Sujet Précédent Sujet Suivant

Bagle inside

Résolu
Bartman -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

Pour faire original je suis infécté par Bagle.
Je le sais car je suis allé sur le site de F secure qui m'en à détecté.
Avast ne demarre plus, Ni ccleaner, ni HiJackThis.
AD aware n'a enlevé que des choses sans grande importance.
Dans un topic semblable j'ai vu qu'il fallait faire un Elibagla.
ET voici le rapport :

Tue Feb 03 19:05:46 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\293281.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\352187.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\DOWNLD\299343.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\DOWNLD\413937.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\DOWNLD\425062.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Feb 03 19:07:52 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Eliminada Carpeta "%WinSys%\Drivers\Down"
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Feb 03 19:08:01 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Tue Feb 03 19:08:50 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\DOWNLD\279984.EXE --> Eliminado Bagle.dldr
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Feb 03 19:09:18 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\Documents and Settings\Administrateur\Bureau"

Nº Total de Directorios: 48
Nº Total de Ficheros: 184
Nº de Ficheros Analizados: 27
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Tue Feb 03 19:09:26 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Tue Feb 03 19:09:33 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Feb 03 19:10:28 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Feb 03 19:10:48 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Tue Feb 03 19:10:58 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\DOWNLD\403140.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\DOWNLD\413609.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Feb 03 19:11:02 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Tue Feb 03 19:12:14 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Feb 03 19:12:20 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Tue Feb 03 19:15:49 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Feb 03 19:23:37 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 37538
Nº Total de Ficheros: 399552
Nº de Ficheros Analizados: 19614
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Tue Feb 03 19:40:02 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Reinicie para Completar la Limpieza.

Tue Feb 03 19:40:45 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 37538
Nº Total de Ficheros: 399555
Nº de Ficheros Analizados: 19614
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Tue Feb 03 19:57:41 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Reinicie para Completar la Limpieza.

Tue Feb 03 19:59:11 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 103
Nº Total de Ficheros: 537
Nº de Ficheros Analizados: 99
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Tue Feb 03 19:59:50 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Tue Feb 03 20:00:08 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "J:\"

Tue Feb 03 20:03:00 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.17
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Reinicie para Completar la Limpieza.

Tue Feb 03 20:05:33 2009
EliBagle v12.17 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "J:\"

Nº Total de Directorios: 5243
Nº Total de Ficheros: 95393
Nº de Ficheros Analizados: 365
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

====================================

Il à été lancé plusieurs fois car le mode sans échec fait un écran bleu.

J'ai toujours l'application NTSB qui semble être résponsable de ce problème et qui fait rebouter le PC.

J'ai fait aussi un Malware Byte anti malware :

=====================================
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1721
Windows 5.1.2600 Service Pack 3

03/02/2009 21:56:40
mbam-log-2009-02-03 (21-56-34).txt

Type de recherche: Examen rapide
Eléments examinés: 55280
Temps écoulé: 3 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.2.3 (Trojan.AntiLeechPlugin) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Anti-Leech (Trojan.AntiLeechPlugin) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\Administrateur\Application Data\m (Trojan.Agent) -> No action taken.
C:\Program Files\Anti-Leech (Trojan.AntiLeechPlugin) -> No action taken.
C:\Program Files\Anti-Leech\ALNN (Trojan.AntiLeechPlugin) -> No action taken.

Fichier(s) infecté(s):
C:\Program Files\Mozilla Firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> No action taken.
C:\Program Files\Mozilla Firefox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> No action taken.
C:\Documents and Settings\Administrateur\Application Data\m\data.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrateur\Application Data\m\list.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct (Trojan.Agent) -> No action taken.
C:\Program Files\Anti-Leech\ALNN\alhlp.exe (Trojan.AntiLeechPlugin) -> No action taken.
C:\Program Files\Anti-Leech\ALNN\npalnn.dll (Trojan.AntiLeechPlugin) -> No action taken.
C:\Program Files\Anti-Leech\ALNN\setup2.exe (Trojan.AntiLeechPlugin) -> No action taken.
C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> No action taken.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> No action taken.
C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe (Trojan.Agent) -> No action taken.

======================================

Merci d'avance.

14 réponses

Réponse 1 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

--> Télécharge FindyKill (par Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 1 (Recherche).

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
1
Bartman
 
Bonsoir,
et tout d'abord merci de me répondre.

Voici le rapport FindyKill:



###################### [ FindyKill V4.715 ]

# User : Administrateur - HP_DAVID
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours 29/01/09 par Chiquitine29
# Recherche effectuée à 22:31:14 le 03/02/2009
# Windows XP - Internet Explorer 7.0.5730.11

# [ FindyKill V4.715 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe
C:\WINDOWS\system32\wintems.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe

\\\\\\\\\\\\\\\\\\ [ Processus infectieux stoppés ] ///////////////////


"C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe" (2724)
"C:\WINDOWS\system32\wintems.exe" (2760)


\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////


################## [ C:\ ]

Found ! [03/02/2009 19:05] - "C:\Muestras"
Found ! [03/02/2009 22:31] - C:\InfoSat.txt

################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]


################## [ C:\WINDOWS\system32 ]

Found ! [03/02/2009 19:10] - C:\WINDOWS\system32\mdelk.exe
Found ! [03/02/2009 19:10] - C:\WINDOWS\system32\wintems.exe

################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\Documents and Settings\Administrateur\Application Data ]

Found ! [03/02/2009 19:08] - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Found ! [03/02/2009 20:09] - "C:\Documents and Settings\Administrateur\Application Data\m\shared"
Found ! [03/02/2009 22:27] - "C:\Documents and Settings\Administrateur\Application Data\m"
Found ! [03/02/2009 19:07] - "C:\Documents and Settings\Administrateur\Application Data\drivers"
Found ! [03/02/2009 19:06] - "C:\Documents and Settings\Administrateur\Application Data\drivers\wfsintwq.sys"
Found ! [02/04/2004 08:08] - "C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe"
Found ! [03/02/2009 19:10] - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"

################## [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ]


\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
<NO NAME>=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
TransBar=C:\Windows\System32\TransBar.exe /s
Logitech Hardware Abstraction Layer=KHALMNPR.EXE
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
LocalCooling="C:\Program Files\LocalCooling\localcooling.exe" -s
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
Kernel and Hardware Abstraction Layer=KHALMNPR.EXE
AdobeCS4ServiceManager="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
RTHDCPL=RTHDCPL.EXE
SoundMan=SOUNDMAN.EXE
AlcWzrd=ALCWZRD.EXE
Alcmtr=ALCMTR.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\serial]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\SuperCopier2]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////


Found ! - HKEY_USERS\S-1-5-21-1993962763-1364589140-725345543-500\Software\Local AppWizard-Generated Applications\serial
Found ! - HKEY_USERS\S-1-5-21-1993962763-1364589140-725345543-500\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1993962763-1364589140-725345543-500\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1993962763-1364589140-725345543-500\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-1993962763-1364589140-725345543-500\Software\Ubisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////


# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - # Type de démarrage = 4

EapHost - # Type de démarrage = 3

/!\ Ip6Fw - # Type de démarrage = 4

SharedAccess - # Type de démarrage = 2

wuauserv - # Type de démarrage = 2

/!\ wscsvc - # Type de démarrage = 4


\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////


# Informations :

C: - Lecteur fixe

D: - Lecteur de CD-ROM

J: - Lecteur fixe


# presence des fichiers :



\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////


-> Not found !


################## [ ! Fin du rapport # FindyKill V4.715 ! ]
0
Réponse 2 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
C:\Program Files\SuperCopier2l

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
1
Bartman
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Program Files\SuperCopier2l not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02032009_235555

ah ? je vais devoir réinstaller Avast et supercopier du coup
0
Bartman
 
Justement j'ai Ccleané et Je tente de réinstaller Avast : il me jette prodigieusement.....

PS : j'ai toujours un MOM.exe de lancé

?????
0
Réponse 3 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
"MOM.exe n'est donc pas un problème ?"
---> MOM.exe vient du pilote ATI.

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
1
Réponse 4 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Supprime JavaRa.

Pour OTMoveIt3, j'avais fait une erreur dans le script, recommence avec celui-ci :

:processes
explorer.exe

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"=-

:commands
[purity]
[emptytemp]
[reboot]
1
Bartman
 
Ca a donné ça.

En tout ca un grand merci pour toutes ces infos.
JE vais tenter de trouver le bouton résolu quelque part.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_9PoGRSRojfvheflDAq3u scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1b4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02082009_173804

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_9PoGRSRojfvheflDAq3u not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_1b4.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\XUL.mfl moved successfully.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
--> Supprime tes cracks et keygens.

--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura un redémarrage, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
0
Réponse 6 / 14
Bartman
 
###################### [ FindyKill V4.715 ]

# User : Administrateur - HP_DAVID
# Executed from : C:\Program Files\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 22:45:34 the 03/02/2009
# Windows XP - Internet Explorer 7.0.5730.11

# [ FindyKill V4.715 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LogonUI.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////

################## [ C:\ ]

Deleted ! - "C:\Muestras"
Deleted ! - C:\InfoSat.txt

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\Administrateur\Application Data ]

Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\inst.exe"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers"

################## [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ]

################## [ C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5 ]

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-1993962763-1364589140-725345543-500\Software\Local AppWizard-Generated Applications\serial
Deleted ! - HKEY_USERS\S-1-5-21-1993962763-1364589140-725345543-500\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1993962763-1364589140-725345543-500\Software\MuleAppData
Deleted ! - HKEY_USERS\S-1-5-21-1993962763-1364589140-725345543-500\Software\Ubisoft

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

EapHost - # Type of startup = 2

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2

\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Lecteur fixe

D: - Lecteur de CD-ROM

J: - Lecteur fixe

# deleting files :

\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////

-> Not found !

\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

Références de comparaison Bagle MD5 :

17943dcf C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe
f901975df1c7e8638d08a0f0f11c823d C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe

Suspect ! - f901975df1c7e8638d08a0f0f11c823d C:\Program Files\SuperCopier2\SuperCopier2.exe

\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////

C:\Program Files\ActiveState Komodo IDE 4.2\lib\mozilla\python\komodo\twisted\python\zsh\_ckeygen
C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Custom Data\Bumpmap\Cracks.cpt
C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Custom Data\Canvas\cracks2c.pcx
C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Custom Data\Tiles\CRACKS2M.CPT
C:\Program Files\Microsoft Games\Rise Of Legends\audio\units\Cuotl\CzinWhipCrackB01.wav
C:\Program Files\Microsoft Games\Rise Of Legends\audio\units\Cuotl\CzinWhipCrackB02.wav
C:\Program Files\Microsoft Games\Rise Of Legends\audio\units\Cuotl\CzinWhipCrackB03.wav
C:\Program Files\Rockstar Games\GTA San Andreas\data\Decision\Craig\crack1.ped
C:\Program Files\Serif\WebPlus\10.0\Borders\crackerc.wmf
C:\Program Files\Serif\WebPlus\10.0\Borders\crackers.wmf
C:\Program Files\Serif\WebPlus\10.0\Images\Christmas\Cracker.png
C:\Program Files\Valve\Steam\SteamApps\dlewin\half-life 2 deathmatch\hl2mp\sound\strutter\crack.mp3

################## [ ! End of report # ! ]

A part Komodo IDE, le reste ne concerne pas des crack ou keygen
0
Réponse 7 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
"Je tente de réinstaller Avast : il me jette prodigieusement....."

---> C'est-à-dire ?
0
Bartman
 
en fait c'était du à un téléchargement d'avast corrompu.

MOM.exe n'est donc pas un problème ?
0
Réponse 8 / 14
Bartman
 
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-02-04 23:34:48
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 43 GB (27%) free of 159 GB
Total RAM: 3582 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34:59, on 04/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\LocalCooling\localcooling.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Mes documents\telechargements\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ALPassHelper Class - {00533B73-E574-46E9-B06A-FDF4592E67CB} - C:\Program Files\ESTsoft\ALPass\ApsHelper14.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ript - {91D9091B-2046-42f7-903E-1215A29E21EA} - C:\Program Files\Ript\mscoree.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LocalCooling] "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Annoter avec Bamboo Link - C:\Program Files\Wacom\Bamboo Link\AnnotateWithErgo.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Program Files\ESTsoft\ALPass\ALPass.exe
O9 - Extra 'Tools' menuitem: ALPass - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Program Files\ESTsoft\ALPass\ALPass.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
0
Réponse 9 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
1/

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"=-

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

2/

---> Télécharge JavaRa.zip (de Paul 'Prm753' McLain et Fred de Vries) sur ton Bureau.
* Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique sur le répertoire JavaRa.
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Choisis Français puis clique sur Select.
* Clique sur Recherche de mises à jour.
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
* Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.

Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.
0
Bartman
 
Bonjour,

voici le rapport OTMoveIt3 :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] not found.
File/Folder C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"= not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_B9d5SAqiLjdUfsa8gSh1 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2d8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02072009_124738

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_B9d5SAqiLjdUfsa8gSh1 not found!
C:\WINDOWS\temp\_avast4_\Webshlock.txt moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_2d8.dat moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7vuhs5js.default\XUL.mfl moved successfully.


===================================================

et JavaRA :

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Feb 07 12:58:38 2009

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.




===================================================
0
Réponse 10 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge Lop S&D sur ton Bureau.
---> Double-clique dessus pour lancer l'installation.
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
---> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
---> Patiente jusqu'à la fin du scan.
---> Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
0
Bartman
 
voilà
*

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090209-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:155 Go (Free:41 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)
J:\ (Local Disk) - NTFS - Total:149 Go (Free:38 Go)
K:\ (CD or DVD)
L:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 09/02/2009|19:04 )

--------------------\\ Listing des dossiers dans APPLIC~1

[18/01/2008|21:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\.ABC
[24/10/2008|00:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\1&1
[19/06/2008|19:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\ACD Systems
[27/11/2007|22:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\ActiveState
[04/01/2009|10:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[07/11/2008|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[15/06/2008|22:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ambient Design
[23/12/2007|15:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Anvil Studio
[01/01/2009|14:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[03/01/2009|17:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[04/02/2009|09:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\AVS4YOU
[30/11/2007|21:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
[01/01/2009|23:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Bamboo Scribe
[01/12/2007|18:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Borland
[03/01/2009|20:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\com.adobe.ExMan
[02/07/2008|21:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
[11/08/2007|17:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\CrystalApp
[11/08/2007|17:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\CrystalSpace
[07/12/2007|22:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\DAEMON Tools Pro
[14/10/2007|16:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\DALEDOESBASE
[15/08/2007|14:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\delta3d.org
[15/10/2008|21:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Disney Interactive Studios
[03/02/2009|23:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\drivers
[02/02/2009|22:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
[23/08/2008|18:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\e frontier
[01/01/2009|23:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ergo
[05/10/2008|19:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\ESTsoft
[31/01/2009|12:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\FileZilla
[15/08/2007|14:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\fltk.org
[25/01/2009|13:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Foxit
[26/08/2007|14:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\GRETECH
[10/10/2007|17:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\gtk-2.0
[11/11/2007|18:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[04/08/2008|20:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\IAR Embedded Workbench
[11/08/2007|12:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[03/08/2008|22:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\ijjigame
[11/08/2007|17:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[11/08/2007|14:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
[25/12/2007|16:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Line 6
[11/08/2007|17:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Logitech
[12/08/2007|11:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[03/06/2008|22:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[19/01/2008|22:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[31/12/2008|18:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[01/12/2007|18:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\ModelMakerTools
[31/08/2008|08:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[08/11/2007|21:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Music Recognition
[23/01/2009|23:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nokia
[23/11/2008|17:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Notepad++
[03/08/2008|21:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\NPLUTO Corporation
[30/09/2008|19:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
[14/09/2008|18:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Poser 7
[30/10/2007|19:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\PyScripter
[10/10/2007|17:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\RadiantSettings
[19/01/2008|22:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[31/12/2008|16:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ript
[23/02/2008|13:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Roni Music
[19/01/2008|10:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\sabayonlinux
[11/11/2007|11:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
[02/11/2007|11:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Serif
[03/11/2008|20:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
[03/11/2008|19:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\skypePM
[03/12/2007|19:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Stranger Demo
[11/08/2007|12:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Styler
[18/08/2007|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[11/08/2007|14:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
[08/06/2008|18:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\TaoUSign
[11/08/2007|17:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird
[24/09/2007|19:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\uk.co.planetside
[01/01/2008|10:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Universalis V13
[02/11/2007|11:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\VCOM
[22/10/2008|06:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[08/02/2009|23:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
[24/05/2008|11:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Winamp
[11/08/2007|17:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
[15/08/2008|23:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Wormux
[09/02/2009|18:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\WTablet
[11/08/2007|16:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Xentient

[23/12/2007|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{AB3EC276-D261-4943-A921-1CC1C6799AED}
[03/01/2009|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/07/2008|18:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[10/07/2008|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/01/2009|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ashampoo
[10/01/2009|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[04/02/2009|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[23/12/2007|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CodeGear
[01/07/2008|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Codemasters
[16/08/2008|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[07/12/2007|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
[05/10/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
[12/05/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[04/12/2007|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
[10/01/2009|00:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[27/06/2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[25/12/2007|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Line 6
[01/01/2008|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Link Data Security
[11/08/2007|17:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[11/08/2007|17:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[03/02/2009|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[03/06/2008|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[11/08/2007|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Martau
[10/01/2009|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[09/12/2008|23:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[26/08/2007|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[01/10/2008|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[17/11/2007|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[30/09/2008|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[09/01/2008|22:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[26/08/2007|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco
[19/01/2008|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[31/12/2008|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ript
[27/09/2007|06:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
[01/05/2008|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[04/02/2009|00:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[08/02/2009|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[25/05/2008|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[01/01/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania United
[25/12/2007|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[06/06/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
[15/06/2008|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UniversalisV13
[02/11/2007|11:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VCOM
[14/09/2008|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
[31/03/2008|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[23/08/2005|22:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[11/08/2007|12:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[03/06/2008|06:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[03/06/2008|06:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback
[09/02/2009|18:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\WTablet

[11/08/2007|11:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[09/02/2009 18:57][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1364589140-725345543-500.job
[09/02/2009 19:00][--ah-----] C:\WINDOWS\tasks\A1AAAFDE91852E5A.job
[09/02/2009 18:44][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A1AAAFDE91852E5A.job )=( c:\docume~1\admini~1\applic~1\daledo~1\grimmovecamp.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[24/10/2008|00:10] C:\Program Files\1&1
[31/12/2007|18:35] C:\Program Files\3DViewer
[26/11/2007|19:20] C:\Program Files\7-Zip
[08/02/2009|18:22] C:\Program Files\AC3Filter
[27/11/2007|22:05] C:\Program Files\ActiveState Komodo IDE 4.2
[03/02/2009|13:44] C:\Program Files\Ad-Aware
[03/01/2009|19:27] C:\Program Files\Adobe
[03/01/2009|19:24] C:\Program Files\Adobe Media Player
[12/05/2008|18:02] C:\Program Files\Advanced Serial Port Monitor
[04/01/2008|12:03] C:\Program Files\AFT software
[23/02/2008|19:44] C:\Program Files\AGEIA Technologies
[05/02/2009|20:02] C:\Program Files\AIMP2
[14/10/2007|15:07] C:\Program Files\Alwil Software
[20/06/2008|17:47] C:\Program Files\Ambient Design
[12/10/2008|14:49] C:\Program Files\Anark
[19/08/2007|18:28] C:\Program Files\Anti-Leech
[22/12/2007|13:56] C:\Program Files\Anvil Studio
[10/07/2008|18:43] C:\Program Files\Apple Software Update
[10/01/2009|20:02] C:\Program Files\Atheros
[10/01/2009|19:24] C:\Program Files\ATI Technologies
[12/01/2008|22:42] C:\Program Files\AutoIt3
[08/02/2009|18:15] C:\Program Files\AviSynth 2.5
[04/02/2009|11:31] C:\Program Files\AVS4YOU
[30/12/2008|19:37] C:\Program Files\Bamboo Scribe 2.6
[29/11/2008|17:09] C:\Program Files\BankPerfect
[08/06/2008|11:23] C:\Program Files\BEL
[07/06/2008|18:05] C:\Program Files\Black Element Software
[13/10/2007|19:15] C:\Program Files\Blender Foundation
[03/01/2009|17:15] C:\Program Files\CCleaner
[05/10/2008|21:52] C:\Program Files\CDisplay
[08/02/2009|18:28] C:\Program Files\cheapestsoft
[17/03/2008|22:20] C:\Program Files\CLIPS
[23/12/2007|20:12] C:\Program Files\CodeGear
[01/07/2008|19:50] C:\Program Files\Codemasters
[06/11/2008|23:20] C:\Program Files\Comical
[03/08/2008|21:44] C:\Program Files\Common Files
[11/11/2007|11:25] C:\Program Files\Compare It!
[11/08/2007|11:43] C:\Program Files\ComPlus Applications
[02/07/2008|21:05] C:\Program Files\Corel
[12/08/2007|17:02] C:\Program Files\CS
[15/08/2007|14:50] C:\Program Files\Delta3D_1.5.0
[30/09/2008|19:28] C:\Program Files\DIFX
[15/10/2008|21:45] C:\Program Files\Disney Interactive Studios
[08/02/2009|18:19] C:\Program Files\DivX
[17/11/2008|19:38] C:\Program Files\DVDFab 5
[23/08/2008|18:03] C:\Program Files\e frontier
[11/11/2007|18:29] C:\Program Files\Easy CD-DA Extractor 10
[11/11/2007|11:44] C:\Program Files\El Juky
[08/06/2008|11:36] C:\Program Files\Eltima Software
[11/11/2007|18:11] C:\Program Files\ESTsoft
[24/10/2006|06:44] C:\Program Files\Everest
[19/10/2008|16:05] C:\Program Files\Far Cry (c) UBI Soft
[04/02/2009|09:04] C:\Program Files\Fichiers communs
[17/01/2009|19:01] C:\Program Files\FileZilla Client
[19/11/2008|19:29] C:\Program Files\Flash Magic
[20/08/2008|08:02] C:\Program Files\flatpick_guitar_solos
[25/01/2009|13:03] C:\Program Files\Foxit Software
[03/02/2009|12:58] C:\Program Files\Free Audio Pack
[03/02/2009|12:55] C:\Program Files\Free Easy Burner
[04/02/2009|00:04] C:\Program Files\Free Video Converter
[02/02/2009|19:21] C:\Program Files\freestar
[04/12/2007|22:09] C:\Program Files\GNU
[11/08/2008|20:56] C:\Program Files\Google
[27/06/2008|07:46] C:\Program Files\gPotato.eu
[26/08/2007|12:07] C:\Program Files\GRETECH
[25/12/2007|20:09] C:\Program Files\Guitar Pro 5
[08/02/2009|18:20] C:\Program Files\Haali
[12/08/2007|09:58] C:\Program Files\Hewlett-Packard
[22/06/2008|14:10] C:\Program Files\HHD Software
[15/08/2008|18:22] C:\Program Files\H-JTAG
[12/08/2007|10:00] C:\Program Files\hp deskjet 5550 series
[07/02/2009|23:59] C:\Program Files\Hurrican
[15/08/2008|17:15] C:\Program Files\IAR Systems
[14/06/2006|17:46] C:\Program Files\IE Privacy Keeper
[04/11/2008|20:53] C:\Program Files\ImTOO
[03/01/2008|09:16] C:\Program Files\innotek VirtualBox
[25/01/2009|12:41] C:\Program Files\InstallShield Installation Information
[01/05/2008|15:37] C:\Program Files\Intel
[09/12/2008|23:30] C:\Program Files\Internet Explorer
[05/10/2008|19:36] C:\Program Files\IrfanView
[07/02/2009|12:58] C:\Program Files\Java
[31/08/2008|18:45] C:\Program Files\Jazz_Guitar_Solos_Vol_1-4
[10/10/2007|10:42] C:\Program Files\JGsoft
[27/09/2007|07:09] C:\Program Files\KeePass Password Safe
[12/05/2008|15:05] C:\Program Files\khi3
[15/10/2007|07:28] C:\Program Files\KProbe
[12/05/2008|14:52] C:\Program Files\LcdStudio
[25/12/2007|16:03] C:\Program Files\Line6
[19/01/2009|21:45] C:\Program Files\Lionhead Studios
[15/01/2009|22:41] C:\Program Files\LizardTech
[31/05/2008|21:25] C:\Program Files\LM Version-2.5-F
[05/02/2008|22:49] C:\Program Files\LocalCooling
[01/05/2008|15:33] C:\Program Files\Logitech
[12/05/2008|17:58] C:\Program Files\MAA
[03/02/2009|22:22] C:\Program Files\ma-config.com
[19/10/2008|14:51] C:\Program Files\Macraigor Systems
[27/12/2007|15:11] C:\Program Files\Majorem
[03/02/2009|21:56] C:\Program Files\Malwarebytes' Anti-Malware
[08/11/2007|20:25] C:\Program Files\M-Audio Midisport 1x1
[19/01/2008|22:16] C:\Program Files\Media Player Classic
[05/02/2009|19:36] C:\Program Files\MediaMonkey
[10/09/2008|22:00] C:\Program Files\Messenger
[31/08/2008|18:34] C:\Program Files\Micro Application
[02/12/2007|23:19] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10/09/2008|18:31] C:\Program Files\microsoft frontpage
[25/01/2009|12:41] C:\Program Files\Microsoft Games
[30/12/2008|19:34] C:\Program Files\Microsoft SQL Server Compact Edition
[23/12/2007|19:34] C:\Program Files\Microsoft Visual Studio 8
[30/09/2007|12:30] C:\Program Files\Microsoft Works
[23/12/2007|19:32] C:\Program Files\Microsoft.NET
[25/01/2009|11:56] C:\Program Files\Monkey Studio IDE
[05/07/2008|11:14] C:\Program Files\Montparnasse Multimedia - France T‚l‚com
[09/09/2008|22:39] C:\Program Files\Movie Maker
[09/02/2009|19:02] C:\Program Files\Mozilla Firefox
[09/02/2009|18:59] C:\Program Files\Mozilla Thunderbird
[30/09/2008|21:03] C:\Program Files\MSBuild
[22/09/2007|11:20] C:\Program Files\MSECache
[09/09/2008|22:39] C:\Program Files\msn
[10/09/2008|18:31] C:\Program Files\msn gaming zone
[14/01/2009|21:26] C:\Program Files\mst software
[27/08/2007|18:37] C:\Program Files\MSXML 4.0
[03/07/2008|22:25] C:\Program Files\MSXML 6.0
[26/08/2007|20:44] C:\Program Files\Nero
[10/09/2008|18:31] C:\Program Files\netmeeting
[06/11/2008|23:34] C:\Program Files\NewsLeecher
[10/01/2009|02:08] C:\Program Files\Nokia
[23/11/2008|16:58] C:\Program Files\Notepad++
[15/08/2007|14:26] C:\Program Files\OpenAL
[09/09/2008|22:37] C:\Program Files\Outlook Express
[25/11/2007|11:19] C:\Program Files\Passbox2007
[10/01/2009|02:07] C:\Program Files\PC Connectivity Solution
[19/06/2008|19:41] C:\Program Files\Pcsx2_0.9.4
[30/12/2008|19:31] C:\Program Files\PenLauncher
[11/08/2008|20:56] C:\Program Files\Picasa2
[20/08/2008|08:00] C:\Program Files\PowerTracks DirectX Plugins
[17/03/2008|22:15] C:\Program Files\PyScripter
[10/07/2008|18:44] C:\Program Files\QuickTime
[14/09/2008|15:45] C:\Program Files\Quintessential Media Player
[27/12/2007|13:37] C:\Program Files\Rainlendar2
[26/08/2007|21:17] C:\Program Files\Raxco
[19/01/2008|22:16] C:\Program Files\Real Alternative
[01/05/2008|15:35] C:\Program Files\Realtek
[30/09/2008|21:01] C:\Program Files\Reference Assemblies
[16/09/2007|10:49] C:\Program Files\ReflexiveArcade
[22/06/2008|21:35] C:\Program Files\Remove Empty Directories
[10/12/2007|07:56] C:\Program Files\RenderWare AI Demos
[31/12/2008|16:10] C:\Program Files\Ript
[31/10/2008|18:21] C:\Program Files\Rockstar Games
[20/08/2008|08:01] C:\Program Files\Roland
[23/02/2008|13:21] C:\Program Files\Roni Music
[31/08/2008|18:21] C:\Program Files\Rowley Associates Limited
[20/01/2008|22:21] C:\Program Files\Rumble Box
[25/05/2008|18:39] C:\Program Files\SEGA
[02/11/2007|11:30] C:\Program Files\Serif
[27/09/2007|06:55] C:\Program Files\Siber Systems
[03/05/2008|19:18] C:\Program Files\Skype
[31/03/2008|15:01] C:\Program Files\SoftChris
[03/02/2009|13:41] C:\Program Files\Spybot - Search & Destroy
[09/08/2008|12:01] C:\Program Files\STMicroelectronics
[16/11/2008|11:14] C:\Program Files\Styler
[04/02/2009|11:32] C:\Program Files\SuperCopier2
[03/01/2009|10:48] C:\Program Files\Tablet
[12/01/2008|23:04] C:\Program Files\Telltale Games
[24/09/2007|19:18] C:\Program Files\Terragen
[17/10/2008|20:31] C:\Program Files\Texmaker
[17/10/2008|20:31] C:\Program Files\TeXnicCenter
[16/11/2008|11:02] C:\Program Files\TGTSoft
[23/08/2007|21:29] C:\Program Files\The Regex Coach
[22/06/2008|17:41] C:\Program Files\THQ
[24/05/2008|13:58] C:\Program Files\TmNationsForever
[06/07/2008|17:01] C:\Program Files\ToneLab SoundEditor
[12/05/2008|10:56] C:\Program Files\Total Uninstall 4
[01/01/2009|14:04] C:\Program Files\Total Video Converter
[30/09/2007|16:33] C:\Program Files\TrackManiaDemoInternet
[12/05/2008|14:00] C:\Program Files\Tremulous
[04/02/2009|23:34] C:\Program Files\Trend Micro
[08/12/2007|20:12] C:\Program Files\TweakRAM
[14/06/2006|17:46] C:\Program Files\UberIcon
[06/06/2008|23:49] C:\Program Files\Ubisoft
[19/01/2008|08:44] C:\Program Files\Ultra RM Converter
[14/01/2009|21:31] C:\Program Files\UltraISO
[11/08/2007|11:43] C:\Program Files\Uninstall Information
[01/01/2008|10:47] C:\Program Files\Universalis
[15/11/2008|23:52] C:\Program Files\uTorrent
[24/02/2008|17:07] C:\Program Files\Valve
[11/08/2007|14:32] C:\Program Files\VideoLAN
[05/12/2008|19:18] C:\Program Files\Vivendi Universal Games
[12/05/2008|10:18] C:\Program Files\VS Revo Group
[09/08/2008|16:28] C:\Program Files\VSO
[30/12/2008|19:35] C:\Program Files\Wacom
[17/09/2007|20:58] C:\Program Files\Warblade
[01/06/2008|19:32] C:\Program Files\Winamp
[10/01/2007|21:21] C:\Program Files\Windows Defender
[30/12/2008|19:33] C:\Program Files\Windows Desktop Search
[09/09/2008|22:37] C:\Program Files\Windows Media Player
[10/09/2008|18:31] C:\Program Files\windows nt
[10/01/2007|21:20] C:\Program Files\Windows Sidebar
[11/08/2007|11:45] C:\Program Files\WindowsUpdate
[08/06/2008|09:51] C:\Program Files\Winrar
[02/02/2008|12:59] C:\Program Files\WMV9_VCM
[15/08/2007|10:49] C:\Program Files\Worldweaver
[08/02/2009|18:20] C:\Program Files\x264
[10/09/2008|18:31] C:\Program Files\xerox
[08/02/2009|18:20] C:\Program Files\Xvid

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[19/06/2008|19:39] C:\Program Files\Fichiers communs\ACD Systems
[03/01/2009|19:25] C:\Program Files\Fichiers communs\Adobe
[03/01/2009|19:24] C:\Program Files\Fichiers communs\Adobe AIR
[26/08/2007|20:45] C:\Program Files\Fichiers communs\Ahead
[04/02/2009|11:31] C:\Program Files\Fichiers communs\AVSMedia
[23/12/2007|20:12] C:\Program Files\Fichiers communs\Borland Shared
[23/12/2007|20:12] C:\Program Files\Fichiers communs\CodeGear Shared
[02/07/2008|21:06] C:\Program Files\Fichiers communs\Corel
[30/09/2007|12:30] C:\Program Files\Fichiers communs\DESIGNER
[14/01/2009|21:31] C:\Program Files\Fichiers communs\EZB Systems
[09/04/2008|22:04] C:\Program Files\Fichiers communs\IAR Systems
[27/06/2008|07:46] C:\Program Files\Fichiers communs\InstallShield
[12/08/2007|15:38] C:\Program Files\Fichiers communs\Java
[01/09/2008|18:02] C:\Program Files\Fichiers communs\Logishrd
[01/09/2008|18:02] C:\Program Files\Fichiers communs\Logitech
[03/01/2009|19:15] C:\Program Files\Fichiers communs\Macrovision Shared
[10/09/2008|18:31] C:\Program Files\Fichiers communs\Microsoft Shared
[11/08/2007|11:44] C:\Program Files\Fichiers communs\MSSoap
[10/01/2009|02:08] C:\Program Files\Fichiers communs\Nokia
[11/08/2007|13:37] C:\Program Files\Fichiers communs\ODBC
[10/01/2009|02:09] C:\Program Files\Fichiers communs\PCSuite
[02/07/2008|21:08] C:\Program Files\Fichiers communs\Protexis
[26/08/2007|21:17] C:\Program Files\Fichiers communs\Raxco
[11/08/2007|11:45] C:\Program Files\Fichiers communs\Services
[01/05/2008|15:12] C:\Program Files\Fichiers communs\Skype
[10/09/2008|18:31] C:\Program Files\Fichiers communs\speechengines
[09/09/2008|22:37] C:\Program Files\Fichiers communs\System
[23/02/2008|19:44] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 50 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\ADMINI~1\APPLIC~1\DALEDO~1

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ADMINI~1\APPLIC~1\daledo~1
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsl27.tmp
C:\WINDOWS\Tasks\A1AAAFDE91852E5A.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hide glue dead]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\DALEDO~1\\vcblahtitle.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 19:06:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:43][D:3]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:8][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 09/02/2009|19:07 - Option : [1]

--------------------\\ Fin du rapport a 19:07:59
0
Réponse 11 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance Lop S&D.
---> Choisis cette fois-ci l'option 2 (Suppression).
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
0
Bartman
 
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090211-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:155 Go (Free:41 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)
J:\ (Local Disk) - NTFS - Total:149 Go (Free:38 Go)
K:\ (CD or DVD)
L:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 11/02/2009|21:44 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsl27.tmp
Supprime! - C:\WINDOWS\Tasks\A1AAAFDE91852E5A.job
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\daledo~1
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[18/01/2008|21:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\.ABC
[24/10/2008|00:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\1&1
[19/06/2008|19:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\ACD Systems
[27/11/2007|22:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\ActiveState
[04/01/2009|10:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[07/11/2008|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[15/06/2008|22:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ambient Design
[23/12/2007|15:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Anvil Studio
[01/01/2009|14:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[03/01/2009|17:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[04/02/2009|09:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\AVS4YOU
[30/11/2007|21:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
[01/01/2009|23:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Bamboo Scribe
[01/12/2007|18:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Borland
[03/01/2009|20:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\com.adobe.ExMan
[02/07/2008|21:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
[11/08/2007|17:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\CrystalApp
[11/08/2007|17:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\CrystalSpace
[07/12/2007|22:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\DAEMON Tools Pro
[15/08/2007|14:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\delta3d.org
[15/10/2008|21:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Disney Interactive Studios
[03/02/2009|23:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\drivers
[02/02/2009|22:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
[23/08/2008|18:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\e frontier
[01/01/2009|23:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ergo
[05/10/2008|19:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\ESTsoft
[31/01/2009|12:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\FileZilla
[15/08/2007|14:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\fltk.org
[25/01/2009|13:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Foxit
[26/08/2007|14:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\GRETECH
[10/10/2007|17:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\gtk-2.0
[11/11/2007|18:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[04/08/2008|20:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\IAR Embedded Workbench
[11/08/2007|12:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[03/08/2008|22:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\ijjigame
[11/08/2007|17:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[11/08/2007|14:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
[25/12/2007|16:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Line 6
[11/08/2007|17:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Logitech
[12/08/2007|11:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[03/06/2008|22:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[19/01/2008|22:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[31/12/2008|18:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[23/09/2007|16:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\MilkShape 3D 1.x.x
[01/12/2007|18:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\ModelMakerTools
[31/08/2008|08:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[08/11/2007|21:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Music Recognition
[07/11/2008|00:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\NewsLeecher
[23/01/2009|23:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nokia
[23/11/2008|17:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Notepad++
[03/08/2008|21:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\NPLUTO Corporation
[30/09/2008|19:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
[14/09/2008|18:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Poser 7
[30/10/2007|19:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\PyScripter
[10/10/2007|17:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\RadiantSettings
[19/01/2008|22:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[31/12/2008|16:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ript
[23/02/2008|13:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Roni Music
[19/01/2008|10:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\sabayonlinux
[11/11/2007|11:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
[02/11/2007|11:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Serif
[03/11/2008|20:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
[03/11/2008|19:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\skypePM
[03/12/2007|19:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Stranger Demo
[11/08/2007|12:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Styler
[18/08/2007|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[11/08/2007|14:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
[08/06/2008|18:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\TaoUSign
[11/08/2007|17:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird
[24/09/2007|19:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\uk.co.planetside
[01/01/2008|10:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Universalis V13
[03/02/2009|23:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
[02/11/2007|11:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\VCOM
[22/10/2008|06:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[08/02/2009|23:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
[24/05/2008|11:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Winamp
[11/08/2007|17:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
[15/08/2008|23:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Wormux
[11/02/2009|19:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\WTablet
[11/08/2007|16:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Xentient

[23/12/2007|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{AB3EC276-D261-4943-A921-1CC1C6799AED}
[03/01/2009|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[10/07/2008|18:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[10/07/2008|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/01/2009|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ashampoo
[10/01/2009|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[04/02/2009|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[25/11/2007|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[23/12/2007|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CodeGear
[01/07/2008|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Codemasters
[16/08/2008|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[07/12/2007|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
[05/10/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
[12/05/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[04/12/2007|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
[10/01/2009|00:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[27/06/2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[25/12/2007|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Line 6
[01/01/2008|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Link Data Security
[11/08/2007|17:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[11/08/2007|17:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[03/02/2009|22:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[03/06/2008|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[11/08/2007|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Martau
[10/01/2009|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[09/12/2008|23:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[26/08/2007|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[01/10/2008|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[17/11/2007|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[30/09/2008|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[09/01/2008|22:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[26/08/2007|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco
[19/01/2008|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[31/12/2008|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ript
[27/09/2007|06:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
[01/05/2008|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[04/02/2009|00:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[08/02/2009|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[25/05/2008|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[01/01/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania United
[25/12/2007|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[06/06/2008|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
[15/06/2008|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UniversalisV13
[02/11/2007|11:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VCOM
[14/09/2008|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
[31/03/2008|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[23/08/2005|22:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[11/08/2007|12:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[03/06/2008|06:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[03/06/2008|06:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback
[09/02/2009|18:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\WTablet

[11/08/2007|11:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[11/02/2009 19:31][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1364589140-725345543-500.job
[11/02/2009 19:19][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[24/10/2008|00:10] C:\Program Files\1&1
[31/12/2007|18:35] C:\Program Files\3DViewer
[26/11/2007|19:20] C:\Program Files\7-Zip
[08/02/2009|18:22] C:\Program Files\AC3Filter
[27/11/2007|22:05] C:\Program Files\ActiveState Komodo IDE 4.2
[03/02/2009|13:44] C:\Program Files\Ad-Aware
[03/01/2009|19:27] C:\Program Files\Adobe
[03/01/2009|19:24] C:\Program Files\Adobe Media Player
[12/05/2008|18:02] C:\Program Files\Advanced Serial Port Monitor
[04/01/2008|12:03] C:\Program Files\AFT software
[23/02/2008|19:44] C:\Program Files\AGEIA Technologies
[05/02/2009|20:02] C:\Program Files\AIMP2
[19/01/2008|19:12] C:\Program Files\Alcohol Soft
[14/10/2007|15:07] C:\Program Files\Alwil Software
[20/06/2008|17:47] C:\Program Files\Ambient Design
[12/10/2008|14:49] C:\Program Files\Anark
[19/08/2007|18:28] C:\Program Files\Anti-Leech
[22/12/2007|13:56] C:\Program Files\Anvil Studio
[10/07/2008|18:43] C:\Program Files\Apple Software Update
[03/01/2009|11:23] C:\Program Files\Ashampoo
[10/01/2009|20:02] C:\Program Files\Atheros
[10/01/2009|19:24] C:\Program Files\ATI Technologies
[12/01/2008|22:42] C:\Program Files\AutoIt3
[08/02/2009|18:15] C:\Program Files\AviSynth 2.5
[04/02/2009|11:31] C:\Program Files\AVS4YOU
[30/12/2008|19:37] C:\Program Files\Bamboo Scribe 2.6
[29/11/2008|17:09] C:\Program Files\BankPerfect
[08/06/2008|11:23] C:\Program Files\BEL
[07/06/2008|18:05] C:\Program Files\Black Element Software
[13/10/2007|19:15] C:\Program Files\Blender Foundation
[03/01/2009|17:15] C:\Program Files\CCleaner
[05/10/2008|21:52] C:\Program Files\CDisplay
[08/02/2009|18:28] C:\Program Files\cheapestsoft
[17/03/2008|22:20] C:\Program Files\CLIPS
[23/12/2007|20:12] C:\Program Files\CodeGear
[01/07/2008|19:50] C:\Program Files\Codemasters
[06/11/2008|23:20] C:\Program Files\Comical
[20/11/2008|20:43] C:\Program Files\Command & Conquer Collection
[03/08/2008|21:44] C:\Program Files\Common Files
[11/11/2007|11:25] C:\Program Files\Compare It!
[11/08/2007|11:43] C:\Program Files\ComPlus Applications
[02/07/2008|21:05] C:\Program Files\Corel
[12/08/2007|17:02] C:\Program Files\CS
[15/08/2007|14:50] C:\Program Files\Delta3D_1.5.0
[30/09/2008|19:28] C:\Program Files\DIFX
[15/10/2008|21:45] C:\Program Files\Disney Interactive Studios
[08/02/2009|18:19] C:\Program Files\DivX
[17/11/2008|19:38] C:\Program Files\DVDFab 5
[23/08/2008|18:03] C:\Program Files\e frontier
[11/11/2007|18:29] C:\Program Files\Easy CD-DA Extractor 10
[11/11/2007|11:44] C:\Program Files\El Juky
[08/06/2008|11:36] C:\Program Files\Eltima Software
[11/11/2007|18:11] C:\Program Files\ESTsoft
[24/10/2006|06:44] C:\Program Files\Everest
[19/10/2008|16:05] C:\Program Files\Far Cry (c) UBI Soft
[04/02/2009|09:04] C:\Program Files\Fichiers communs
[17/01/2009|19:01] C:\Program Files\FileZilla Client
[19/11/2008|19:29] C:\Program Files\Flash Magic
[20/08/2008|08:02] C:\Program Files\flatpick_guitar_solos
[25/01/2009|13:03] C:\Program Files\Foxit Software
[03/02/2009|12:58] C:\Program Files\Free Audio Pack
[03/02/2009|12:55] C:\Program Files\Free Easy Burner
[04/02/2009|00:04] C:\Program Files\Free Video Converter
[02/02/2009|19:21] C:\Program Files\freestar
[24/02/2008|18:12] C:\Program Files\Frozenbyte
[04/12/2007|22:09] C:\Program Files\GNU
[11/08/2008|20:56] C:\Program Files\Google
[27/06/2008|07:46] C:\Program Files\gPotato.eu
[26/08/2007|12:07] C:\Program Files\GRETECH
[25/12/2007|20:09] C:\Program Files\Guitar Pro 5
[08/02/2009|18:20] C:\Program Files\Haali
[12/08/2007|09:58] C:\Program Files\Hewlett-Packard
[22/06/2008|14:10] C:\Program Files\HHD Software
[15/08/2008|18:22] C:\Program Files\H-JTAG
[12/08/2007|10:00] C:\Program Files\hp deskjet 5550 series
[07/02/2009|23:59] C:\Program Files\Hurrican
[15/08/2008|17:15] C:\Program Files\IAR Systems
[14/06/2006|17:46] C:\Program Files\IE Privacy Keeper
[04/11/2008|20:53] C:\Program Files\ImTOO
[03/01/2008|09:16] C:\Program Files\innotek VirtualBox
[25/01/2009|12:41] C:\Program Files\InstallShield Installation Information
[01/05/2008|15:37] C:\Program Files\Intel
[09/12/2008|23:30] C:\Program Files\Internet Explorer
[05/10/2008|19:36] C:\Program Files\IrfanView
[07/02/2009|12:58] C:\Program Files\Java
[31/08/2008|18:45] C:\Program Files\Jazz_Guitar_Solos_Vol_1-4
[10/10/2007|10:42] C:\Program Files\JGsoft
[27/09/2007|07:09] C:\Program Files\KeePass Password Safe
[12/05/2008|15:05] C:\Program Files\khi3
[15/10/2007|07:28] C:\Program Files\KProbe
[12/05/2008|14:52] C:\Program Files\LcdStudio
[25/12/2007|16:03] C:\Program Files\Line6
[19/01/2009|21:45] C:\Program Files\Lionhead Studios
[15/01/2009|22:41] C:\Program Files\LizardTech
[31/05/2008|21:25] C:\Program Files\LM Version-2.5-F
[05/02/2008|22:49] C:\Program Files\LocalCooling
[01/05/2008|15:33] C:\Program Files\Logitech
[12/05/2008|17:58] C:\Program Files\MAA
[03/02/2009|22:22] C:\Program Files\ma-config.com
[19/10/2008|14:51] C:\Program Files\Macraigor Systems
[27/12/2007|15:11] C:\Program Files\Majorem
[03/02/2009|21:56] C:\Program Files\Malwarebytes' Anti-Malware
[08/11/2007|20:25] C:\Program Files\M-Audio Midisport 1x1
[19/01/2008|22:16] C:\Program Files\Media Player Classic
[05/02/2009|19:36] C:\Program Files\MediaMonkey
[10/09/2008|22:00] C:\Program Files\Messenger
[31/08/2008|18:34] C:\Program Files\Micro Application
[02/12/2007|23:19] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10/09/2008|18:31] C:\Program Files\microsoft frontpage
[25/01/2009|12:41] C:\Program Files\Microsoft Games
[23/12/2007|19:32] C:\Program Files\Microsoft Office
[30/12/2008|19:34] C:\Program Files\Microsoft SQL Server Compact Edition
[23/12/2007|19:34] C:\Program Files\Microsoft Visual Studio 8
[30/09/2007|12:30] C:\Program Files\Microsoft Works
[23/12/2007|19:32] C:\Program Files\Microsoft.NET
[05/10/2008|14:48] C:\Program Files\Mindscape
[25/01/2009|11:56] C:\Program Files\Monkey Studio IDE
[05/07/2008|11:14] C:\Program Files\Montparnasse Multimedia - France T‚l‚com
[09/09/2008|22:39] C:\Program Files\Movie Maker
[10/02/2009|22:45] C:\Program Files\Mozilla Firefox
[11/02/2009|20:18] C:\Program Files\Mozilla Thunderbird
[30/09/2008|21:03] C:\Program Files\MSBuild
[22/09/2007|11:20] C:\Program Files\MSECache
[09/09/2008|22:39] C:\Program Files\msn
[10/09/2008|18:31] C:\Program Files\msn gaming zone
[14/01/2009|21:26] C:\Program Files\mst software
[27/08/2007|18:37] C:\Program Files\MSXML 4.0
[03/07/2008|22:25] C:\Program Files\MSXML 6.0
[26/08/2007|20:44] C:\Program Files\Nero
[10/09/2008|18:31] C:\Program Files\netmeeting
[06/11/2008|23:34] C:\Program Files\NewsLeecher
[10/01/2009|02:08] C:\Program Files\Nokia
[23/11/2008|16:58] C:\Program Files\Notepad++
[15/08/2007|14:26] C:\Program Files\OpenAL
[09/09/2008|22:37] C:\Program Files\Outlook Express
[25/11/2007|11:19] C:\Program Files\Passbox2007
[10/01/2009|02:07] C:\Program Files\PC Connectivity Solution
[19/06/2008|19:41] C:\Program Files\Pcsx2_0.9.4
[30/12/2008|19:31] C:\Program Files\PenLauncher
[11/08/2008|20:56] C:\Program Files\Picasa2
[20/08/2008|08:00] C:\Program Files\PowerTracks DirectX Plugins
[17/03/2008|22:15] C:\Program Files\PyScripter
[10/07/2008|18:44] C:\Program Files\QuickTime
[14/09/2008|15:45] C:\Program Files\Quintessential Media Player
[27/12/2007|13:37] C:\Program Files\Rainlendar2
[26/08/2007|21:17] C:\Program Files\Raxco
[19/01/2008|22:16] C:\Program Files\Real Alternative
[01/05/2008|15:35] C:\Program Files\Realtek
[30/09/2008|21:01] C:\Program Files\Reference Assemblies
[16/09/2007|10:49] C:\Program Files\ReflexiveArcade
[22/06/2008|21:35] C:\Program Files\Remove Empty Directories
[10/12/2007|07:56] C:\Program Files\RenderWare AI Demos
[08/02/2009|18:15] C:\Program Files\RIAM Video Enhancer
[08/02/2009|18:16] C:\Program Files\Ripp-It Codec Pack
[08/02/2009|23:09] C:\Program Files\Ripp-it_AM
[31/12/2008|16:10] C:\Program Files\Ript
[03/02/2008|11:01] C:\Program Files\RM to AVI MPEG WMV VCD SVCD DVD Converter
[31/10/2008|18:21] C:\Program Files\Rockstar Games
[20/08/2008|08:01] C:\Program Files\Roland
[23/02/2008|13:21] C:\Program Files\Roni Music
[31/08/2008|18:21] C:\Program Files\Rowley Associates Limited
[20/01/2008|22:21] C:\Program Files\Rumble Box
[25/05/2008|18:39] C:\Program Files\SEGA
[02/11/2007|11:30] C:\Program Files\Serif
[27/09/2007|06:55] C:\Program Files\Siber Systems
[03/05/2008|19:18] C:\Program Files\Skype
[31/03/2008|15:01] C:\Program Files\SoftChris
[03/02/2009|13:41] C:\Program Files\Spybot - Search & Destroy
[09/08/2008|12:01] C:\Program Files\STMicroelectronics
[16/11/2008|11:14] C:\Program Files\Styler
[04/02/2009|11:32] C:\Program Files\SuperCopier2
[03/01/2009|10:48] C:\Program Files\Tablet
[12/01/2008|23:04] C:\Program Files\Telltale Games
[24/09/2007|19:18] C:\Program Files\Terragen
[17/10/2008|20:31] C:\Program Files\Texmaker
[17/10/2008|20:31] C:\Program Files\TeXnicCenter
[16/11/2008|11:02] C:\Program Files\TGTSoft
[23/08/2007|21:29] C:\Program Files\The Regex Coach
[22/06/2008|17:41] C:\Program Files\THQ
[24/05/2008|13:58] C:\Program Files\TmNationsForever
[06/07/2008|17:01] C:\Program Files\ToneLab SoundEditor
[12/05/2008|10:56] C:\Program Files\Total Uninstall 4
[01/01/2009|14:04] C:\Program Files\Total Video Converter
[30/09/2007|16:33] C:\Program Files\TrackManiaDemoInternet
[12/05/2008|14:00] C:\Program Files\Tremulous
[04/02/2009|23:34] C:\Program Files\Trend Micro
[08/12/2007|20:12] C:\Program Files\TweakRAM
[14/06/2006|17:46] C:\Program Files\UberIcon
[06/06/2008|23:49] C:\Program Files\Ubisoft
[19/01/2008|08:44] C:\Program Files\Ultra RM Converter
[14/01/2009|21:31] C:\Program Files\UltraISO
[11/08/2007|11:43] C:\Program Files\Uninstall Information
[01/01/2008|10:47] C:\Program Files\Universalis
[15/11/2008|23:52] C:\Program Files\uTorrent
[24/02/2008|17:07] C:\Program Files\Valve
[11/08/2007|14:32] C:\Program Files\VideoLAN
[05/12/2008|19:18] C:\Program Files\Vivendi Universal Games
[12/05/2008|10:18] C:\Program Files\VS Revo Group
[09/08/2008|16:28] C:\Program Files\VSO
[30/12/2008|19:35] C:\Program Files\Wacom
[17/09/2007|20:58] C:\Program Files\Warblade
[01/06/2008|19:32] C:\Program Files\Winamp
[05/02/2009|08:26] C:\Program Files\WinAVI Video Converter
[10/01/2007|21:21] C:\Program Files\Windows Defender
[30/12/2008|19:33] C:\Program Files\Windows Desktop Search
[09/09/2008|22:37] C:\Program Files\Windows Media Player
[10/09/2008|18:31] C:\Program Files\windows nt
[10/01/2007|21:20] C:\Program Files\Windows Sidebar
[11/08/2007|11:45] C:\Program Files\WindowsUpdate
[08/06/2008|09:51] C:\Program Files\Winrar
[02/02/2008|12:59] C:\Program Files\WMV9_VCM
[15/08/2007|10:49] C:\Program Files\Worldweaver
[08/02/2009|18:20] C:\Program Files\x264
[10/09/2008|18:31] C:\Program Files\xerox
[08/02/2009|18:20] C:\Program Files\Xvid

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[19/06/2008|19:39] C:\Program Files\Fichiers communs\ACD Systems
[03/01/2009|19:25] C:\Program Files\Fichiers communs\Adobe
[03/01/2009|19:24] C:\Program Files\Fichiers communs\Adobe AIR
[26/08/2007|20:45] C:\Program Files\Fichiers communs\Ahead
[04/02/2009|11:31] C:\Program Files\Fichiers communs\AVSMedia
[23/12/2007|20:12] C:\Program Files\Fichiers communs\Borland Shared
[23/12/2007|20:12] C:\Program Files\Fichiers communs\CodeGear Shared
[02/07/2008|21:06] C:\Program Files\Fichiers communs\Corel
[30/09/2007|12:30] C:\Program Files\Fichiers communs\DESIGNER
[14/01/2009|21:31] C:\Program Files\Fichiers communs\EZB Systems
[09/04/2008|22:04] C:\Program Files\Fichiers communs\IAR Systems
[27/06/2008|07:46] C:\Program Files\Fichiers communs\InstallShield
[12/08/2007|15:38] C:\Program Files\Fichiers communs\Java
[01/09/2008|18:02] C:\Program Files\Fichiers communs\Logishrd
[01/09/2008|18:02] C:\Program Files\Fichiers communs\Logitech
[03/01/2009|19:15] C:\Program Files\Fichiers communs\Macrovision Shared
[10/09/2008|18:31] C:\Program Files\Fichiers communs\Microsoft Shared
[11/08/2007|11:44] C:\Program Files\Fichiers communs\MSSoap
[10/01/2009|02:08] C:\Program Files\Fichiers communs\Nokia
[11/08/2007|13:37] C:\Program Files\Fichiers communs\ODBC
[10/01/2009|02:09] C:\Program Files\Fichiers communs\PCSuite
[02/07/2008|21:08] C:\Program Files\Fichiers communs\Protexis
[26/08/2007|21:17] C:\Program Files\Fichiers communs\Raxco
[11/08/2007|11:45] C:\Program Files\Fichiers communs\Services
[01/05/2008|15:12] C:\Program Files\Fichiers communs\Skype
[10/09/2008|18:31] C:\Program Files\Fichiers communs\speechengines
[09/09/2008|22:37] C:\Program Files\Fichiers communs\System
[23/02/2008|19:44] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 50 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 21:45:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:30][D:2]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:38][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 09/02/2009|19:07 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 11/02/2009|21:47 - Option : [2]

--------------------\\ Fin du rapport a 21:47:04
0
Réponse 12 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Bartman
 
voila ce que ça donne (un peu en retard)

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1765
Windows 5.1.2600 Service Pack 3

16/02/2009 18:15:11
mbam-log-2009-02-16 (18-15-11).txt

Type de recherche: Examen rapide
Eléments examinés: 66607
Temps écoulé: 3 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.2.3 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Anti-Leech (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Anti-Leech (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Mozilla Firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\setup2.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 13 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
[*]Relance MBAM, va dans Quarantaine et supprime tout.

Ton PC se comporte comment ?
0
Bartman
 
grâce à toi il à retrouvé une jeunesse, et du coup j'ai appris des trucs.

merci encore.
0
Réponse 14 / 14
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ça fait trois semaines que la désinfection traîne donc pour finir :

1/

---> Désinstalle HijackThis.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2/

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).

3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.

==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien

Sois plus vigilant(e) sur Internet ;)
0

Discussions similaires

Invite de commande
Astafor99 -
Astafor99 -

14 réponses
Marque du Processeur Intel Inside
louise -
SnipShooter76 -

1 réponse
Processeur Intel : Pentium ou Core ?
Ktwo -
HKM -

22 réponses
intel inside = pas de jeux ?
memerousseaux -
polux125 -

2 réponses
Qu'est-ce que le Wii motion Plus ?
ilsims -
Wallah33 -

8 réponses