Trojn cid

nathalex Messages postés 18 Statut Membre -  
moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:54, on 02/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp173.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AxBx\VirusKeeper 2010 Pro\vk_service.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AxBx\VirusKeeper 2010 Pro\VirusKeeper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SeekappSrch\seekappsrch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AxBx\VirusKeeper 2010 Pro\vk_watchop.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\LOYANT\LOCALS~1\Temp\Rar$EX00.859\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ask.com?o=14978&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 2)" /O20 "mafreebox.freebox.fr" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2010 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] C:\Documents and Settings\All Users\Application Data\Okay meta anti lite\Okay cast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [L07FXLRD_6708843] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [bows proc] C:\DOCUME~1\LOYANT\APPLIC~1\GREYCR~1\rdr plan.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Seekapp Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Seekapp\seekapp132.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp173.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2010 Pro\vk_service.exe

--
End of file - 12752 bytes
Configuration: Windows XP
Firefox 3.0.17

3 réponses

  1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    Téléchargez Lop S&D.exe sur le Bueau

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
    Certaines infections bloquent les telechargements d' outils de desinfection utilisez ce lien alternatif:
    http://ww38.toofiles.com/fr/oip/documents/exe/yop4.html

    Lop S&D est détecté par certains antivirus : il ne s'agit pas d'un virus (faux positif), mais d'un utilitaire destiné à mettre fin à des processus. Dans le cas d'une alerte de la part de votre antivirus, veuillez désactiver votre antivirus pendant la procédure

    * Double-cliquez dessus pour lancer l'installation
    * Puis double-cliquez sur le raccourci Lop S&D présent sur le Bureau
    * Séléctionnez la langue souhaitée, puis choisir l'option 1 (Recherche)
    * Patientez jusqu'à la fin du scan
    * Postez le rapport généré sur un forum(C:\lopR.txt)

    1
  2. nathalex Messages postés 18 Statut Membre
     
    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) Processor LE-1640 )
    BIOS : Default System BIOS
    USER : LOYANT ( Administrator )
    BOOT : Normal boot
    Antivirus : VirusKeeper 2010 Pro antivirus 10.0 (Activated)
    C:\ (Local Disk) - NTFS - Total:127 Go (Free:87 Go)
    D:\ (CD or DVD)
    E:\ (Local Disk) - NTFS - Total:170 Go (Free:169 Go)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 05/02/2010|17:27 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [08/03/2009|18:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [09/03/2009|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{55A29068-F2CE-456C-9148-C869879E2357}
    [22/12/2009|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [05/12/2009|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    [21/08/2009|14:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [09/03/2009|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [22/12/2009|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [22/12/2009|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [24/05/2009|16:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
    [05/09/2009|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    [10/09/2009|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [04/06/2009|19:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts
    [19/11/2009|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
    [10/01/2010|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [30/04/2009|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
    [30/04/2009|13:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
    [30/05/2009|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [24/06/2009|14:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [13/01/2010|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [27/06/2009|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    [09/03/2009|14:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [08/03/2009|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [18/12/2009|16:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite
    [05/05/2009|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Seekapp
    [30/01/2010|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekappSrch
    [05/12/2009|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [10/09/2009|18:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Temp
    [05/12/2009|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
    [14/08/2009|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
    [08/03/2009|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [26/06/2009|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [08/03/2009|18:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [24/05/2009|16:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [05/12/2009|10:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\TuneUp Software

    [21/08/2009|14:58] C:\DOCUME~1\LOYANT\APPLIC~1\Adobe
    [06/05/2009|07:57] C:\DOCUME~1\LOYANT\APPLIC~1\Ahead
    [31/12/2009|11:43] C:\DOCUME~1\LOYANT\APPLIC~1\Apple Computer
    [22/09/2009|17:23] C:\DOCUME~1\LOYANT\APPLIC~1\AVS4YOU
    [24/01/2010|14:06] C:\DOCUME~1\LOYANT\APPLIC~1\BitTorrent
    [10/09/2009|18:08] C:\DOCUME~1\LOYANT\APPLIC~1\CyberLink
    [05/02/2010|17:20] C:\DOCUME~1\LOYANT\APPLIC~1\DNA
    [20/01/2010|19:01] C:\DOCUME~1\LOYANT\APPLIC~1\Facebook
    [16/04/2009|15:32] C:\DOCUME~1\LOYANT\APPLIC~1\Google
    [18/12/2009|16:21] C:\DOCUME~1\LOYANT\APPLIC~1\grey creative list
    [07/06/2009|07:48] C:\DOCUME~1\LOYANT\APPLIC~1\Identities
    [10/01/2010|21:20] C:\DOCUME~1\LOYANT\APPLIC~1\InstallShield
    [30/06/2009|16:41] C:\DOCUME~1\LOYANT\APPLIC~1\Leadertech
    [10/01/2010|20:02] C:\DOCUME~1\LOYANT\APPLIC~1\LG Electronics
    [14/11/2009|20:33] C:\DOCUME~1\LOYANT\APPLIC~1\LimeWire
    [08/03/2009|19:05] C:\DOCUME~1\LOYANT\APPLIC~1\Macromedia
    [10/03/2009|18:05] C:\DOCUME~1\LOYANT\APPLIC~1\Media Player Classic
    [16/10/2009|14:14] C:\DOCUME~1\LOYANT\APPLIC~1\Microsoft
    [11/03/2009|13:37] C:\DOCUME~1\LOYANT\APPLIC~1\Mozilla
    [27/06/2009|19:24] C:\DOCUME~1\LOYANT\APPLIC~1\MSN6
    [22/09/2009|17:14] C:\DOCUME~1\LOYANT\APPLIC~1\Samsung
    [05/02/2010|16:10] C:\DOCUME~1\LOYANT\APPLIC~1\Skype
    [05/02/2010|16:10] C:\DOCUME~1\LOYANT\APPLIC~1\skypePM
    [03/10/2009|13:05] C:\DOCUME~1\LOYANT\APPLIC~1\Sony Ericsson
    [22/03/2009|11:33] C:\DOCUME~1\LOYANT\APPLIC~1\Sun
    [03/10/2009|13:07] C:\DOCUME~1\LOYANT\APPLIC~1\Teleca
    [09/03/2009|15:04] C:\DOCUME~1\LOYANT\APPLIC~1\TuneUp Software
    [14/08/2009|09:27] C:\DOCUME~1\LOYANT\APPLIC~1\Ulead Systems
    [10/07/2009|15:59] C:\DOCUME~1\LOYANT\APPLIC~1\Windows Live Writer
    [09/03/2009|17:17] C:\DOCUME~1\LOYANT\APPLIC~1\WinRAR

    [24/05/2009|16:42] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [05/02/2010 17:01][--a------] C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [30/01/2010 16:35][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [05/02/2010 17:00][--ah-----] C:\WINDOWS\tasks\ACEE9084918503D8.job
    [05/02/2010 17:03][--a------] C:\WINDOWS\tasks\Recherche de problŠmes automatique.job
    [05/02/2010 16:09][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [28/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ( ACEE9084918503D8.job )=( c:\docume~1\loyant\applic~1\greycr~1\SkipHideAtom.exe )

    --------------------\\ Listing des dossiers dans C:\Program Files

    [21/08/2009|14:57] C:\Program Files\Adobe
    [08/05/2009|08:11] C:\Program Files\AGI
    [22/12/2009|19:19] C:\Program Files\Apple Software Update
    [05/09/2009|08:27] C:\Program Files\Ares
    [16/01/2010|10:01] C:\Program Files\Ask Search Assistant
    [17/01/2010|20:09] C:\Program Files\Ask.com
    [05/09/2009|09:33] C:\Program Files\AVS4YOU
    [10/10/2009|13:07] C:\Program Files\AxBx
    [01/10/2009|19:52] C:\Program Files\Beneton Movie GIF
    [17/01/2010|20:09] C:\Program Files\BitTorrent
    [22/12/2009|19:20] C:\Program Files\Bonjour
    [11/03/2009|17:14] C:\Program Files\CCleaner
    [30/05/2009|08:43] C:\Program Files\Circl Developement
    [24/08/2009|14:40] C:\Program Files\Common Files
    [08/03/2009|18:06] C:\Program Files\ComPlus Applications
    [05/09/2009|09:18] C:\Program Files\Conduit
    [05/09/2009|09:48] C:\Program Files\Corel
    [10/09/2009|18:07] C:\Program Files\CyberLink
    [19/11/2009|20:34] C:\Program Files\Delicious Emilys Taste of Fame
    [22/09/2009|17:09] C:\Program Files\DIFX
    [05/02/2010|16:10] C:\Program Files\DNA
    [24/03/2009|15:21] C:\Program Files\EA GAMES
    [25/12/2009|09:51] C:\Program Files\Electronic Arts
    [09/03/2009|17:19] C:\Program Files\epson
    [22/12/2009|19:19] C:\Program Files\Fichiers communs
    [10/01/2010|20:36] C:\Program Files\Google
    [24/08/2009|14:27] C:\Program Files\gPotato.eu
    [18/12/2009|16:20] C:\Program Files\grey creative list
    [10/01/2010|20:44] C:\Program Files\InstallShield Installation Information
    [09/03/2009|17:53] C:\Program Files\Internet Explorer
    [22/12/2009|19:20] C:\Program Files\iPod
    [22/12/2009|19:21] C:\Program Files\iTunes
    [05/12/2009|09:46] C:\Program Files\Java
    [13/04/2009|14:40] C:\Program Files\Keronsoft
    [09/03/2009|15:42] C:\Program Files\K-Lite Codec Pack
    [09/03/2009|15:38] C:\Program Files\Learning Essentials
    [12/01/2010|15:58] C:\Program Files\LG Electronics
    [22/03/2009|11:34] C:\Program Files\LimeWire
    [08/03/2009|20:40] C:\Program Files\Messenger
    [21/08/2009|08:32] C:\Program Files\Messenger Plus! Live
    [26/06/2009|17:11] C:\Program Files\Microsoft
    [09/03/2009|15:41] C:\Program Files\Microsoft Etudes
    [08/03/2009|18:08] C:\Program Files\microsoft frontpage
    [08/03/2009|20:31] C:\Program Files\Microsoft Office
    [23/08/2009|16:55] C:\Program Files\Microsoft Office Outlook Connector
    [21/01/2010|08:11] C:\Program Files\Microsoft Silverlight
    [24/06/2009|14:22] C:\Program Files\Microsoft SQL Server Compact Edition
    [24/06/2009|14:27] C:\Program Files\Microsoft Sync Framework
    [08/03/2009|20:31] C:\Program Files\Microsoft Visual Studio
    [13/08/2009|15:19] C:\Program Files\Microsoft Works
    [04/06/2009|19:46] C:\Program Files\Microsoft WSE
    [12/03/2009|18:44] C:\Program Files\Movie Maker
    [05/02/2010|16:22] C:\Program Files\Mozilla Firefox
    [08/03/2009|20:31] C:\Program Files\MSBuild
    [08/03/2009|18:06] C:\Program Files\MSN
    [08/03/2009|18:05] C:\Program Files\MSN Gaming Zone
    [08/03/2009|20:35] C:\Program Files\MSXML 4.0
    [09/03/2009|14:43] C:\Program Files\Nero
    [08/03/2009|19:58] C:\Program Files\NetMeeting
    [12/08/2009|13:36] C:\Program Files\Outlook Express
    [24/03/2009|18:30] C:\Program Files\PhotoFiltre
    [08/10/2009|20:23] C:\Program Files\PhotoScape
    [22/12/2009|19:20] C:\Program Files\QuickTime
    [11/03/2009|13:23] C:\Program Files\Realtek
    [09/03/2009|17:42] C:\Program Files\Reference Assemblies
    [19/11/2009|20:33] C:\Program Files\ReflexiveArcade
    [05/02/2010|16:12] C:\Program Files\RelevantKnowledge
    [22/09/2009|17:09] C:\Program Files\Samsung
    [24/05/2009|16:06] C:\Program Files\Seekapp
    [31/01/2010|11:48] C:\Program Files\SeekappSrch
    [08/03/2009|18:06] C:\Program Files\Services en ligne
    [05/12/2009|10:23] C:\Program Files\Skype
    [24/05/2009|15:07] C:\Program Files\trend micro
    [05/12/2009|09:49] C:\Program Files\TuneUp Utilities 2009
    [02/02/2010|14:40] C:\Program Files\TuneUp Utilities 2010
    [06/09/2009|13:06] C:\Program Files\Ulead Systems
    [23/05/2009|10:50] C:\Program Files\UnFREEz
    [08/03/2009|18:10] C:\Program Files\Uninstall Information
    [01/11/2009|19:20] C:\Program Files\Visicom Media
    [23/12/2009|21:38] C:\Program Files\Wakfu
    [24/08/2009|16:10] C:\Program Files\Windows Live
    [09/03/2009|15:23] C:\Program Files\Windows Live SkyDrive
    [09/03/2009|15:52] C:\Program Files\Windows Media Connect 2
    [09/03/2009|15:52] C:\Program Files\Windows Media Player
    [08/03/2009|19:58] C:\Program Files\Windows NT
    [08/03/2009|18:33] C:\Program Files\WindowsUpdate
    [09/03/2009|17:17] C:\Program Files\WinRAR
    [08/03/2009|18:08] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [21/08/2009|14:57] C:\Program Files\Fichiers communs\Adobe
    [09/03/2009|14:44] C:\Program Files\Fichiers communs\Ahead
    [22/12/2009|19:20] C:\Program Files\Fichiers communs\Apple
    [05/09/2009|09:33] C:\Program Files\Fichiers communs\AVSMedia
    [08/03/2009|20:31] C:\Program Files\Fichiers communs\DESIGNER
    [07/12/2009|18:53] C:\Program Files\Fichiers communs\DirectX
    [03/10/2009|13:03] C:\Program Files\Fichiers communs\InstallShield
    [13/08/2009|15:19] C:\Program Files\Fichiers communs\Microsoft Shared
    [08/03/2009|18:06] C:\Program Files\Fichiers communs\MSSoap
    [08/03/2009|18:02] C:\Program Files\Fichiers communs\ODBC
    [08/03/2009|18:06] C:\Program Files\Fichiers communs\Services
    [05/12/2009|10:23] C:\Program Files\Fichiers communs\Skype
    [08/03/2009|18:02] C:\Program Files\Fichiers communs\SpeechEngines
    [23/08/2009|16:55] C:\Program Files\Fichiers communs\System
    [14/08/2009|09:25] C:\Program Files\Fichiers communs\Ulead Systems
    [09/03/2009|15:15] C:\Program Files\Fichiers communs\Windows Live

    --------------------\\ Process

    ( 56 Processes )

    IEXPLORE.EXE ~ [PID:2728]
    IEXPLORE.EXE ~ [PID:2828]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite\Okay cast.dat
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite\Okay cast.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\cezjyudr.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\csmbzjyz.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\ctamkyiy.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\cwzlgaeq.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\dijgryzc.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\dqhntnfy.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\eqymbfdn.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\espwcecf.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\ewnmvvwp.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\ewslpsdi.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\fkslkycr.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\hedvozfp.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\hiuldijx.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\kyfqhkqx.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\lfugxwrq.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\mdppoeax.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\mmwjsjph.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\nctgriuc.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\neplefby.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\nonxtyly.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\odzdvewn.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\onrxidlq.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\plmokmlx.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\qwawtvcy.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\rdr plan.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\Safe Meta Phone Heck.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\Skip Hide Atom.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\tdejkecx.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\ujqorhrc.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\umwsslsd.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\uwxzfnlr.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\xkcksatl.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\yshzxscm.exe
    C:\DOCUME~1\LOYANT\APPLIC~1\greycr~1\yweiloah.exe
    C:\Program Files\greycr~1
    C:\DOCUME~1\LOYANT\Cookies\loyant@advertstream[1].txt
    C:\DOCUME~1\LOYANT\Cookies\loyant@advertising[2].txt
    C:\WINDOWS\Tasks\ACEE9084918503D8.job

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "bows proc"="C:\\DOCUME~1\\LOYANT\\APPLIC~1\\GREYCR~1\\rdr plan.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ANTI LITE TITLE DEBUG"="C:\\Documents and Settings\\All Users\\Application Data\\Okay meta anti lite\\Okay cast.exe"

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-05 17:28:15
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\Sims 2 NO CD Crack.exe.torrent
    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\The Sims 2 Bon Voyage PC Incl Crack.1.torrent
    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\The Sims 2 Bon Voyage PC Incl Crack.torrent
    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\The Sims 2 Crack Pack 2.torrent
    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\WII-Crack-sans-puce.iso.1.torrent
    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\WII-Crack-sans-puce.iso.2.torrent
    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\WII-Crack-sans-puce.iso.3.torrent
    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\WII-Crack-sans-puce.iso.4.torrent
    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\WII-Crack-sans-puce.iso.torrent
    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\Winrar-Crack.1.torrent
    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\Winrar-Crack.2.torrent
    C:\DOCUME~1\LOYANT\Application Data\BitTorrent\Winrar-Crack.torrent
    C:\DOCUME~1\LOYANT\Mes documents\Cyriil\~ Divers\Crack ulead photo impact 12
    C:\DOCUME~1\LOYANT\Mes documents\Cyriil\~ Divers\Crack ulead photo impact 12\Album.exe
    C:\DOCUME~1\LOYANT\Mes documents\Cyriil\~ Divers\Crack ulead photo impact 12\Iedit_.exe
    C:\DOCUME~1\LOYANT\Mes documents\Cyriil\~ Divers\Crack ulead photo impact 12\xSystem.dll

    [F:154][D:8]-> C:\DOCUME~1\LOYANT\LOCALS~1\Temp
    [F:90][D:0]-> C:\DOCUME~1\LOYANT\Cookies
    [F:677][D:5]-> C:\DOCUME~1\LOYANT\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 02/02/2010|14:31 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 05/02/2010|17:29 - Option : [1]

    --------------------\\ Fin du rapport a 17:29:14
    0
  3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    1)
    relances Lop SD option 2 suppression + hosts
    poster le rapport

    2) les cracks= dangers = infections = suppressions

    3)
    infection toolbar

    Téléchargez Toolbar-S&D ( Merci à Eric_71, Angel Dark, Sham_Rock et XmichouX ) sur le Bureau

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

    Lancez l'installation du programme en exécutant le fichier téléchargé.
    Double-cliquez maintenant sur le raccourci de Toolbar-S&D.
    Sélectionnez la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    Choisir maintenant l'option 2 suppression
    Patientez jusqu'à la fin de la recherche.
    Postez le rapport généré. (C:\TB.txt)

    Tuto: https://sites.google.com/site/toolbarsd/aideenimages

    4)
    d'autres infections encore à traiter

    pour les visualiser

    • Télécharge Random's System Information Tool (RSIT) de Random/Random.

    (outil de diagnostic)

    http://images.malwareremoval.com/random/RSIT.exe

    • Enregistre le sur ton Bureau.

    • Double clique sur RSIT.exe pour lancer l'outil.

    • Clique sur "Continue" à l'écran Disclaimer.

    • Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)

    et tu devras accepter la licence.

    • Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

    Les rapports se trouvent à cet endroit:
    C:\rsit\info.txt
    C:\rsit\log.txt

    0