Sujet Précédent Sujet Suivant

Diagnostic de mon PC

Clemson -  
 Clemson -
Bonjour à tous !!
Je pense que mon ordinateur est virussé !!
J'ai suivi la procédure pour installer hijackthis et j'ai également fais un scan.
Je vous poste le rapport et me remet à vos expertises pour la résolution de mon problème !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:11, on 19/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.eazel.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Printer Spooler] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53E1C06E-1F6F-4FCA-AF71-135943E1743B}: NameServer = 192.168.82.200,192.168.82.90,195.24.208.2,195.24.192.33
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

14 réponses

Réponse 1 / 14
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
0
Réponse 2 / 14
Clemson
 
Slut !!
J'ai suivi ton conseil et voici le rapport du scan.

------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

Start at: 15:58:07 | Thu 19/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001)
Computer Name: PC-DE-CLMENT
Current User: Cl‚ment - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- F:\ (File System: FAT32)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\

--- Running Processes: 69
--- User Account Control is DISABLE

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

.

+-----------------| Infected Poker Softwares Elements Found:

.

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCR\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.1
HKCR\ToolBand.SWEETIE
HKCR\ToolBand.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
HKCU\Software\SWEETIE
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKLM\Software\Classes\MgMediaPlayer.GifAnimator
HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1
HKLM\Software\Classes\SWEETIE.IEToolbar
HKLM\Software\Classes\SWEETIE.IEToolbar.1
HKLM\Software\Classes\SWEETIE.SWEETIE
HKLM\Software\Classes\SWEETIE.SWEETIE.1
HKLM\Software\Classes\ToolBand.SWEETIE
HKLM\Software\Classes\ToolBand.SWEETIE.1
HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\Software\Classes\TypeLib\{58906392-79C4-497C-ACC6-6942B59F1A08}
HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKLM\Software\Classes\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKLM\Software\Macrogaming
HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{502358FB-0718-45BC-B142-7511F1694D58}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6D63A65-BD23-46F3-B9A3-87F442423481}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCR\Installer\Products\BF8532058170CB541B2457111F96D485
HKLM\Software\Classes\Installer\Products\BF8532058170CB541B2457111F96D485
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\BF8532058170CB541B2457111F96D485
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\Windows\Installer\17b54d.msi
C:\Windows\Installer\17b553.msi
C:\Program Files\Macrogaming
C:\Program Files\Macrogaming\SweetIM
C:\Program Files\Macrogaming\SweetIMBarForIE
C:\Program Files\Macrogaming\SweetIM\conf
C:\Program Files\Macrogaming\SweetIM\data
C:\Program Files\Macrogaming\SweetIM\logs
C:\Program Files\Macrogaming\SweetIM\resources
C:\Program Files\Macrogaming\SweetIM\update
C:\Program Files\Macrogaming\SweetIM\conf\users
C:\Program Files\Macrogaming\SweetIM\conf\users\cbayonmbog
C:\Program Files\Macrogaming\SweetIM\data\contentdb
C:\Program Files\Macrogaming\SweetIM\resources\images
C:\Program Files\Macrogaming\SweetIMBarForIE\Cache
C:\Users\Cl‚ment\AppData\Roaming\Microsoft\Windows\Cookies\cl‚ment@www.sweetim[2].txt

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: 1sy5it5o.default
.
Prefs.js: Browser.Search.SelectedEngine: "Yahoo"
.
.
.
.
.

---- Internet Explorer Version 7.0.6001.18000 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search Page: hxxp://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http
Start page: hxxp://french.eazel.com/index.php?rvs=hompag

+-[HKEY_USERS\S-1-5-21-2172163462-448601867-1593641728-1000\..\Internet Explorer\Main]

Search Page: hxxp://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http
Start page: hxxp://french.eazel.com/index.php?rvs=hompag

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://fr.yahoo.com
Default_Search_URL: hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http
Search Page: hxxp://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http
Start page: hxxp://home.sweetim.com

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~9038 Bytes] - "C:\Ad-Report-Scan-19.02.2009.log"
-

End at: 16:01:32 | 19/02/2009
.
+-----------------| E.O.F - 143 Lines
.
0
Réponse 3 / 14
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
et ba y en a du sweetim.

Donc fait ceci :

Déconnectes toi et fermes toutes applications en cours !

Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

* Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
0
Réponse 4 / 14
Clemson
 
Hi c fait et voici le rapport du clean et ce lui de hijackthis

rapport du clean ad-remover

------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

*** LIMITED TO ***

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim

******************

Start at: 17:27:23 | Thu 19/02/2009 | Boot mode: Safe Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001)
Computer Name: PC-DE-CLMENT
Current User: Cl‚ment - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- F:\ (File System: FAT32)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\

--- Running Processes: 22
--- User Account Control is DISABLE

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

.
.

+-----------------| Eorezo Elements Deleted :

.

+-----------------| Infected Poker Softwares Elements Deleted :

.

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
.

+-----------------| It's TV Elements Deleted :

.

+-----------------| Sweetim Elements Deleted :

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCR\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.1
HKCR\ToolBand.SWEETIE
HKCR\ToolBand.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
HKLM\Software\Macrogaming
HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{502358FB-0718-45BC-B142-7511F1694D58}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6D63A65-BD23-46F3-B9A3-87F442423481}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
HKCR\Installer\Products\BF8532058170CB541B2457111F96D485
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\BF8532058170CB541B2457111F96D485
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\Program Files\Macrogaming
C:\Users\Cl‚ment\AppData\Roaming\Microsoft\Windows\Cookies\cl‚ment@www.sweetim[2].txt

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+-----------------| Added Scan :

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: 1sy5it5o.default
.
Prefs.js: Browser.Search.SelectedEngine: "Yahoo"
.
.
.
.
.

---- Internet Explorer Version 7.0.6001.18000 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-2172163462-448601867-1593641728-1000\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~8078 Bytes] - "C:\Ad-Report-Clean-19.02.2009.log"
[~9171 Bytes] - "C:\Ad-Report-Scan-19.02.2009.log"
-
C:\Program Files\Ad-remover\TOOLS\BACKUP\19.02.2009 - Prefs.js

End at: 17:31:57 | 19/02/2009
.
+-----------------| E.O.F - 128 Lines
.

rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:08, on 19/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Printer Spooler] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{53E1C06E-1F6F-4FCA-AF71-135943E1743B}: NameServer = 192.168.82.200,192.168.82.90,195.24.208.2,195.24.192.33
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
Telecharge malwarebytes

NB : S'il te manque COMCTL32.OCX alors télécharge le ici

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

Tutoriaux

0
Réponse 6 / 14
Clemson
 
Slut je te remercie déjà car grace à toi , je suis entrain de formidable sur ma machine !!
Pour la suite voici le rapport de scan réalisé avec malwarebytes

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1780
Windows 6.0.6001 Service Pack 1

20/02/2009 13:42:23
mbam-log-2009-02-20 (13-42-23).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 335757
Temps écoulé: 2 hour(s), 40 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\printer spooler (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.

a bientôt !!
0
Réponse 7 / 14
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
Ensuite un nouvel haijackthis + ceci :

Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un. Merci.

Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
Dézippe le dossier, double-clique sur GenProc.bat
En final, poste le contenu du rapport qui s'affiche.
Comment utiliser GenProc

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

0
Réponse 8 / 14
Clemson
 
Bonjour !!
J'ai eu des difficultés à exécuter GenProc mais en fin de compte j'ai pu obtenir le rapport ci-dessous :

Rapport GenProc 2.385 [1] - 24/02/2009 à 14:43:16,63 - Windows Vista

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport NanoScan https://www.micro-astuce.com/securite/NanoScan-Panda.php

__________________________________________________________________________________________________________

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

à la suite j'ai fait un scan hijackthis et voici le résultat :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:46, on 24/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\WScript.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{53E1C06E-1F6F-4FCA-AF71-135943E1743B}: NameServer = 192.168.82.200,192.168.82.90,195.24.208.2,195.24.192.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3981285-ABCC-439E-8BBC-B39262952601}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{53E1C06E-1F6F-4FCA-AF71-135943E1743B}: NameServer = 192.168.82.200,192.168.82.90,195.24.208.2,195.24.192.33
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 9 / 14
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
ensuite tu va me faire ceci :

Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner

Télécharge Superantispyware (SAS)

Choisis "enregistrer" et enregistre-le sur ton bureau.

Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

Créé une icône sur le bureau.

Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.

- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

Dans la colonne de gauche, coche C:\Fixed Drive.

Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

- Copie son contenu dans ta réponse.

Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.

0
Réponse 10 / 14
Clemson
 
Bonjour !
Voila 19h51min que j'ai lancé le scan avec superantisyware. Il n'a même pas l'air de vouloir terminer car j'ai l'impression qu'il boucle (analyse les fichiers déjà analysés). Mais il a déjà trouvé 140 risques !!
Est-ce normal ??
Que dois-je faire ?
0
Réponse 11 / 14
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
tu vas l'arrêter puis me donner déjà ce rapport et supprimé déjà ce qu'il à trouvé et tu en referas en un autre une fois le tout supprimé.
0
Réponse 12 / 14
Clemson
 
Voici le résultat du scan !!

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 02/27/2009 at 02:20 PM

Application Version : 4.25.1014

Core Rules Database Version : 3773
Trace Rules Database Version: 1732

Scan type : Complete Scan
Total Scan Time : 20:54:57

Memory items scanned : 804
Memory threats detected : 0
Registry items scanned : 7497
Registry threats detected : 0
File items scanned : 1328202
File threats detected : 141

Adware.Tracking Cookie
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@doubleclick[1].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@smartadserver[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@tradedoubler[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@yourmedia[1].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@richmedia.yahoo[1].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@bluestreak[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@laredoute.solution.weborama[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@boursoramabanque.solution.weborama[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@serving-sys[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@atdmt[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@content.yieldmanager.edgesuite[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@content.yieldmanager[3].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@fructismen07mars06avril.solution.weborama[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@content.yieldmanager[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@wmvmedialease[1].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@247realmedia[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@cnam.solution.weborama[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@weborama[1].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@bs.serving-sys[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@cetelem.solution.weborama[2].txt
C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@ad.yieldmanager[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\le_même@ad.yieldmanager[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\le_même@bluestreak[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\le_même@doubleclick[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\le_même@tradedoubler[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@247realmedia[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@2o7[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@ad.yieldmanager[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@adopt.euroclick[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@adrevolver[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@adserver.aol[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@adtech[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@adviva[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@atdmt[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@bluestreak[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@doubleclick[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@fl01.ct2.comclick[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@interhome.solution.weborama[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@media.adrevolver[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@media.adrevolver[3].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@mediametrics.mpsa[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@mediaplex[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@msnportal.112.2o7[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@pro-market[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@richmedia.yahoo[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@sales.liveperson[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@sales.liveperson[3].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@smartadserver[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@tradedoubler[2].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@weborama[1].txt
C:\Documents and Settings\Le même\AppData\Roaming\Microsoft\Windows\Cookies\Low\le_même@xiti[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\le_même@ad.yieldmanager[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\le_même@bluestreak[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\le_même@doubleclick[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\le_même@tradedoubler[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@247realmedia[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@2o7[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@ad.yieldmanager[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@adopt.euroclick[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@adrevolver[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@adserver.aol[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@adtech[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@adviva[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@atdmt[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@bluestreak[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@doubleclick[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@fl01.ct2.comclick[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@interhome.solution.weborama[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@media.adrevolver[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@media.adrevolver[3].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@mediametrics.mpsa[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@mediaplex[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@msnportal.112.2o7[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@pro-market[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@richmedia.yahoo[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@sales.liveperson[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@sales.liveperson[3].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@smartadserver[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@tradedoubler[2].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@weborama[1].txt
C:\Documents and Settings\Le même\Application Data\Microsoft\Windows\Cookies\Low\le_même@xiti[1].txt
C:\Documents and Settings\Le même\Cookies\le_même@ad.yieldmanager[2].txt
C:\Documents and Settings\Le même\Cookies\le_même@bluestreak[1].txt
C:\Documents and Settings\Le même\Cookies\le_même@doubleclick[1].txt
C:\Documents and Settings\Le même\Cookies\le_même@tradedoubler[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@247realmedia[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@2o7[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@ad.yieldmanager[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@adopt.euroclick[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@adrevolver[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@adserver.aol[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@adtech[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@adviva[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@atdmt[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@bluestreak[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@doubleclick[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@fl01.ct2.comclick[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@interhome.solution.weborama[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@media.adrevolver[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@media.adrevolver[3].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@mediametrics.mpsa[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@mediaplex[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@msnportal.112.2o7[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@pro-market[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@richmedia.yahoo[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@sales.liveperson[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@sales.liveperson[3].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@smartadserver[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@tradedoubler[2].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@weborama[1].txt
C:\Documents and Settings\Le même\Cookies\Low\le_même@xiti[1].txt

Adware.Lop
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\PROGRAMDATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\PROGRAMDATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\PROGRAMDATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\PROGRAMDATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\PROGRAMDATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\PROGRAMDATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\PROGRAMDATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\PROGRAMDATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\PROGRAMDATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\PROGRAMDATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\PROGRAMDATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\USERS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\USERS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\USERS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\USERS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\USERS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\USERS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\USERS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\USERS\ALL USERS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\USERS\ALL USERS\APPLICATION DATA\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
C:\USERS\ALL USERS\APPLICATION DATA\DOCUMENTS\SETUP\CHIFFRES ET LETTRES\LE MOT LE PLUS LONG\PLUSLONG.EXE
0
Réponse 13 / 14
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
supprime moi déjà tout cela et fait moi ceci :

Télécharge Lop S&D.exe (Eric 71 & Angeldark) sur ton bureau.
Double-clique sur Lop S&D pour lancer l'installation
Séléctionner la langue souhaitée, puis choisir l'option 1 (Recherche).
Une fois le scan terminé, enregistrez le rapport généré qui se situera par défaut sous la racine du disque : C:\lopR.txt.

Redémarre le PC en mode sans échec
Quand tu as le curseur qui clignote, tu peux avoir un temps d'ouverture du mode sans échec qui va jusqu'à 15 minutes. Il faut donc être patient.
Il faut laisser aller le PC à son rythme, pour que s'installe le bureau; après quoi, tu réutilises ta souris.
Choisir sa session habituelle, (pas le compte "Administrateur" ou une autre).
Double-clique sur le raccourci Lop S&D présent sur ton bureau, ensuite sélectionne la langue souhaitée,
puis choisis l'Option 2 - Suppression +HOSTS - et patiente jusqu'à ce qu'il ait terminé.
Redémarre normalement et poste, dans la même réponse, le contenu du rapport C:\lopR.txt

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
0
Réponse 14 / 14
Clemson
 
Salut,
voici le rapport de scan LOP S&D

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz )
BIOS : Ver 1.00PARTTBL8
USER : Clément ( Not Administrator ! )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 081221-0] 4.8.1201 (Activated)
C:\ (Local Disk) - NTFS - Total:137 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:12 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 27/02/2009|15:17 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[13/02/2009|13:40] C:\Users\CLMENT~1\AppData\Local\Adobe
[25/01/2008|16:31] C:\Users\CLMENT~1\AppData\Local\Application Data
[27/02/2009|14:23] C:\Users\CLMENT~1\AppData\Local\Corel
[27/02/2009|14:10] C:\Users\CLMENT~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[12/02/2009|08:06] C:\Users\CLMENT~1\AppData\Local\DigitalPersona
[27/02/2009|14:08] C:\Users\CLMENT~1\AppData\Local\GDIPFONTCACHEV1.DAT
[16/02/2009|15:20] C:\Users\CLMENT~1\AppData\Local\Google
[25/01/2008|16:31] C:\Users\CLMENT~1\AppData\Local\Historique
[27/02/2009|14:27] C:\Users\CLMENT~1\AppData\Local\IconCache.db
[24/02/2009|13:39] C:\Users\CLMENT~1\AppData\Local\Microsoft
[21/02/2009|20:49] C:\Users\CLMENT~1\AppData\Local\Microsoft Games
[20/02/2009|08:54] C:\Users\CLMENT~1\AppData\Local\Microsoft Help
[12/02/2009|08:09] C:\Users\CLMENT~1\AppData\Local\Mozilla
[27/02/2009|15:14] C:\Users\CLMENT~1\AppData\Local\Temp
[21/02/2009|01:17] C:\Users\CLMENT~1\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[27/02/2009 15:15][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{D9635250-8FE0-4547-8148-B79EE601B181}.job
[27/02/2009 15:15][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{744A9241-69A6-4258-A609-2D1230C9D50E}.job
[27/02/2009 14:32][--ah-----] C:\Windows\tasks\SA.DAT
[27/02/2009 14:30][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[10/11/2007|00:32] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[16/04/2008|12:32] C:\ProgramData\Adobe
[02/11/2006|14:02] C:\ProgramData\Application Data
[01/09/2008|21:21] C:\ProgramData\BM6626bca8.txt
[01/09/2008|10:55] C:\ProgramData\BM6626bca8.xml
[25/01/2008|16:27] C:\ProgramData\Bureau
[11/09/2008|12:55] C:\ProgramData\Corel
[18/02/2008|10:53] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[25/01/2008|16:40] C:\ProgramData\Electronic Arts
[05/02/2008|12:21] C:\ProgramData\eMule
[14/10/2008|09:05] C:\ProgramData\ezsidmv.dat
[25/01/2008|16:27] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[16/12/2008|15:31] C:\ProgramData\FLEXnet
[14/10/2008|08:55] C:\ProgramData\Google
[25/01/2008|16:46] C:\ProgramData\Hewlett-Packard
[29/01/2008|15:05] C:\ProgramData\HP
[08/05/2008|16:36] C:\ProgramData\Kodak
[31/01/2008|17:11] C:\ProgramData\LightScribe
[12/09/2008|08:45] C:\ProgramData\Macrovision
[20/02/2009|08:08] C:\ProgramData\Malwarebytes
[25/01/2008|16:27] C:\ProgramData\Menu D‚marrer
[12/08/2008|21:05] C:\ProgramData\Microsoft
[12/02/2009|09:02] C:\ProgramData\Microsoft Help
[25/01/2008|16:27] C:\ProgramData\ModŠles
[10/11/2007|00:17] C:\ProgramData\muvee Technologies
[08/08/2008|14:27] C:\ProgramData\Nero
[03/06/2008|20:20] C:\ProgramData\Network Associates
[25/02/2009|07:36] C:\ProgramData\ntuser.pol
[16/12/2008|12:44] C:\ProgramData\NVIDIA
[19/02/2008|09:15] C:\ProgramData\Office Genuine Advantage
[01/09/2008|21:21] C:\ProgramData\pskt.ini
[14/10/2008|08:55] C:\ProgramData\Skype
[01/12/2008|09:51] C:\ProgramData\SolidDocuments
[02/11/2006|14:02] C:\ProgramData\Start Menu
[26/02/2009|17:13] C:\ProgramData\SUPERAntiSpyware.com
[05/02/2008|11:56] C:\ProgramData\Symantec
[18/10/2008|22:42] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[09/11/2007|23:41] C:\ProgramData\Viewpoint
[07/08/2008|14:30] C:\ProgramData\vsosdk
[08/12/2008|17:42] C:\ProgramData\WildTangent
[27/02/2009|10:30] C:\ProgramData\WindowsSearch
[03/09/2008|15:13] C:\ProgramData\Xerox
[28/01/2008|15:11] C:\ProgramData\Yahoo!
[29/01/2008|22:02] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[10/11/2007|00:32] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[22/08/2008|15:11] C:\Program Files\Adobe
[19/02/2009|17:27] C:\Program Files\Ad-remover
[09/11/2007|23:41] C:\Program Files\AIM6
[22/10/2008|16:01] C:\Program Files\Allok MPEG4 Converter
[20/12/2008|11:02] C:\Program Files\Alwil Software
[14/12/2007|10:55] C:\Program Files\Apoint2K
[24/12/2008|14:12] C:\Program Files\Bradbury
[26/02/2009|15:43] C:\Program Files\Camtel wireless
[26/02/2009|08:19] C:\Program Files\CCleaner
[19/02/2009|09:32] C:\Program Files\Common Files
[14/12/2007|10:58] C:\Program Files\CONEXANT
[06/03/2008|08:15] C:\Program Files\Connectix
[11/09/2008|12:50] C:\Program Files\Corel
[13/10/2008|14:23] C:\Program Files\CounterPath
[14/12/2007|11:14] C:\Program Files\CyberLink
[14/12/2007|11:18] C:\Program Files\DigitalPersona
[24/12/2008|13:56] C:\Program Files\EasyPHP 2.0b1
[25/01/2008|16:40] C:\Program Files\Electronic Arts
[09/10/2008|13:08] C:\Program Files\eMule
[12/12/2008|04:58] C:\Program Files\ESET
[25/01/2008|16:27] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[14/12/2007|11:00] C:\Program Files\Fingerprint Sensor
[14/10/2008|08:55] C:\Program Files\Google
[14/12/2007|11:11] C:\Program Files\Hewlett-Packard
[14/12/2007|11:06] C:\Program Files\Hp
[08/12/2008|17:31] C:\Program Files\HP Games
[25/01/2008|16:33] C:\Program Files\HPQ
[14/12/2007|10:59] C:\Program Files\Intel
[29/09/2008|08:28] C:\Program Files\Internet Explorer
[04/08/2008|13:57] C:\Program Files\Java
[26/02/2009|16:12] C:\Program Files\Loop12 V2
[24/12/2008|14:10] C:\Program Files\Macromedia
[20/02/2009|08:09] C:\Program Files\Malwarebytes' Anti-Malware
[14/12/2007|10:59] C:\Program Files\Marvell
[23/12/2008|15:07] C:\Program Files\Micro Application
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[07/02/2008|09:21] C:\Program Files\Microsoft Office
[07/02/2008|09:22] C:\Program Files\Microsoft Visual Studio
[07/02/2008|09:16] C:\Program Files\Microsoft Visual Studio 8
[10/11/2007|00:30] C:\Program Files\Microsoft Works
[10/11/2007|00:30] C:\Program Files\Microsoft.NET
[29/09/2008|08:28] C:\Program Files\Movie Maker
[26/02/2009|16:19] C:\Program Files\Mozilla Firefox
[07/02/2008|09:22] C:\Program Files\MSBuild
[30/01/2008|03:03] C:\Program Files\MSXML 4.0
[10/11/2007|00:17] C:\Program Files\muvee Technologies
[14/12/2007|10:56] C:\Program Files\NetWaiting
[16/02/2009|15:20] C:\Program Files\Picasa2
[31/01/2008|10:42] C:\Program Files\PowerQuest
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[01/10/2007|08:28] C:\Program Files\Revues-Dalloz
[14/12/2007|11:19] C:\Program Files\Services en ligne
[04/06/2008|07:09] C:\Program Files\SiteAdvisor(317)
[14/10/2008|08:55] C:\Program Files\Skype
[01/12/2008|09:52] C:\Program Files\SolidDocuments
[04/08/2008|14:02] C:\Program Files\Sun
[26/02/2009|17:12] C:\Program Files\SUPERAntiSpyware
[26/12/2008|15:02] C:\Program Files\Tetris
[19/02/2009|15:05] C:\Program Files\Trend Micro
[31/01/2008|10:00] C:\Program Files\uTorrent
[30/07/2008|11:36] C:\Program Files\uxtobirza
[26/02/2009|16:11] C:\Program Files\V3CallCenter
[25/02/2008|12:49] C:\Program Files\VideoLAN
[09/11/2007|23:41] C:\Program Files\Viewpoint
[06/08/2008|12:35] C:\Program Files\VSO
[29/09/2008|08:28] C:\Program Files\Windows Calendar
[29/09/2008|08:28] C:\Program Files\Windows Collaboration
[29/09/2008|08:28] C:\Program Files\Windows Defender
[29/09/2008|08:28] C:\Program Files\Windows Journal
[12/02/2009|09:01] C:\Program Files\Windows Mail
[29/09/2008|08:28] C:\Program Files\Windows Media Player
[25/01/2008|16:27] C:\Program Files\Windows NT
[29/09/2008|08:28] C:\Program Files\Windows Photo Gallery
[29/09/2008|08:28] C:\Program Files\Windows Sidebar
[19/02/2008|12:45] C:\Program Files\WinHTTrack
[29/05/2008|02:35] C:\Program Files\WinRAR
[14/12/2007|10:53] C:\Program Files\WinTV
[28/01/2008|15:08] C:\Program Files\Yahoo!
[30/05/2008|10:06] C:\Program Files\Zone.Com Deluxe Games

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[22/08/2008|15:09] C:\Program Files\Common Files\Adobe
[09/11/2007|23:41] C:\Program Files\Common Files\AOL
[11/09/2008|12:52] C:\Program Files\Common Files\Corel
[10/11/2007|00:30] C:\Program Files\Common Files\DESIGNER
[10/11/2007|00:46] C:\Program Files\Common Files\InstallShield
[13/10/2008|14:23] C:\Program Files\Common Files\Intel
[10/11/2007|01:00] C:\Program Files\Common Files\Java
[25/01/2008|16:33] C:\Program Files\Common Files\LightScribe
[24/12/2008|14:10] C:\Program Files\Common Files\Macromedia
[02/06/2008|09:31] C:\Program Files\Common Files\Macromedia Shared
[22/08/2008|14:42] C:\Program Files\Common Files\Macrovision Shared
[06/09/2008|11:43] C:\Program Files\Common Files\microsoft shared
[10/11/2007|00:17] C:\Program Files\Common Files\muvee Technologies
[03/06/2008|20:19] C:\Program Files\Common Files\Network Associates
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[14/10/2008|08:55] C:\Program Files\Common Files\Skype
[28/05/2008|10:33] C:\Program Files\Common Files\soft602
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[05/02/2008|16:00] C:\Program Files\Common Files\Symantec Shared
[29/09/2008|08:28] C:\Program Files\Common Files\System
[24/12/2008|14:12] C:\Program Files\Common Files\Vbox
[26/02/2009|17:11] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 67 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 15:18:16
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Avast keygen 4.8.EXE.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Avast_Anti-Virus Version4.8.1201.Pro[Keygens].rar.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\AVG Internet Security v8.0.93 + Crack and Serial Key.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\ConvertXtoDVD 2.2.3.258f And Keygen (25th October 2007).torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\ConvertXtoDVD 2008 incl Keygen.rar.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Corel PaintShop Pro X2 (V-12)+Keygen-HeartBug.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Crack Nero.exe.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Monopoly 2008 in ISO + Crack.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Scrabble Deluxe 2008 with crack.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\VMware Workstation.v6.0.4 b93507 + Keygen - HeartBug.torrent
C:\Users\CLMENT~1\Documents\Doc Bayonmbog\Dream Weaver\Studio_Mx_2004_Crack.exe
C:\Users\CLMENT~1\Documents\Downloads\Monopoly 2008 in ISO + Crack
C:\Users\CLMENT~1\Documents\Downloads\Monopoly 2008 in ISO + Crack\Monopoly 2008 (PC Game) + Crack.iso
C:\Users\CLMENT~1\Downloads\eMule\Incoming\Application - Transcender Cisco Certified Network Associate Certification (CCNA) Update & Crack.zip
C:\Users\CLMENT~1\Downloads\eMule\Incoming\Connectix Virtual PC 5.2 for Windows & 5.1.370 for OS2 - DE-EN-FR-JP - incl. Additions for DOS - WIN - OS2 & KeyGen_!!.zip
C:\Users\CLMENT~1\Downloads\eMule\Incoming\Nero 8 Keygen Only - ADDICTION.rar
C:\Users\CLMENT~1\Downloads\eMule\Incoming\VMware.Workstation.v6.0.0.45731.Windows.Keygen.exe

[F:28][D:8]-> C:\Users\CLMENT~1\AppData\Local\Temp
[F:2][D:1]-> C:\Users\CLMENT~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:19][D:4]-> C:\Users\CLMENT~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:6]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 27/02/2009|15:19 - Option : [1]

--------------------\\ Fin du rapport a 15:19:54
[ UAC => 1 ]

Rapport de la suppression

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz )
BIOS : Ver 1.00PARTTBL8
USER : Clément ( Not Administrator ! )
BOOT : Fail-safe boot
Antivirus : avast! antivirus 4.8.1201 [VPS 081221-0] 4.8.1201 (Activated)
C:\ (Local Disk) - NTFS - Total:137 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:12 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 27/02/2009|15:33 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\PROGRA~2\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[13/02/2009|13:40] C:\Users\CLMENT~1\AppData\Local\Adobe
[25/01/2008|16:31] C:\Users\CLMENT~1\AppData\Local\Application Data
[27/02/2009|14:23] C:\Users\CLMENT~1\AppData\Local\Corel
[27/02/2009|14:10] C:\Users\CLMENT~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[12/02/2009|08:06] C:\Users\CLMENT~1\AppData\Local\DigitalPersona
[27/02/2009|14:08] C:\Users\CLMENT~1\AppData\Local\GDIPFONTCACHEV1.DAT
[16/02/2009|15:20] C:\Users\CLMENT~1\AppData\Local\Google
[25/01/2008|16:31] C:\Users\CLMENT~1\AppData\Local\Historique
[27/02/2009|15:28] C:\Users\CLMENT~1\AppData\Local\IconCache.db
[24/02/2009|13:39] C:\Users\CLMENT~1\AppData\Local\Microsoft
[21/02/2009|20:49] C:\Users\CLMENT~1\AppData\Local\Microsoft Games
[20/02/2009|08:54] C:\Users\CLMENT~1\AppData\Local\Microsoft Help
[12/02/2009|08:09] C:\Users\CLMENT~1\AppData\Local\Mozilla
[27/02/2009|15:33] C:\Users\CLMENT~1\AppData\Local\Temp
[21/02/2009|01:17] C:\Users\CLMENT~1\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[27/02/2009 15:30][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{D9635250-8FE0-4547-8148-B79EE601B181}.job
[27/02/2009 15:30][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{744A9241-69A6-4258-A609-2D1230C9D50E}.job
[27/02/2009 15:30][--ah-----] C:\Windows\tasks\SA.DAT
[27/02/2009 15:30][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[10/11/2007|00:32] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[16/04/2008|12:32] C:\ProgramData\Adobe
[02/11/2006|14:02] C:\ProgramData\Application Data
[01/09/2008|21:21] C:\ProgramData\BM6626bca8.txt
[01/09/2008|10:55] C:\ProgramData\BM6626bca8.xml
[25/01/2008|16:27] C:\ProgramData\Bureau
[11/09/2008|12:55] C:\ProgramData\Corel
[18/02/2008|10:53] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[25/01/2008|16:40] C:\ProgramData\Electronic Arts
[05/02/2008|12:21] C:\ProgramData\eMule
[14/10/2008|09:05] C:\ProgramData\ezsidmv.dat
[25/01/2008|16:27] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[16/12/2008|15:31] C:\ProgramData\FLEXnet
[14/10/2008|08:55] C:\ProgramData\Google
[25/01/2008|16:46] C:\ProgramData\Hewlett-Packard
[29/01/2008|15:05] C:\ProgramData\HP
[08/05/2008|16:36] C:\ProgramData\Kodak
[31/01/2008|17:11] C:\ProgramData\LightScribe
[12/09/2008|08:45] C:\ProgramData\Macrovision
[20/02/2009|08:08] C:\ProgramData\Malwarebytes
[25/01/2008|16:27] C:\ProgramData\Menu D‚marrer
[12/08/2008|21:05] C:\ProgramData\Microsoft
[12/02/2009|09:02] C:\ProgramData\Microsoft Help
[25/01/2008|16:27] C:\ProgramData\ModŠles
[10/11/2007|00:17] C:\ProgramData\muvee Technologies
[08/08/2008|14:27] C:\ProgramData\Nero
[03/06/2008|20:20] C:\ProgramData\Network Associates
[25/02/2009|07:36] C:\ProgramData\ntuser.pol
[16/12/2008|12:44] C:\ProgramData\NVIDIA
[19/02/2008|09:15] C:\ProgramData\Office Genuine Advantage
[01/09/2008|21:21] C:\ProgramData\pskt.ini
[14/10/2008|08:55] C:\ProgramData\Skype
[01/12/2008|09:51] C:\ProgramData\SolidDocuments
[02/11/2006|14:02] C:\ProgramData\Start Menu
[26/02/2009|17:13] C:\ProgramData\SUPERAntiSpyware.com
[05/02/2008|11:56] C:\ProgramData\Symantec
[18/10/2008|22:42] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[07/08/2008|14:30] C:\ProgramData\vsosdk
[08/12/2008|17:42] C:\ProgramData\WildTangent
[27/02/2009|10:30] C:\ProgramData\WindowsSearch
[03/09/2008|15:13] C:\ProgramData\Xerox
[28/01/2008|15:11] C:\ProgramData\Yahoo!
[29/01/2008|22:02] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[10/11/2007|00:32] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[22/08/2008|15:11] C:\Program Files\Adobe
[19/02/2009|17:27] C:\Program Files\Ad-remover
[09/11/2007|23:41] C:\Program Files\AIM6
[22/10/2008|16:01] C:\Program Files\Allok MPEG4 Converter
[20/12/2008|11:02] C:\Program Files\Alwil Software
[14/12/2007|10:55] C:\Program Files\Apoint2K
[24/12/2008|14:12] C:\Program Files\Bradbury
[26/02/2009|15:43] C:\Program Files\Camtel wireless
[26/02/2009|08:19] C:\Program Files\CCleaner
[19/02/2009|09:32] C:\Program Files\Common Files
[14/12/2007|10:58] C:\Program Files\CONEXANT
[06/03/2008|08:15] C:\Program Files\Connectix
[11/09/2008|12:50] C:\Program Files\Corel
[13/10/2008|14:23] C:\Program Files\CounterPath
[14/12/2007|11:14] C:\Program Files\CyberLink
[14/12/2007|11:18] C:\Program Files\DigitalPersona
[24/12/2008|13:56] C:\Program Files\EasyPHP 2.0b1
[25/01/2008|16:40] C:\Program Files\Electronic Arts
[09/10/2008|13:08] C:\Program Files\eMule
[12/12/2008|04:58] C:\Program Files\ESET
[25/01/2008|16:27] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[14/12/2007|11:00] C:\Program Files\Fingerprint Sensor
[14/10/2008|08:55] C:\Program Files\Google
[14/12/2007|11:11] C:\Program Files\Hewlett-Packard
[14/12/2007|11:06] C:\Program Files\Hp
[08/12/2008|17:31] C:\Program Files\HP Games
[25/01/2008|16:33] C:\Program Files\HPQ
[14/12/2007|10:59] C:\Program Files\Intel
[29/09/2008|08:28] C:\Program Files\Internet Explorer
[04/08/2008|13:57] C:\Program Files\Java
[26/02/2009|16:12] C:\Program Files\Loop12 V2
[24/12/2008|14:10] C:\Program Files\Macromedia
[20/02/2009|08:09] C:\Program Files\Malwarebytes' Anti-Malware
[14/12/2007|10:59] C:\Program Files\Marvell
[23/12/2008|15:07] C:\Program Files\Micro Application
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[07/02/2008|09:21] C:\Program Files\Microsoft Office
[07/02/2008|09:22] C:\Program Files\Microsoft Visual Studio
[07/02/2008|09:16] C:\Program Files\Microsoft Visual Studio 8
[10/11/2007|00:30] C:\Program Files\Microsoft Works
[10/11/2007|00:30] C:\Program Files\Microsoft.NET
[29/09/2008|08:28] C:\Program Files\Movie Maker
[26/02/2009|16:19] C:\Program Files\Mozilla Firefox
[07/02/2008|09:22] C:\Program Files\MSBuild
[30/01/2008|03:03] C:\Program Files\MSXML 4.0
[10/11/2007|00:17] C:\Program Files\muvee Technologies
[14/12/2007|10:56] C:\Program Files\NetWaiting
[16/02/2009|15:20] C:\Program Files\Picasa2
[31/01/2008|10:42] C:\Program Files\PowerQuest
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[01/10/2007|08:28] C:\Program Files\Revues-Dalloz
[14/12/2007|11:19] C:\Program Files\Services en ligne
[04/06/2008|07:09] C:\Program Files\SiteAdvisor(317)
[14/10/2008|08:55] C:\Program Files\Skype
[01/12/2008|09:52] C:\Program Files\SolidDocuments
[04/08/2008|14:02] C:\Program Files\Sun
[26/02/2009|17:12] C:\Program Files\SUPERAntiSpyware
[26/12/2008|15:02] C:\Program Files\Tetris
[19/02/2009|15:05] C:\Program Files\Trend Micro
[31/01/2008|10:00] C:\Program Files\uTorrent
[30/07/2008|11:36] C:\Program Files\uxtobirza
[26/02/2009|16:11] C:\Program Files\V3CallCenter
[25/02/2008|12:49] C:\Program Files\VideoLAN
[06/08/2008|12:35] C:\Program Files\VSO
[29/09/2008|08:28] C:\Program Files\Windows Calendar
[29/09/2008|08:28] C:\Program Files\Windows Collaboration
[29/09/2008|08:28] C:\Program Files\Windows Defender
[29/09/2008|08:28] C:\Program Files\Windows Journal
[12/02/2009|09:01] C:\Program Files\Windows Mail
[29/09/2008|08:28] C:\Program Files\Windows Media Player
[25/01/2008|16:27] C:\Program Files\Windows NT
[29/09/2008|08:28] C:\Program Files\Windows Photo Gallery
[29/09/2008|08:28] C:\Program Files\Windows Sidebar
[19/02/2008|12:45] C:\Program Files\WinHTTrack
[29/05/2008|02:35] C:\Program Files\WinRAR
[14/12/2007|10:53] C:\Program Files\WinTV
[28/01/2008|15:08] C:\Program Files\Yahoo!
[30/05/2008|10:06] C:\Program Files\Zone.Com Deluxe Games

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[22/08/2008|15:09] C:\Program Files\Common Files\Adobe
[09/11/2007|23:41] C:\Program Files\Common Files\AOL
[11/09/2008|12:52] C:\Program Files\Common Files\Corel
[10/11/2007|00:30] C:\Program Files\Common Files\DESIGNER
[10/11/2007|00:46] C:\Program Files\Common Files\InstallShield
[13/10/2008|14:23] C:\Program Files\Common Files\Intel
[10/11/2007|01:00] C:\Program Files\Common Files\Java
[25/01/2008|16:33] C:\Program Files\Common Files\LightScribe
[24/12/2008|14:10] C:\Program Files\Common Files\Macromedia
[02/06/2008|09:31] C:\Program Files\Common Files\Macromedia Shared
[22/08/2008|14:42] C:\Program Files\Common Files\Macrovision Shared
[06/09/2008|11:43] C:\Program Files\Common Files\microsoft shared
[10/11/2007|00:17] C:\Program Files\Common Files\muvee Technologies
[03/06/2008|20:19] C:\Program Files\Common Files\Network Associates
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[14/10/2008|08:55] C:\Program Files\Common Files\Skype
[28/05/2008|10:33] C:\Program Files\Common Files\soft602
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[05/02/2008|16:00] C:\Program Files\Common Files\Symantec Shared
[29/09/2008|08:28] C:\Program Files\Common Files\System
[24/12/2008|14:12] C:\Program Files\Common Files\Vbox
[26/02/2009|17:11] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 22 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 15:33:24
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Avast keygen 4.8.EXE.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Avast_Anti-Virus Version4.8.1201.Pro[Keygens].rar.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\AVG Internet Security v8.0.93 + Crack and Serial Key.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\ConvertXtoDVD 2.2.3.258f And Keygen (25th October 2007).torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\ConvertXtoDVD 2008 incl Keygen.rar.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Corel PaintShop Pro X2 (V-12)+Keygen-HeartBug.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Crack Nero.exe.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Monopoly 2008 in ISO + Crack.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\Scrabble Deluxe 2008 with crack.torrent
C:\Users\CLMENT~1\AppData\Roaming\uTorrent\VMware Workstation.v6.0.4 b93507 + Keygen - HeartBug.torrent
C:\Users\CLMENT~1\Documents\Doc Bayonmbog\Dream Weaver\Studio_Mx_2004_Crack.exe
C:\Users\CLMENT~1\Documents\Downloads\Monopoly 2008 in ISO + Crack
C:\Users\CLMENT~1\Documents\Downloads\Monopoly 2008 in ISO + Crack\Monopoly 2008 (PC Game) + Crack.iso
C:\Users\CLMENT~1\Downloads\eMule\Incoming\Application - Transcender Cisco Certified Network Associate Certification (CCNA) Update & Crack.zip
C:\Users\CLMENT~1\Downloads\eMule\Incoming\Connectix Virtual PC 5.2 for Windows & 5.1.370 for OS2 - DE-EN-FR-JP - incl. Additions for DOS - WIN - OS2 & KeyGen_!!.zip
C:\Users\CLMENT~1\Downloads\eMule\Incoming\Nero 8 Keygen Only - ADDICTION.rar
C:\Users\CLMENT~1\Downloads\eMule\Incoming\VMware.Workstation.v6.0.0.45731.Windows.Keygen.exe

[F:31][D:17]-> C:\Users\CLMENT~1\AppData\Local\Temp
[F:3][D:1]-> C:\Users\CLMENT~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:22][D:4]-> C:\Users\CLMENT~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:6]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 27/02/2009|15:19 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 27/02/2009|15:34 - Option : [2]

--------------------\\ Fin du rapport a 15:34:32
[ UAC => 1 ]
0