Supprimer trojan-gen win32 vista
yonik
-
evmarion -
evmarion -
Bonjour,
je sais que plusieurs problèmes relatifs a ma question son deja dans le forums mais cela ne m'a pas aidée,
Pourriez vous m'aider face a ce trojan j'ai essayer plusieurs antivirus et logiciels (avira antivir, mal-awarebits , a-squared, ad-aware,) je suis a bout de tests, je suis en dual boot avec sur différentes partitions xp et vista, ainsi que 2 parttions de données, seul vista est infecté, avast me le détecte trojan-gen win32 dans vista c://windows/systéme32 . Chaque action que j'ai pu appliqué n'a rien fais, je ne peut plus rien télécharger via Mozilla ou IE.
Je vous remercie de votre implication. encore Merci. YôNïK
je sais que plusieurs problèmes relatifs a ma question son deja dans le forums mais cela ne m'a pas aidée,
Pourriez vous m'aider face a ce trojan j'ai essayer plusieurs antivirus et logiciels (avira antivir, mal-awarebits , a-squared, ad-aware,) je suis a bout de tests, je suis en dual boot avec sur différentes partitions xp et vista, ainsi que 2 parttions de données, seul vista est infecté, avast me le détecte trojan-gen win32 dans vista c://windows/systéme32 . Chaque action que j'ai pu appliqué n'a rien fais, je ne peut plus rien télécharger via Mozilla ou IE.
Je vous remercie de votre implication. encore Merci. YôNïK
A voir également:
- Supprimer trojan-gen win32 vista
- Supprimer rond bleu whatsapp - Guide
- Supprimer page word - Guide
- Supprimer pub youtube - Accueil - Streaming
- Fichier impossible à supprimer - Guide
- Windows vista - Télécharger - Divers Utilitaires
19 réponses
Bonjour
fais ceci
- http://www.trendsecure.com/portal/fr/_download/HJTInstall.exe Télécharge HiJackThis de Merijnsur ton bureau.
- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
fais ceci
- http://www.trendsecure.com/portal/fr/_download/HJTInstall.exe Télécharge HiJackThis de Merijnsur ton bureau.
- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
tout dabord MERCI pour cet rapidité de réponse vous etes purement génial, voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09, on 2009-03-25
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Users\YôNïK\AppData\Roaming\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WinTV\Ir.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Users\YôNïK\AppData\Roaming\svchost.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Users\YôNïK\AppData\Roaming\_67c733817d22598ca9bd5e3b1cc81cc9\down\im000.exe
E:\steam\Steam.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10D9246E-BBFE-4D57-AF08-FA2C497DD6CE} - (no file)
O2 - BHO: (no name) - {5A59DCD2-04E7-4457-BB92-5B245688B2F4} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [*ctfmon32] "C:\Users\YôNïK\AppData\Roaming\svchost.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinProx32_1] C:\Users\YôNïK\AppData\Roaming\psvrr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WinProx32_1] C:\Users\YôNïK\AppData\Roaming\psvrr.exe
O4 - Global Startup: AutoStart IR.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A4FB4D0-B0AD-4E32-A4D1-EAD12707ECD3}: NameServer = 85.255.112.93,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}: NameServer = 85.255.112.93,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{E75D4885-E7FB-4A60-A3EC-50F81D2C9531}: NameServer = 85.255.112.93,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.93,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.93,85.255.112.15
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09, on 2009-03-25
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Users\YôNïK\AppData\Roaming\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WinTV\Ir.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Users\YôNïK\AppData\Roaming\svchost.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Users\YôNïK\AppData\Roaming\_67c733817d22598ca9bd5e3b1cc81cc9\down\im000.exe
E:\steam\Steam.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10D9246E-BBFE-4D57-AF08-FA2C497DD6CE} - (no file)
O2 - BHO: (no name) - {5A59DCD2-04E7-4457-BB92-5B245688B2F4} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [*ctfmon32] "C:\Users\YôNïK\AppData\Roaming\svchost.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinProx32_1] C:\Users\YôNïK\AppData\Roaming\psvrr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WinProx32_1] C:\Users\YôNïK\AppData\Roaming\psvrr.exe
O4 - Global Startup: AutoStart IR.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A4FB4D0-B0AD-4E32-A4D1-EAD12707ECD3}: NameServer = 85.255.112.93,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}: NameServer = 85.255.112.93,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{E75D4885-E7FB-4A60-A3EC-50F81D2C9531}: NameServer = 85.255.112.93,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.93,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.93,85.255.112.15
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
de rien et merci
oulala bien infecter
fais ceci
http://www.bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm
oulala bien infecter
fais ceci
http://www.bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
l outil ou tu m'a renvoyé ne sert qu'a scanner les fichiers dois-je envoyer le log sur leur site? ou dois-je te l'envoyer a toi? merci
le scan a l'air assez long, je te le fais parvenir dés qu'il est terminé , mon pc bug de tous les cotés!!!! merci
re mon avg8 voici le rapport qui a pris 3h : merci encore
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Ultimate Édition ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : BIOS Date: 07/15/08 14:14:52 Ver: 08.00.12
USER : YôNïK ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:146 Go (Free:107 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:15 Go)
E:\ (Local Disk) - NTFS - Total:146 Go (Free:31 Go)
F:\ (Local Disk) - NTFS - Total:114 Go (Free:77 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (Local Disk) - NTFS - Total:19 Go (Free:10 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-03-25|15:41 )
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[2009-02-19|00:36] C:\Users\YNK~1\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009-01-29|19:34] C:\Users\YNK~1\AppData\Local\{5F61EBA6-9DA9-43BD-B174-BCD60DA4BB91}
[2009-01-15|13:57] C:\Users\YNK~1\AppData\Local\ACD Systems
[2009-01-13|21:13] C:\Users\YNK~1\AppData\Local\Adobe
[2009-01-10|05:34] C:\Users\YNK~1\AppData\Local\Application Data
[2009-01-10|06:46] C:\Users\YNK~1\AppData\Local\ATI
[2002-01-02|02:13] C:\Users\YNK~1\AppData\Local\Axialis
[2009-02-08|23:11] C:\Users\YNK~1\AppData\Local\Criterion Games
[2009-02-05|03:05] C:\Users\YNK~1\AppData\Local\d3d9caps.dat
[2009-03-24|21:50] C:\Users\YNK~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-02-08|23:09] C:\Users\YNK~1\AppData\Local\Downloaded Installations
[2009-02-04|05:09] C:\Users\YNK~1\AppData\Local\Gas Powered Games
[2009-03-23|11:31] C:\Users\YNK~1\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-01-10|05:34] C:\Users\YNK~1\AppData\Local\Historique
[2009-03-25|00:54] C:\Users\YNK~1\AppData\Local\IconCache.db
[2009-03-23|10:22] C:\Users\YNK~1\AppData\Local\Microsoft
[2009-03-16|17:59] C:\Users\YNK~1\AppData\Local\Microsoft Game Studios
[2002-01-01|00:57] C:\Users\YNK~1\AppData\Local\Microsoft Games
[2009-01-13|00:51] C:\Users\YNK~1\AppData\Local\Mozilla
[2009-01-25|01:38] C:\Users\YNK~1\AppData\Local\NeoSmart_Technologies
[2009-01-14|21:29] C:\Users\YNK~1\AppData\Local\Neuf
[2009-03-24|16:30] C:\Users\YNK~1\AppData\Local\Paint.NET
[2009-02-26|22:26] C:\Users\YNK~1\AppData\Local\Pando
[2009-02-19|14:21] C:\Users\YNK~1\AppData\Local\PunkBuster
[2009-02-02|14:29] C:\Users\YNK~1\AppData\Local\Rockstar Games
[2009-03-25|15:39] C:\Users\YNK~1\AppData\Local\Temp
[2009-01-10|05:34] C:\Users\YNK~1\AppData\Local\Temporary Internet Files
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[2009-03-25 14:04][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{F89FE676-6FEF-4CA1-A573-41A4577FB7D5}.job
[2009-03-25 13:59][--ah-----] C:\Windows\tasks\SA.DAT
[2009-03-25 13:59][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[2009-02-19|00:49] C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2008-02-22|23:51] C:\ProgramData\ACD Systems
[2008-03-19|20:44] C:\ProgramData\Adobe
[2008-03-19|20:49] C:\ProgramData\Adobe Systems
[2008-02-22|23:53] C:\ProgramData\Apple Computer
[2009-01-10|05:32] C:\ProgramData\Application Data
[2009-02-19|01:42] C:\ProgramData\ATI
[2009-01-10|05:32] C:\ProgramData\Bureau
[2009-01-22|14:07] C:\ProgramData\DAEMON Tools Lite
[2009-01-10|05:32] C:\ProgramData\Documents
[2009-02-08|23:10] C:\ProgramData\Electronic Arts
[2009-01-10|05:32] C:\ProgramData\Favoris
[2009-02-18|18:43] C:\ProgramData\Futuremark
[2009-02-01|20:00] C:\ProgramData\Hewlett-Packard
[2009-02-01|20:09] C:\ProgramData\HP
[2009-02-01|20:05] C:\ProgramData\HPSSUPPLY
[2009-02-01|20:08] C:\ProgramData\hpzinstall.log
[2009-02-28|23:14] C:\ProgramData\Installations
[2009-03-24|00:50] C:\ProgramData\Kaspersky Lab Setup Files
[2009-03-01|05:16] C:\ProgramData\KONAMI
[2009-01-29|18:50] C:\ProgramData\ma-config.com
[2009-03-20|16:14] C:\ProgramData\Malwarebytes
[2009-03-20|14:49] C:\ProgramData\Media Center Programs
[2009-01-10|05:32] C:\ProgramData\Menu Démarrer
[2009-03-23|10:22] C:\ProgramData\Microsoft
[2009-02-26|22:13] C:\ProgramData\Microsoft Games
[2009-02-26|22:13] C:\ProgramData\Microsoft Games
[2008-03-01|21:31] C:\ProgramData\Microsoft Help
[2009-01-10|05:32] C:\ProgramData\Modèles
[2008-03-19|20:25] C:\ProgramData\Nero
[2008-03-19|21:19] C:\ProgramData\NVIDIA
[2009-02-28|23:18] C:\ProgramData\PC Suite
[2009-02-08|06:57] C:\ProgramData\Propellerhead Software
[2009-03-24|01:05] C:\ProgramData\TEMP
[2002-01-04|06:00] C:\ProgramData\TrackMania
[2009-02-19|08:05] C:\ProgramData\Ubisoft
[2009-02-01|20:08] C:\ProgramData\WEBREG
[2008-02-22|23:38] C:\ProgramData\Windows Genuine Advantage
[2009-03-12|02:21] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[2008-02-22|23:51] C:\Program Files\ACD Systems
[2008-02-22|23:30] C:\Program Files\Ad-Aware
[2008-03-20|22:50] C:\Program Files\Adobe
[2002-01-04|05:16] C:\Program Files\AGEIA Technologies
[2009-01-10|08:01] C:\Program Files\Alwil Software
[2009-01-10|06:03] C:\Program Files\Analog Devices
[2009-01-29|09:43] C:\Program Files\ASIO4ALL v2
[2009-03-24|20:33] C:\Program Files\a-squared Free
[2009-02-19|01:42] C:\Program Files\ATI Technologies
[2009-02-19|00:08] C:\Program Files\ATITool
[2008-02-22|23:30] C:\Program Files\AusLogics Disk Defrag
[2009-03-20|16:05] C:\Program Files\CCleaner
[2009-02-18|20:18] C:\Program Files\Cisco
[2009-03-24|01:08] C:\Program Files\Common Files
[2008-02-22|23:30] C:\Program Files\Compare It!
[2008-02-22|23:30] C:\Program Files\Cpu-z
[2009-02-28|23:16] C:\Program Files\DIFX
[2008-03-19|21:01] C:\Program Files\Druide
[2009-02-19|00:46] C:\Program Files\Electronic Arts
[2008-02-22|23:30] C:\Program Files\Everest
[2009-01-10|05:32] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[2009-02-27|02:06] C:\Program Files\FileZilla FTP Client
[2009-02-18|18:36] C:\Program Files\Futuremark
[2009-03-23|15:05] C:\Program Files\GridinSoft Trojan Killer
[2009-02-01|20:03] C:\Program Files\Hewlett-Packard
[2009-02-01|20:05] C:\Program Files\HP
[2008-02-22|23:31] C:\Program Files\IE Privacy Keeper
[2009-01-29|09:43] C:\Program Files\Image-Line
[2009-03-23|13:18] C:\Program Files\InstallShield Installation Information
[2009-01-10|06:05] C:\Program Files\Intel
[2008-02-22|22:44] C:\Program Files\Internet Explorer
[2009-03-25|14:13] C:\Program Files\Java
[2009-01-13|17:27] C:\Program Files\K-Lite Codec Pack
[2009-01-29|18:50] C:\Program Files\ma-config.com
[2009-03-23|17:27] C:\Program Files\Malwarebytes' Anti-Malware
[2009-01-14|07:26] C:\Program Files\Marvell
[2009-03-16|17:09] C:\Program Files\Microsoft Games
[2009-02-23|22:00] C:\Program Files\Microsoft Games for Windows - LIVE
[2008-03-20|22:51] C:\Program Files\Microsoft Office
[2008-03-01|21:27] C:\Program Files\Microsoft Visual Studio
[2008-03-01|21:28] C:\Program Files\Microsoft Works
[2008-03-01|21:27] C:\Program Files\Microsoft.NET
[2009-01-26|03:21] C:\Program Files\mIRC
[2009-03-25|14:43] C:\Program Files\Mozilla Firefox
[2006-11-02|13:35] C:\Program Files\MSBuild
[2009-03-23|22:59] C:\Program Files\MSN Messenger
[2009-03-14|02:37] C:\Program Files\MSXML 4.0
[2009-03-11|13:23] C:\Program Files\Mumble
[2009-01-25|01:32] C:\Program Files\NeoSmart Technologies
[2008-03-19|20:29] C:\Program Files\Nero
[2009-01-14|21:29] C:\Program Files\Neuf
[2009-03-23|23:39] C:\Program Files\nLite
[2009-01-11|18:15] C:\Program Files\Nod32
[2009-03-23|23:39] C:\Program Files\Nokia
[2009-03-06|00:08] C:\Program Files\Notepad++
[2008-02-22|23:31] C:\Program Files\Occtpt
[2009-01-29|09:42] C:\Program Files\Outsim
[2008-02-22|23:31] C:\Program Files\Paint.NET
[2009-02-26|22:26] C:\Program Files\Pando Networks
[2009-02-28|23:15] C:\Program Files\PC Connectivity Solution
[2009-01-29|09:36] C:\Program Files\PowerISO
[2008-02-22|23:53] C:\Program Files\QT Lite
[2008-02-22|23:53] C:\Program Files\Real Alternative
[2008-02-22|23:31] C:\Program Files\Recover
[2006-11-02|13:35] C:\Program Files\Reference Assemblies
[2009-03-22|22:46] C:\Program Files\Smart-Shopper
[2008-02-22|23:31] C:\Program Files\Spybot
[2002-01-01|12:57] C:\Program Files\Tag Support Plugin for Media Player
[2009-03-25|15:09] C:\Program Files\Trend Micro
[2008-03-19|20:30] C:\Program Files\UltraISO
[2006-11-02|14:00] C:\Program Files\Uninstall Information
[2009-01-11|20:23] C:\Program Files\uTorrent
[2009-01-17|23:21] C:\Program Files\Valve
[2009-01-13|17:08] C:\Program Files\Ventrilo
[2009-02-22|16:06] C:\Program Files\VideoLAN
[2009-03-12|02:14] C:\Program Files\VS Revo Group
[2009-01-29|09:43] C:\Program Files\VstPlugins
[2008-02-22|22:44] C:\Program Files\Windows Calendar
[2008-02-22|22:44] C:\Program Files\Windows Defender
[2009-03-12|02:21] C:\Program Files\Windows Live
[2002-01-06|18:27] C:\Program Files\Windows Live SkyDrive
[2009-01-15|21:10] C:\Program Files\Windows Mail
[2008-02-22|23:54] C:\Program Files\Windows Media Player
[2006-11-02|13:35] C:\Program Files\Windows NT
[2008-02-22|22:44] C:\Program Files\Windows Photo Gallery
[2008-02-22|22:44] C:\Program Files\Windows Sidebar
[2008-02-22|23:52] C:\Program Files\WinRAR
[2009-02-21|17:12] C:\Program Files\WinTV
[2009-02-05|01:40] C:\Program Files\X'nStop 2.5
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[2008-02-22|23:51] C:\Program Files\Common Files\ACD Systems
[2008-03-19|20:46] C:\Program Files\Common Files\Adobe
[2008-03-19|20:49] C:\Program Files\Common Files\Adobe Systems Shared
[2008-03-01|21:27] C:\Program Files\Common Files\DESIGNER
[2008-03-19|20:30] C:\Program Files\Common Files\EZB Systems
[2009-02-18|18:37] C:\Program Files\Common Files\Futuremark Shared
[2009-02-01|20:03] C:\Program Files\Common Files\Hewlett-Packard
[2009-02-01|20:04] C:\Program Files\Common Files\HP
[2002-01-01|00:38] C:\Program Files\Common Files\InstallShield
[2002-01-01|00:38] C:\Program Files\Common Files\IviSDK
[2009-02-17|18:20] C:\Program Files\Common Files\Logitech
[2009-03-14|02:51] C:\Program Files\Common Files\Microsoft Games
[2002-01-06|18:28] C:\Program Files\Common Files\microsoft shared
[2008-03-19|20:25] C:\Program Files\Common Files\Nero
[2006-11-02|12:18] C:\Program Files\Common Files\Services
[2009-03-14|18:24] C:\Program Files\Common Files\Steam
[2008-03-01|21:25] C:\Program Files\Common Files\System
[2002-01-06|18:24] C:\Program Files\Common Files\Windows Live
[2009-02-18|18:35] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 73 Processes )
iexplore.exe ~ [PID:5924]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 15:48:05
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\Windows\System32\
please note that you need administrator rights to perform deep scan
--------------------\\ Recherche d'autres infections
C:\Windows\system32\jQYGjRqr.ini
C:\Windows\system32\jQYGjRqr.ini2
[b]==> VUNDO <==/b
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{2A4FB4D0-B0AD-4E32-A4D1-EAD12707ECD3}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
DhcpNameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{E75D4885-E7FB-4A60-A3EC-50F81D2C9531}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{2A4FB4D0-B0AD-4E32-A4D1-EAD12707ECD3}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
DhcpNameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{E75D4885-E7FB-4A60-A3EC-50F81D2C9531}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{2A4FB4D0-B0AD-4E32-A4D1-EAD12707ECD3}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
DhcpNameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{E75D4885-E7FB-4A60-A3EC-50F81D2C9531}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[b]==> WAREOUT <==/b
--------------------\\ Cracks & Keygens ..
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tms.dll
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tms.exe
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tms2.dll
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tms3.dll
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tmsextreme_fromsunrise_setup.exe
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tmsunrise.exe
[F:27][D:5]-> C:\Users\YNK~1\AppData\Local\Temp
[F:80][D:1]-> C:\Users\YNK~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:12][D:4]-> C:\Users\YNK~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:19][D:2]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 2009-03-25|18:16 - Option : [1]
--------------------\\ Fin du rapport a 18:16:57
[ UAC => 1 ]
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Ultimate Édition ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : BIOS Date: 07/15/08 14:14:52 Ver: 08.00.12
USER : YôNïK ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:146 Go (Free:107 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:15 Go)
E:\ (Local Disk) - NTFS - Total:146 Go (Free:31 Go)
F:\ (Local Disk) - NTFS - Total:114 Go (Free:77 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (Local Disk) - NTFS - Total:19 Go (Free:10 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-03-25|15:41 )
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[2009-02-19|00:36] C:\Users\YNK~1\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009-01-29|19:34] C:\Users\YNK~1\AppData\Local\{5F61EBA6-9DA9-43BD-B174-BCD60DA4BB91}
[2009-01-15|13:57] C:\Users\YNK~1\AppData\Local\ACD Systems
[2009-01-13|21:13] C:\Users\YNK~1\AppData\Local\Adobe
[2009-01-10|05:34] C:\Users\YNK~1\AppData\Local\Application Data
[2009-01-10|06:46] C:\Users\YNK~1\AppData\Local\ATI
[2002-01-02|02:13] C:\Users\YNK~1\AppData\Local\Axialis
[2009-02-08|23:11] C:\Users\YNK~1\AppData\Local\Criterion Games
[2009-02-05|03:05] C:\Users\YNK~1\AppData\Local\d3d9caps.dat
[2009-03-24|21:50] C:\Users\YNK~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-02-08|23:09] C:\Users\YNK~1\AppData\Local\Downloaded Installations
[2009-02-04|05:09] C:\Users\YNK~1\AppData\Local\Gas Powered Games
[2009-03-23|11:31] C:\Users\YNK~1\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-01-10|05:34] C:\Users\YNK~1\AppData\Local\Historique
[2009-03-25|00:54] C:\Users\YNK~1\AppData\Local\IconCache.db
[2009-03-23|10:22] C:\Users\YNK~1\AppData\Local\Microsoft
[2009-03-16|17:59] C:\Users\YNK~1\AppData\Local\Microsoft Game Studios
[2002-01-01|00:57] C:\Users\YNK~1\AppData\Local\Microsoft Games
[2009-01-13|00:51] C:\Users\YNK~1\AppData\Local\Mozilla
[2009-01-25|01:38] C:\Users\YNK~1\AppData\Local\NeoSmart_Technologies
[2009-01-14|21:29] C:\Users\YNK~1\AppData\Local\Neuf
[2009-03-24|16:30] C:\Users\YNK~1\AppData\Local\Paint.NET
[2009-02-26|22:26] C:\Users\YNK~1\AppData\Local\Pando
[2009-02-19|14:21] C:\Users\YNK~1\AppData\Local\PunkBuster
[2009-02-02|14:29] C:\Users\YNK~1\AppData\Local\Rockstar Games
[2009-03-25|15:39] C:\Users\YNK~1\AppData\Local\Temp
[2009-01-10|05:34] C:\Users\YNK~1\AppData\Local\Temporary Internet Files
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[2009-03-25 14:04][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{F89FE676-6FEF-4CA1-A573-41A4577FB7D5}.job
[2009-03-25 13:59][--ah-----] C:\Windows\tasks\SA.DAT
[2009-03-25 13:59][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[2009-02-19|00:49] C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2008-02-22|23:51] C:\ProgramData\ACD Systems
[2008-03-19|20:44] C:\ProgramData\Adobe
[2008-03-19|20:49] C:\ProgramData\Adobe Systems
[2008-02-22|23:53] C:\ProgramData\Apple Computer
[2009-01-10|05:32] C:\ProgramData\Application Data
[2009-02-19|01:42] C:\ProgramData\ATI
[2009-01-10|05:32] C:\ProgramData\Bureau
[2009-01-22|14:07] C:\ProgramData\DAEMON Tools Lite
[2009-01-10|05:32] C:\ProgramData\Documents
[2009-02-08|23:10] C:\ProgramData\Electronic Arts
[2009-01-10|05:32] C:\ProgramData\Favoris
[2009-02-18|18:43] C:\ProgramData\Futuremark
[2009-02-01|20:00] C:\ProgramData\Hewlett-Packard
[2009-02-01|20:09] C:\ProgramData\HP
[2009-02-01|20:05] C:\ProgramData\HPSSUPPLY
[2009-02-01|20:08] C:\ProgramData\hpzinstall.log
[2009-02-28|23:14] C:\ProgramData\Installations
[2009-03-24|00:50] C:\ProgramData\Kaspersky Lab Setup Files
[2009-03-01|05:16] C:\ProgramData\KONAMI
[2009-01-29|18:50] C:\ProgramData\ma-config.com
[2009-03-20|16:14] C:\ProgramData\Malwarebytes
[2009-03-20|14:49] C:\ProgramData\Media Center Programs
[2009-01-10|05:32] C:\ProgramData\Menu Démarrer
[2009-03-23|10:22] C:\ProgramData\Microsoft
[2009-02-26|22:13] C:\ProgramData\Microsoft Games
[2009-02-26|22:13] C:\ProgramData\Microsoft Games
[2008-03-01|21:31] C:\ProgramData\Microsoft Help
[2009-01-10|05:32] C:\ProgramData\Modèles
[2008-03-19|20:25] C:\ProgramData\Nero
[2008-03-19|21:19] C:\ProgramData\NVIDIA
[2009-02-28|23:18] C:\ProgramData\PC Suite
[2009-02-08|06:57] C:\ProgramData\Propellerhead Software
[2009-03-24|01:05] C:\ProgramData\TEMP
[2002-01-04|06:00] C:\ProgramData\TrackMania
[2009-02-19|08:05] C:\ProgramData\Ubisoft
[2009-02-01|20:08] C:\ProgramData\WEBREG
[2008-02-22|23:38] C:\ProgramData\Windows Genuine Advantage
[2009-03-12|02:21] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[2008-02-22|23:51] C:\Program Files\ACD Systems
[2008-02-22|23:30] C:\Program Files\Ad-Aware
[2008-03-20|22:50] C:\Program Files\Adobe
[2002-01-04|05:16] C:\Program Files\AGEIA Technologies
[2009-01-10|08:01] C:\Program Files\Alwil Software
[2009-01-10|06:03] C:\Program Files\Analog Devices
[2009-01-29|09:43] C:\Program Files\ASIO4ALL v2
[2009-03-24|20:33] C:\Program Files\a-squared Free
[2009-02-19|01:42] C:\Program Files\ATI Technologies
[2009-02-19|00:08] C:\Program Files\ATITool
[2008-02-22|23:30] C:\Program Files\AusLogics Disk Defrag
[2009-03-20|16:05] C:\Program Files\CCleaner
[2009-02-18|20:18] C:\Program Files\Cisco
[2009-03-24|01:08] C:\Program Files\Common Files
[2008-02-22|23:30] C:\Program Files\Compare It!
[2008-02-22|23:30] C:\Program Files\Cpu-z
[2009-02-28|23:16] C:\Program Files\DIFX
[2008-03-19|21:01] C:\Program Files\Druide
[2009-02-19|00:46] C:\Program Files\Electronic Arts
[2008-02-22|23:30] C:\Program Files\Everest
[2009-01-10|05:32] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[2009-02-27|02:06] C:\Program Files\FileZilla FTP Client
[2009-02-18|18:36] C:\Program Files\Futuremark
[2009-03-23|15:05] C:\Program Files\GridinSoft Trojan Killer
[2009-02-01|20:03] C:\Program Files\Hewlett-Packard
[2009-02-01|20:05] C:\Program Files\HP
[2008-02-22|23:31] C:\Program Files\IE Privacy Keeper
[2009-01-29|09:43] C:\Program Files\Image-Line
[2009-03-23|13:18] C:\Program Files\InstallShield Installation Information
[2009-01-10|06:05] C:\Program Files\Intel
[2008-02-22|22:44] C:\Program Files\Internet Explorer
[2009-03-25|14:13] C:\Program Files\Java
[2009-01-13|17:27] C:\Program Files\K-Lite Codec Pack
[2009-01-29|18:50] C:\Program Files\ma-config.com
[2009-03-23|17:27] C:\Program Files\Malwarebytes' Anti-Malware
[2009-01-14|07:26] C:\Program Files\Marvell
[2009-03-16|17:09] C:\Program Files\Microsoft Games
[2009-02-23|22:00] C:\Program Files\Microsoft Games for Windows - LIVE
[2008-03-20|22:51] C:\Program Files\Microsoft Office
[2008-03-01|21:27] C:\Program Files\Microsoft Visual Studio
[2008-03-01|21:28] C:\Program Files\Microsoft Works
[2008-03-01|21:27] C:\Program Files\Microsoft.NET
[2009-01-26|03:21] C:\Program Files\mIRC
[2009-03-25|14:43] C:\Program Files\Mozilla Firefox
[2006-11-02|13:35] C:\Program Files\MSBuild
[2009-03-23|22:59] C:\Program Files\MSN Messenger
[2009-03-14|02:37] C:\Program Files\MSXML 4.0
[2009-03-11|13:23] C:\Program Files\Mumble
[2009-01-25|01:32] C:\Program Files\NeoSmart Technologies
[2008-03-19|20:29] C:\Program Files\Nero
[2009-01-14|21:29] C:\Program Files\Neuf
[2009-03-23|23:39] C:\Program Files\nLite
[2009-01-11|18:15] C:\Program Files\Nod32
[2009-03-23|23:39] C:\Program Files\Nokia
[2009-03-06|00:08] C:\Program Files\Notepad++
[2008-02-22|23:31] C:\Program Files\Occtpt
[2009-01-29|09:42] C:\Program Files\Outsim
[2008-02-22|23:31] C:\Program Files\Paint.NET
[2009-02-26|22:26] C:\Program Files\Pando Networks
[2009-02-28|23:15] C:\Program Files\PC Connectivity Solution
[2009-01-29|09:36] C:\Program Files\PowerISO
[2008-02-22|23:53] C:\Program Files\QT Lite
[2008-02-22|23:53] C:\Program Files\Real Alternative
[2008-02-22|23:31] C:\Program Files\Recover
[2006-11-02|13:35] C:\Program Files\Reference Assemblies
[2009-03-22|22:46] C:\Program Files\Smart-Shopper
[2008-02-22|23:31] C:\Program Files\Spybot
[2002-01-01|12:57] C:\Program Files\Tag Support Plugin for Media Player
[2009-03-25|15:09] C:\Program Files\Trend Micro
[2008-03-19|20:30] C:\Program Files\UltraISO
[2006-11-02|14:00] C:\Program Files\Uninstall Information
[2009-01-11|20:23] C:\Program Files\uTorrent
[2009-01-17|23:21] C:\Program Files\Valve
[2009-01-13|17:08] C:\Program Files\Ventrilo
[2009-02-22|16:06] C:\Program Files\VideoLAN
[2009-03-12|02:14] C:\Program Files\VS Revo Group
[2009-01-29|09:43] C:\Program Files\VstPlugins
[2008-02-22|22:44] C:\Program Files\Windows Calendar
[2008-02-22|22:44] C:\Program Files\Windows Defender
[2009-03-12|02:21] C:\Program Files\Windows Live
[2002-01-06|18:27] C:\Program Files\Windows Live SkyDrive
[2009-01-15|21:10] C:\Program Files\Windows Mail
[2008-02-22|23:54] C:\Program Files\Windows Media Player
[2006-11-02|13:35] C:\Program Files\Windows NT
[2008-02-22|22:44] C:\Program Files\Windows Photo Gallery
[2008-02-22|22:44] C:\Program Files\Windows Sidebar
[2008-02-22|23:52] C:\Program Files\WinRAR
[2009-02-21|17:12] C:\Program Files\WinTV
[2009-02-05|01:40] C:\Program Files\X'nStop 2.5
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[2008-02-22|23:51] C:\Program Files\Common Files\ACD Systems
[2008-03-19|20:46] C:\Program Files\Common Files\Adobe
[2008-03-19|20:49] C:\Program Files\Common Files\Adobe Systems Shared
[2008-03-01|21:27] C:\Program Files\Common Files\DESIGNER
[2008-03-19|20:30] C:\Program Files\Common Files\EZB Systems
[2009-02-18|18:37] C:\Program Files\Common Files\Futuremark Shared
[2009-02-01|20:03] C:\Program Files\Common Files\Hewlett-Packard
[2009-02-01|20:04] C:\Program Files\Common Files\HP
[2002-01-01|00:38] C:\Program Files\Common Files\InstallShield
[2002-01-01|00:38] C:\Program Files\Common Files\IviSDK
[2009-02-17|18:20] C:\Program Files\Common Files\Logitech
[2009-03-14|02:51] C:\Program Files\Common Files\Microsoft Games
[2002-01-06|18:28] C:\Program Files\Common Files\microsoft shared
[2008-03-19|20:25] C:\Program Files\Common Files\Nero
[2006-11-02|12:18] C:\Program Files\Common Files\Services
[2009-03-14|18:24] C:\Program Files\Common Files\Steam
[2008-03-01|21:25] C:\Program Files\Common Files\System
[2002-01-06|18:24] C:\Program Files\Common Files\Windows Live
[2009-02-18|18:35] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 73 Processes )
iexplore.exe ~ [PID:5924]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 15:48:05
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\Windows\System32\
please note that you need administrator rights to perform deep scan
--------------------\\ Recherche d'autres infections
C:\Windows\system32\jQYGjRqr.ini
C:\Windows\system32\jQYGjRqr.ini2
[b]==> VUNDO <==/b
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{2A4FB4D0-B0AD-4E32-A4D1-EAD12707ECD3}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
DhcpNameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{E75D4885-E7FB-4A60-A3EC-50F81D2C9531}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{2A4FB4D0-B0AD-4E32-A4D1-EAD12707ECD3}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
DhcpNameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{E75D4885-E7FB-4A60-A3EC-50F81D2C9531}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{2A4FB4D0-B0AD-4E32-A4D1-EAD12707ECD3}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{B63D0854-B894-45C9-B96E-B32518EA85DE}]
DhcpNameServer REG_SZ 85.255.112.93,85.255.112.15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{E75D4885-E7FB-4A60-A3EC-50F81D2C9531}]
NameServer REG_SZ 85.255.112.93,85.255.112.15
[b]==> WAREOUT <==/b
--------------------\\ Cracks & Keygens ..
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tms.dll
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tms.exe
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tms2.dll
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tms3.dll
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tmsextreme_fromsunrise_setup.exe
C:\Users\YNK~1\AppData\Local\Microsoft\Messenger\alex.lepsy@hotmail.fr\Sharing Folders\mr_po_po@hotmail.fr\Crack\tmsunrise.exe
[F:27][D:5]-> C:\Users\YNK~1\AppData\Local\Temp
[F:80][D:1]-> C:\Users\YNK~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:12][D:4]-> C:\Users\YNK~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:19][D:2]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 2009-03-25|18:16 - Option : [1]
--------------------\\ Fin du rapport a 18:16:57
[ UAC => 1 ]
il m'est impossible de telecharger malaware!!! comment faire? comme si le lien était mort, de IE a Mozilla.
j ais reussi a retrouver malwarebyte sur mon pc je redemmarre en mode sans echecs et jteste sa! il m'est impossible de lancer l installation, je vais essayé en mode sans echecs, je vous tiens au jus mes petits ange gardien ^^
bon je crois que c'est cui (lol) impossible de lancer malware sous vista en sans échecs étant donné que j ai xp en dual boot je démarre sous xp et lance un test, dois je testé seulement le DD ou se trouve vista ou la totalité de mon système, sinon puis-je formater mon DD ou se trouve vista, se serais peut être plus simple, je vous envoi le rapport une fois terminé de malware, QUELLE GALERE ¨¨ merci a vous.
dois je effectuer une suppression + host avec lops&d ou - host et malware plante sec l application spidst.exe a rencontrer un prob et dois fermer!!!!! je devient fou !! si je formate mon DD vista mon systeme serat-il saint? si oui je format si non .... heu la c cho !
J'ai le même pb !! voici le rapport.... quelqu'un peut-il m'aider ?
merci
evmarion
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:20, on 01/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue Premier\ECB-SGP.exe
C:\Program Files\eoRezo\EoEngine.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\e-Carte Bleue Société Générale\ecbl-sg.exe
c:\users\françois\appdata\local\microsoft\windows\temporary internet files\content.ie5\ksw4fglf\ymjsdwkld[1].exe
c:\users\françois\appdata\local\microsoft\feeds\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\webslices~\slicefeedgalerie497.exe
C:\hp\kbd\kbd.exe
c:\users\françois\appdata\roaming\microsoft\document building blocks\1036\buildingblocksd.exe
c:\users\françois\appdata\roaming\microsoft\identitycrl\production\microsoftppcrlconfig.exe
C:\program files\avira\antivir desktop\avcenter.exe
c:\program files\avira\antivir desktop\avscan.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
c:\users\françois\appdata\local\microsoft\feeds\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\webslices~\composantsslicefeed.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [eCarteBleue-SG-P3-Premier] "C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue Premier\ECB-SGP.exe" /dontopenmycards
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://blogs.canalsur.es/parrilla_at/"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [ymjsdwkld[1]] c:\users\françois\appdata\local\microsoft\windows\temporary internet files\content.ie5\ksw4fglf\ymjsdwkld[1].exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [GalerieSlicefeed] c:\users\françois\appdata\local\microsoft\feeds\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\webslices~\slicefeedgalerie497.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [Liveppcrlconfig] c:\users\françois\appdata\roaming\microsoft\identitycrl\production\microsoftppcrlconfig.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [JeunesseSant] c:\users\françois\favorites\ministrebafabafd29706.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [Galeriecomposants] C:\Users\françois\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\SlicefeedGalerie497.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [ppcrlconfigMicrosoft] C:\Users\françois\AppData\Roaming\Microsoft\IdentityCRL\Production\Microsoftppcrlconfig.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [FRANCOISdINSPECTION16827] c:\users\françois\francoisdinspection.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\RunServices: [ymjsdwkld[1]] c:\users\françois\appdata\local\microsoft\windows\temporary internet files\content.ie5\ksw4fglf\ymjsdwkld[1].exe (User 'françois')
O4 - Global Startup: e-Carte Bleue Société Générale.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
merci
evmarion
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:20, on 01/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue Premier\ECB-SGP.exe
C:\Program Files\eoRezo\EoEngine.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\e-Carte Bleue Société Générale\ecbl-sg.exe
c:\users\françois\appdata\local\microsoft\windows\temporary internet files\content.ie5\ksw4fglf\ymjsdwkld[1].exe
c:\users\françois\appdata\local\microsoft\feeds\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\webslices~\slicefeedgalerie497.exe
C:\hp\kbd\kbd.exe
c:\users\françois\appdata\roaming\microsoft\document building blocks\1036\buildingblocksd.exe
c:\users\françois\appdata\roaming\microsoft\identitycrl\production\microsoftppcrlconfig.exe
C:\program files\avira\antivir desktop\avcenter.exe
c:\program files\avira\antivir desktop\avscan.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
c:\users\françois\appdata\local\microsoft\feeds\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\webslices~\composantsslicefeed.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [eCarteBleue-SG-P3-Premier] "C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue Premier\ECB-SGP.exe" /dontopenmycards
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://blogs.canalsur.es/parrilla_at/"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [ymjsdwkld[1]] c:\users\françois\appdata\local\microsoft\windows\temporary internet files\content.ie5\ksw4fglf\ymjsdwkld[1].exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [GalerieSlicefeed] c:\users\françois\appdata\local\microsoft\feeds\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\webslices~\slicefeedgalerie497.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [Liveppcrlconfig] c:\users\françois\appdata\roaming\microsoft\identitycrl\production\microsoftppcrlconfig.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [JeunesseSant] c:\users\françois\favorites\ministrebafabafd29706.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [Galeriecomposants] C:\Users\françois\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\SlicefeedGalerie497.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [ppcrlconfigMicrosoft] C:\Users\françois\AppData\Roaming\Microsoft\IdentityCRL\Production\Microsoftppcrlconfig.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\Run: [FRANCOISdINSPECTION16827] c:\users\françois\francoisdinspection.exe (User 'françois')
O4 - HKUS\S-1-5-21-1637914781-1357628259-3188108321-1003\..\RunServices: [ymjsdwkld[1]] c:\users\françois\appdata\local\microsoft\windows\temporary internet files\content.ie5\ksw4fglf\ymjsdwkld[1].exe (User 'françois')
O4 - Global Startup: e-Carte Bleue Société Générale.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
