information======
AV: AVG Anti-Virus Free
System event log
Computer Name: PAUL-IMAC
Event Code: 4377
Message: Windows XP Hotfix KB912812 was installed.
Record Number: 5
Source Name: NtServicePack
Time Written: 20081220214718.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: PAUL-IMAC
Event Code: 15007
Message: Reservation for namespace identified by URL prefix http://*:2869/ was successfully added.
Record Number: 4
Source Name: HTTP
Time Written: 20081220214607.000000-240
Event Type: information
User:
Computer Name: PAUL-IMAC
Event Code: 6011
Message: The NetBIOS name and DNS host name of this machine have been changed from MACHINENAME to PAUL-IMAC.
Record Number: 3
Source Name: EventLog
Time Written: 20081220214051.000000-240
Event Type: information
User:
Computer Name: MACHINENAME
Event Code: 6005
Message: The Event log service was started.
Record Number: 2
Source Name: EventLog
Time Written: 20081219222751.000000-240
Event Type: information
User:
Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20081219222751.000000-240
Event Type: information
User:
Application event log
Computer Name: PAUL-IMAC
Event Code: 1000
Message: Performance counters for the ContentIndex (ContentIndex) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 5
Source Name: LoadPerf
Time Written: 20081220214354.000000-240
Event Type: information
User:
Computer Name: PAUL-IMAC
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 4
Source Name: LoadPerf
Time Written: 20081220214352.000000-240
Event Type: information
User:
Computer Name: PAUL-IMAC
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 3
Source Name: LoadPerf
Time Written: 20081220214123.000000-240
Event Type: information
User:
Computer Name: PAUL-IMAC
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 2
Source Name: LoadPerf
Time Written: 20081220214100.000000-240
Event Type: information
User:
Computer Name: PAUL-IMAC
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 1
Source Name: LoadPerf
Time Written: 20081220214059.000000-240
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Boot Camp Services-->MsiExec.exe /I{F0E45628-1218-4865-A516-8E8A54272ADC}
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EA SPORTS online 2008-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EA SPORTS™ NBA LIVE 08-->MsiExec.exe /X{4A0EB804-0413-11DC-8FA2-83B655D89593}
FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
Halo 2 for Windows Vista-->C:\Program Files\Microsoft Games\Halo 2\StartUp.exe /tnp:/remove
Halo 2 for Windows XP [by RoboMASTER]-->C:\Program Files\UninstallHalo2.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
LIVE gaming on Windows Runtime Version 1.0.6027-->MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Madden NFL 08-->C:\Program Files\EA Sports\Madden NFL 08\EAUninstall.exe
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NHL® 08-->MsiExec.exe /X{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Scrabble-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Scrabble\Uninst.isu"
Tap'Touche-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Tap'Touche\DeIsL1.isu" -c"C:\Program Files\Tap'Touche\_ISREG32.DLL"
Tiger Woods PGA TOUR 08-->C:\Program Files\EA Sports\Tiger Woods PGA TOUR 08\EAUninstall.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applebt_5F5CDDBA8C90066BFACA98E240B0E384FD78D0E5\applebt.inf
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\bthkicker_22481FFE232728F300C3EA4B9D04741F71A78A6F\bthkicker.inf
Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\isight_457E352673E04E3628F3481F96106C5726855272\isight.inf
Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\irfilter_6BAE4C4E6E43E4AF7524F089CA605ACCDD038710\irfilter.inf
Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\keymagic_5748EA9D9741D5BA6763BCAC4C6D158F8A7EF029\keymagic.inf
Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\aapltp_BF219E1F63B7461D0F5D650033C78F989EDEE0FB\aapltp.inf
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\aapltctp_762C22B15E03318F1DF4F3D7EEB1E5C1D51F5032\aapltctp.inf
Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applenull_853A42E440968266FB61B6DCC69BD2406D991F68\applenull.inf
Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5211_83E4E86F1350732D629D737DAECF97C35FD29B0F\net5211.inf
Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5416_011416A5D099921307D4CC88E2E5BD075CE39446\net5416.inf
Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\bcmwl5_52A7865A91A2795EC5D7A8EC9B1E1622EA863FFF\bcmwl5.inf
Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\e1000325_4D2F92D840FE9D1A0C33FEC20BFC7747BB0608EA\e1000325.inf
Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\e1e5132_A95FC331A737294D9476DAB83E0F4371146BDFDE\e1e5132.inf
Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\yk51x86_98FE2F08F37A78F4FF0C10AACFE1E827854D61AE\yk51x86.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
=====HijackThis Backups=====
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
======Security center information======
AV: AVG Anti-Virus Free
System event log
Computer Name: PAUL-IMAC
Event Code: 4377
Message: Windows XP Hotfix KB912812 was installed.
Record Number: 5
Source Name: NtServicePack
Time Written: 20081220214718.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: PAUL-IMAC
Event Code: 15007
Message: Reservation for namespace identified by URL prefix http://*:2869/ was successfully added.
Record Number: 4
Source Name: HTTP
Time Written: 20081220214607.000000-240
Event Type: information
User:
Computer Name: PAUL-IMAC
Event Code: 6011
Message: The NetBIOS name and DNS host name of this machine have been changed from MACHINENAME to PAUL-IMAC.
Record Number: 3
Source Name: EventLog
Time Written: 20081220214051.000000-240
Event Type: information
User:
Computer Name: MACHINENAME
Event Code: 6005
Message: The Event log service was started.
Record Number: 2
Source Name: EventLog
Time Written: 20081219222751.000000-240
Event Type: information
User:
Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20081219222751.000000-240
Event Type: information
User:
Application event log
Computer Name: PAUL-IMAC
Event Code: 1000
Message: Performance counters for the ContentIndex (ContentIndex) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 5
Source Name: LoadPerf
Time Written: 20081220214354.000000-240
Event Type: information
User:
Computer Name: PAUL-IMAC
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 4
Source Name: LoadPerf
Time Written: 20081220214352.000000-240
Event Type: information
User:
Computer Name: PAUL-IMAC
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 3
Source Name: LoadPerf
Time Written: 20081220214123.000000-240
Event Type: information
User:
Computer Name: PAUL-IMAC
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 2
Source Name: LoadPerf
Time Written: 20081220214100.000000-240
Event Type: information
User:
Computer Name: PAUL-IMAC
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 1
Source Name: LoadPerf
Time Written: 20081220214059.000000-240
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Re,
C pour moi:
▶ Installe - Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31)
▶ Option:1 => Recherche:
▶ Double cliquer sur SmitfraudFix.exe
▶ Sélectionner 1 et pressez =>Entrée dans le menu pour créer
▶ un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque
système
▶ C:\rapport.txt et colle le rapport génèrer sur le forum.
▶ Ne pas faire l'option 2 sans un avis d'une personne compétente*<=
Tutoriel Smitfraudix
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
C pour moi:
▶ Installe - Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31)
▶ Option:1 => Recherche:
▶ Double cliquer sur SmitfraudFix.exe
▶ Sélectionner 1 et pressez =>Entrée dans le menu pour créer
▶ un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque
système
▶ C:\rapport.txt et colle le rapport génèrer sur le forum.
▶ Ne pas faire l'option 2 sans un avis d'une personne compétente*<=
Tutoriel Smitfraudix
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
SmitFraudFix v2.388
Scan done at 14:51:44.85, Tue 01/06/2009
Run from F:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Center.exe
F:\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pablo
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Pablo\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pablo\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Pablo\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 802.11n Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E28B241-2154-45A1-A8AC-ED3972FBB983}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E28B241-2154-45A1-A8AC-ED3972FBB983}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7E28B241-2154-45A1-A8AC-ED3972FBB983}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 14:51:44.85, Tue 01/06/2009
Run from F:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Center.exe
F:\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pablo
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Pablo\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pablo\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Pablo\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 802.11n Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E28B241-2154-45A1-A8AC-ED3972FBB983}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E28B241-2154-45A1-A8AC-ED3972FBB983}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7E28B241-2154-45A1-A8AC-ED3972FBB983}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Re,
OKI.
▶ Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
▶ Mets le à jour
▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
▶ clique sur Rechercher
▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
▶ Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
▶ Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
▶ Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Tutoriel pour MalwareByte's
OKI.
▶ Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
▶ Mets le à jour
▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
▶ clique sur Rechercher
▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
▶ Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
▶ Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
▶ Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Tutoriel pour MalwareByte's
