Le rapport de hijackthis demander par wardia

huntermenter Messages postés 27 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,

j ai refai le scan de hijackthis que vs m'avez demander et j ai remarqué l ligne ci-dessous qui parait etre pour moi le probleme :

O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svghost.exe

sinon le rapport c'est ça :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:48, on 27/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nortek Keyboard Mouse Application\MouseDrv.exe
C:\Program Files\Nortek Keyboard Mouse Application\PS2USBKbdDrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\IcoSauve.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Nortek Keyboard Mouse Application\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Nortek Keyboard Mouse Application\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Windows Sound] svghost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svghost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98CD775D-AF9E-4219-B938-7BC3516D32D0}: NameServer = 196.217.246.210 212.217.0.13
O20 - Winlogon Notify: urqoMGVn - C:\WINDOWS\SYSTEM32\urqoMGVn.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 8048 bytes
Configuration: Windows XP
Firefox 3.0

9 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    oui tu as raison pour la ligne...

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Post egalement un nouveau rapport hijack this stp'

    @+
    0
  2. huntermenter Messages postés 27 Statut Membre 6
     
    le rapport de combofix

    ComboFix 08-06-20.4 - CHERIF 2008-06-28 18:55:27.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1625 [GMT 1:00]
    Endroit: C:\Documents and Settings\CHERIF\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMb72a3010.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\CMWvxyay.ini
    C:\WINDOWS\system32\CMWvxyay.ini2
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\tyhtnoaj.ini
    C:\WINDOWS\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_NPF

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-28 03:50 . 2008-06-28 03:50 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\Uniblue
    2008-06-28 03:49 . 2008-06-28 03:49 <REP> d-------- C:\Program Files\Uniblue
    2008-06-27 17:34 . 2008-06-27 17:35 161 --a------ C:\WINDOWS\Ferrari.ini
    2008-06-27 17:33 . 2008-06-27 17:33 2,425 --a------ C:\WINDOWS\unins000.dat
    2008-06-26 19:42 . 2008-06-26 19:46 <REP> d-------- C:\Program Files\NewLive All Audio To Mp3 Converter
    2008-06-26 19:41 . 2004-02-23 00:00 1,696,528 --------- C:\WINDOWS\system32\VBA6.DLL
    2008-06-26 19:41 . 2004-03-09 00:00 1,081,616 --------- C:\WINDOWS\system32\MSCOMCTL.OCX
    2008-06-26 19:41 . 2004-03-09 00:00 224,016 --------- C:\WINDOWS\system32\TABCTL32.OCX
    2008-06-26 19:41 . 2004-03-09 00:00 212,240 --------- C:\WINDOWS\system32\RICHTX32.OCX
    2008-06-26 19:41 . 2004-03-09 00:00 152,848 --------- C:\WINDOWS\system32\COMDLG32.OCX
    2008-06-26 19:41 . 1999-08-29 14:15 7,716 --------- C:\WINDOWS\system32\URLHIST.tlb
    2008-06-26 17:20 . 2008-06-26 17:20 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\Malwarebytes
    2008-06-26 17:19 . 2008-06-26 17:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-26 17:19 . 2008-06-26 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-26 17:19 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-26 17:19 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-25 17:53 . 2008-06-25 17:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-06-25 16:56 . 2008-06-26 18:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-25 16:56 . 2008-06-26 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-25 15:34 . 2008-06-25 15:34 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-24 16:07 . 2008-06-24 16:07 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\LGSync
    2008-06-24 14:49 . 2004-09-16 11:31 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll
    2008-06-24 14:49 . 2005-05-25 19:12 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
    2008-06-24 14:49 . 2006-04-05 17:45 798,773 --a------ C:\WINDOWS\system32\MFCO42D.DLL
    2008-06-24 14:49 . 2006-01-02 21:29 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
    2008-06-24 14:49 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx
    2008-06-24 14:49 . 2002-10-17 05:19 291,840 --a------ C:\WINDOWS\system32\msvcirtd.dll
    2008-06-24 14:49 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
    2008-06-24 14:49 . 2005-10-04 10:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2008-06-24 14:49 . 2005-06-28 22:12 36,864 --a------ C:\WINDOWS\system32\CSDLGE1LIB.dll
    2008-06-24 01:43 . 2008-06-24 01:43 <REP> d-------- C:\WINDOWS\UltraDefrag
    2008-06-23 23:38 . 2008-06-23 23:38 31 --a------ C:\WINDOWS\game.ini
    2008-06-23 23:16 . 2008-06-23 23:16 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-06-23 19:57 . 2008-06-23 19:57 <REP> d-------- C:\Program Files\Alwil Software
    2008-06-23 19:35 . 2008-04-13 19:33 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup
    2008-06-23 19:28 . 2004-08-19 17:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-06-23 19:12 . 2008-06-23 19:12 <REP> d-------- C:\WINDOWS\system32\fr
    2008-06-23 19:04 . 2008-06-23 19:13 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-06-23 17:31 . 2008-06-23 17:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
    2008-06-23 03:25 . 2008-06-23 03:25 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-23 01:17 . 2008-06-23 01:18 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\DAEMON Tools Pro
    2008-06-23 01:12 . 2008-06-25 03:26 <REP> d-------- C:\Program Files\DAEMON Tools Pro
    2008-06-23 01:05 . 2008-06-27 17:35 7,680,054 --a------ C:\WINDOWS\Ferrari.scr.bmp
    2008-06-22 23:10 . 2008-06-22 23:11 <REP> d-------- C:\Program Files\VirtualDJ
    2008-06-22 15:49 . 2008-06-22 15:49 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
    2008-06-22 04:40 . 2008-06-25 03:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DeskShare
    2008-06-22 04:36 . 2008-06-25 03:28 <REP> d-------- C:\Program Files\Fichiers communs\DeskShare Shared
    2008-06-22 04:36 . 2008-06-27 17:48 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-21 23:48 . 2006-11-11 14:02 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
    2008-06-21 23:11 . 2008-06-21 23:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
    2008-06-21 23:10 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
    2008-06-21 23:10 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
    2008-06-21 23:10 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
    2008-06-21 23:10 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
    2008-06-21 23:10 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
    2008-06-21 21:26 . 2008-06-21 21:26 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\Media Player Classic
    2008-06-21 21:26 . 2008-06-28 16:48 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-06-21 19:11 . 2008-06-23 18:01 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\DivX
    2008-06-21 18:54 . 2008-06-21 18:54 <REP> d-------- C:\Program Files\ooVoo
    2008-06-21 18:54 . 2008-06-21 18:59 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\ooVoo Details
    2008-06-21 17:35 . 2008-06-21 17:35 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\CyberLink
    2008-06-21 17:35 . 2008-06-21 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-06-21 17:34 . 2008-06-21 17:34 <REP> d-------- C:\Program Files\Fichiers communs\CyberLink
    2008-06-21 17:33 . 2008-06-21 17:35 <REP> d-------- C:\Program Files\CyberLink
    2008-06-21 17:32 . 2008-06-21 17:32 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
    2008-06-21 16:22 . 2008-06-28 03:51 <REP> d-------- C:\Program Files\Counter-Strike
    2008-06-21 14:22 . 2008-06-21 14:22 <REP> d-------- C:\Program Files\Microsoft Works
    2008-06-21 14:21 . 2008-06-28 03:52 <REP> d-------- C:\Program Files\MSBuild
    2008-06-21 14:19 . 2008-06-21 14:19 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-06-21 14:17 . 2008-06-21 14:17 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-06-21 14:15 . 2008-06-28 03:52 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-06-21 14:15 . 2008-06-21 14:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-21 14:14 . 2008-06-21 14:14 <REP> dr-h----- C:\MSOCache
    2008-06-21 14:11 . 2008-06-21 14:11 <REP> d-------- C:\Program Files\DivX
    2008-06-21 14:08 . 2008-06-28 00:40 <REP> d-------- C:\Program Files\JetAudio
    2008-06-21 14:08 . 2008-06-21 14:08 <REP> d-------- C:\Program Files\Fichiers communs\COWON
    2008-06-21 14:08 . 2008-06-21 14:08 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\COWON
    2008-06-21 14:06 . 2008-06-21 14:06 <REP> d-------- C:\Program Files\Xilisoft
    2008-06-21 14:06 . 2008-06-21 14:06 <REP> d-------- C:\Program Files\QuickTime
    2008-06-21 14:02 . 2008-06-21 14:02 <REP> dr-h----- C:\Documents and Settings\CHERIF\Application Data\SecuROM
    2008-06-21 14:02 . 2008-06-21 14:02 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-21 13:45 . 2008-06-21 13:45 <REP> d-------- C:\Program Files\KONAMI
    2008-06-21 13:19 . 2008-06-21 13:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-21 02:40 . 2008-06-21 02:40 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-06-21 02:40 . 2008-06-21 02:40 <REP> d-------- C:\Program Files\Circle Developement
    2008-06-21 02:40 . 2008-06-21 02:41 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\Inside regs
    2008-06-21 02:38 . 2008-06-21 02:40 <REP> d-------- C:\Documents and Settings\CHERIF\Contacts
    2008-06-21 02:33 . 2005-10-20 03:59 81,920 --a------ C:\WINDOWS\system32\ImageDrive.cpl
    2008-06-21 02:16 . 2008-06-21 02:16 <REP> d-------- C:\Program Files\Nero
    2008-06-21 02:16 . 2008-06-21 02:17 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-06-21 02:16 . 2008-06-24 02:16 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\Ahead
    2008-06-21 02:11 . 2008-06-21 02:37 <REP> d-------- C:\Program Files\Windows Live
    2008-06-21 02:11 . 2008-06-21 02:32 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-21 02:11 . 2008-06-21 02:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-21 02:04 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-06-21 02:04 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2008-06-21 02:00 . 2008-06-21 02:00 <REP> d-------- C:\Program Files\uTorrent
    2008-06-21 02:00 . 2008-06-28 18:30 <REP> d-------- C:\Documents and Settings\CHERIF\Application Data\uTorrent
    2008-06-21 02:00 . 2008-06-21 02:03 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-21 00:43 . 2008-06-21 00:43 0 --a------ C:\WINDOWS\nsreg.dat
    2008-06-21 00:39 . 2006-02-16 07:14 143,360 --a------ C:\WINDOWS\adiras.exe
    2008-06-21 00:39 . 2005-09-19 12:58 126,489 --a------ C:\WINDOWS\system32\adiusbaw.sys
    2008-06-21 00:39 . 2006-07-13 17:23 989 --a------ C:\WINDOWS\adiras.ini
    2008-06-21 00:39 . 2008-06-21 00:40 169 --a------ C:\WINDOWS\adidsl.ini
    2008-06-21 00:39 . 2006-07-13 17:23 21 --a------ C:\WINDOWS\Fast800.ini
    2008-06-21 00:38 . 2008-06-21 00:41 <REP> d-------- C:\Program Files\Menara
    2008-06-21 00:34 . 2008-06-21 00:34 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-06-21 00:34 . 2008-06-21 00:34 <REP> d-------- C:\Program Files\Nortek Keyboard Mouse Application
    2008-06-21 00:33 . 2008-06-21 00:33 <REP> d-------- C:\Program Files\Fichiers communs\snpstd3
    2008-06-21 00:33 . 2005-03-08 17:02 456,064 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys
    2008-06-21 00:33 . 2005-01-14 10:00 339,968 --a------ C:\WINDOWS\vsnpstd3.exe
    2008-06-21 00:33 . 2004-08-09 16:43 94,208 --a------ C:\WINDOWS\amcap.exe
    2008-06-21 00:33 . 2004-02-16 12:59 61,440 --a------ C:\WINDOWS\system32\csnpstd3.dll
    2008-06-21 00:33 . 2004-11-05 09:17 57,344 --a------ C:\WINDOWS\system32\rsnpstd3.dll
    2008-06-21 00:33 . 2004-08-30 10:00 36,864 --a------ C:\WINDOWS\system32\vsnpstd3.dll
    2008-06-21 00:33 . 2004-09-30 15:08 36,864 --a------ C:\WINDOWS\system32\dsnpstd3.ax
    2008-06-21 00:33 . 2004-12-08 17:40 20,480 --a------ C:\WINDOWS\usnpstd3.exe
    2008-06-21 00:33 . 2004-02-27 16:36 15,498 --a------ C:\WINDOWS\snpstd3.ini
    2008-06-21 00:33 . 2004-02-27 16:36 13,023 --a------ C:\WINDOWS\snpstd3.src
    2008-06-21 00:30 . 2008-06-23 18:26 <REP> d-------- C:\Program Files\SuperCopier2
    2008-06-21 00:30 . 2008-06-21 00:30 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-06-21 00:30 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-06-21 00:30 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
    2008-06-21 00:30 . 2004-01-11 23:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2008-06-21 00:30 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-27 23:36 --------- d-----w C:\Program Files\Yahoo!
    2008-06-21 00:48 --------- d-----w C:\Program Files\CCleaner
    2008-06-20 23:22 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-06-20 22:58 --------- d-----w C:\Program Files\MSXML 4.0
    2008-06-20 22:57 --------- d-----w C:\Program Files\WSTARTUP
    2008-06-20 22:57 --------- d-----w C:\Program Files\UTILS
    2008-06-20 22:57 --------- d-----w C:\Program Files\JEUX
    2008-06-20 22:50 --------- d-----w C:\Program Files\microsoft frontpage
    2008-05-06 06:01 16,512 ----a-w C:\WINDOWS\system32\drivers\ASPI32.SYS
    2008-04-13 18:34 70,656 ----a-w C:\WINDOWS\notepad.exe
    2008-04-13 18:34 32,866 ------w C:\WINDOWS\slrundll.exe
    2008-04-13 18:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe
    2008-04-13 18:34 153,088 ----a-w C:\WINDOWS\regedit.exe
    2008-04-13 18:34 10,752 ----a-w C:\WINDOWS\hh.exe
    2008-04-13 18:34 1,037,824 ----a-w C:\WINDOWS\explorer.exe
    2008-04-13 18:33 50,688 ----a-w C:\WINDOWS\twain_32.dll
    2008-04-13 18:33 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
    2008-04-13 18:33 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
    2008-04-13 18:33 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
    2008-04-13 18:33 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
    2008-04-13 18:33 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
    2008-04-13 18:33 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
    2008-04-13 18:33 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
    2008-04-13 18:33 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
    2008-04-13 18:33 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:34 5724184]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25 94208]
    "Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 09:50 9442584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-05 14:11 98304]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-05 14:13 114688]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 14:10 94208]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 08:28 16126464 C:\WINDOWS\RTHDCPL.exe]
    "WireLessMouse"="C:\Program Files\Nortek Keyboard Mouse Application\MouseDrv.exe" [2005-09-08 15:51 503808]
    "WireLessKeyboard"="C:\Program Files\Nortek Keyboard Mouse Application\PS2USBKbdDrv.exe" [2005-09-09 15:01 225280]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
    "RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 19:23 83240]
    "PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 10:36 50472]
    "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-03-21 11:21 91432]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Microsoft Windows Sound"="svghost.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Microsoft Windows Sound"="svghost.exe" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 0 (0x0)
    "LockTaskbar"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoResolveSearch"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMFUprogramsList"= 0 (0x0)
    "NoUserNameInStartMenu"= 0 (0x0)
    "MaxRecentDocs"= 15 (0xf)
    "NoInstrumentation"= 0 (0x0)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 0 (0x0)
    "DisallowCpl"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 19:34 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
    --a------ 2008-05-20 12:11 13260592 C:\Program Files\ooVoo\ooVoo.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\ooVoo\\ooVoo.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
    "37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
    "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
    "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
    "443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
    S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 11:33]
    S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2008-03-09 12:26]

    .
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    --a tout demain

    Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil
    0
    1. huntermenter Messages postés 27 Statut Membre 6
       
      slt et merci pour l'aide que vous m'aviez apporter , j crois que les problemes sont resolu enfin j croi parceque avec les vurtumonde rien n'est sure .mais en cas de problem j posterai le log sur le forum une de plus merci .
      0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    peux tu me poster un nouveau rapport hijack this stp

    @+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. huntermenter Messages postés 27 Statut Membre 6
     
    slt j ai encore fai le rapport , j pense que c propre mais j ai vous laisse l"examiner et merci .

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:29:08, on 02/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Nortek Keyboard Mouse Application\MouseDrv.exe
    C:\Program Files\Nortek Keyboard Mouse Application\PS2USBKbdDrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ooVoo\ooVoo.exe
    C:\Program Files\Menara\dslmon.exe
    C:\WINDOWS\system32\IcoSauve.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    M:\Setup.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://www.menara.ma/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Nortek Keyboard Mouse Application\MouseDrv.exe
    O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Nortek Keyboard Mouse Application\PS2USBKbdDrv.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [camp show] C:\DOCUME~1\sylla\APPLIC~1\VGALIC~1\Warn About 4.exe
    O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
    O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2E37BF63-B2A3-4ADE-959A-6275C10B062E}: NameServer = 196.217.246.210 212.217.0.13
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2E37BF63-B2A3-4ADE-959A-6275C10B062E}: NameServer = 196.217.246.210 212.217.0.13
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut

    il me semble que tu as une infection lop...

    Télécharge Lop S&D (de Angeldark et Eric71) sur le Bureau :
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    [*]Double-clique sur Lop S&D.exe pour lancer l'installation,
    [*]Puis double-clique sur le raccourci Lop S&D présent sur le Bureau.
    [*]Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
    Le scan prend moins d'une minute.
    [*]A l'issue du scan, le bloc-notes va s'ouvrir avec le résultat de la recherche.
    [*]Enregistre le rapport LopR.txt sur le Bureau pour le retrouver facilement, sinon il sauvegardé à la racine de la partition système : C:\LopR.txt

    @+
    0
    1. huntermenter Messages postés 27 Statut Membre 6
       
      salut !

      je ne comprend pas c quoi le lop dont vous me parliez , si c une infection ou autre mais de toute façon j ai sauver le rapport de lop s&d qui suit :


      -----------------------[ Lop S&D 4.2.1-9 XP/Vista

      ]---------------------

      [ Windows XP (NT 5.1) Build 2600, Service Pack 3 ]
      [ USER : sylla ] [ "C:\Lop SD" ] [ Selection : 1 ]
      [ 05/07/2008 | 16:38:41,85 ] [ PC : HUNTER-D73763CC ]
      [ MAJ : 01-07-2008 | 00:25 ]

      -------------[ Listing des dossiers dans Application Data ]------------

      [02/07/2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP>

      CyberLink
      [01/07/2008|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\62 desktop.ini
      [02/07/2008|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP>

      Diskeeper Corporation
      [03/07/2008|01:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP>

      Malwarebytes
      [01/07/2008|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP>

      Messenger Plus!
      [01/07/2008|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP>

      Microsoft
      [04/07/2008|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP>

      Microsoft Help
      [01/07/2008|16:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Office

      Genuine Advantage
      [01/07/2008|16:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Windows

      Genuine Advantage
      [01/07/2008|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP>

      WLInstaller
      [01/07/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Yahoo!

      Companion

      [01/07/2008|16:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\62 desktop.ini
      [01/07/2008|18:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<REP>

      Microsoft

      [01/07/2008|15:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\<REP>

      Microsoft

      [01/07/2008|15:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\<REP>

      Microsoft

      [13/04/2008|19:34] C:\DOCUME~1\sylla\APPLIC~1\23ÿ745 addon.dat
      [01/07/2008|16:49] C:\DOCUME~1\sylla\APPLIC~1\<REP> Adobe
      [01/07/2008|17:32] C:\DOCUME~1\sylla\APPLIC~1\<REP> Ahead
      [01/07/2008|15:58] C:\DOCUME~1\sylla\APPLIC~1\<REP> aignes
      [01/07/2008|18:53] C:\DOCUME~1\sylla\APPLIC~1\<REP> COWON
      [02/07/2008|00:15] C:\DOCUME~1\sylla\APPLIC~1\<REP> CyberLink
      [01/07/2008|16:16] C:\DOCUME~1\sylla\APPLIC~1\62 desktop.ini
      [03/07/2008|15:46] C:\DOCUME~1\sylla\APPLIC~1\<REP> Diino
      [04/07/2008|04:11] C:\DOCUME~1\sylla\APPLIC~1\<REP> DivX
      [05/07/2008|02:20] C:\DOCUME~1\sylla\APPLIC~1\<REP> dvdcss
      [04/07/2008|20:33] C:\DOCUME~1\sylla\APPLIC~1\<REP> fltk.org
      [01/07/2008|15:58] C:\DOCUME~1\sylla\APPLIC~1\<REP> gtopala
      [01/07/2008|15:58] C:\DOCUME~1\sylla\APPLIC~1\<REP> Identities
      [01/07/2008|16:49] C:\DOCUME~1\sylla\APPLIC~1\<REP> Macromedia
      [03/07/2008|01:03] C:\DOCUME~1\sylla\APPLIC~1\<REP>

      Malwarebytes
      [02/07/2008|01:58] C:\DOCUME~1\sylla\APPLIC~1\<REP> Media

      Player Classic
      [04/07/2008|15:59] C:\DOCUME~1\sylla\APPLIC~1\<REP> Microsoft
      [01/07/2008|16:17] C:\DOCUME~1\sylla\APPLIC~1\<REP> Mozilla
      [02/07/2008|00:13] C:\DOCUME~1\sylla\APPLIC~1\<REP> ooVoo

      Details
      [03/07/2008|14:47] C:\DOCUME~1\sylla\APPLIC~1\<REP>

      OtakuSoftware
      [01/07/2008|15:54] C:\DOCUME~1\sylla\APPLIC~1\<REP> Sun
      [05/07/2008|04:13] C:\DOCUME~1\sylla\APPLIC~1\<REP> uTorrent
      [03/07/2008|01:37] C:\DOCUME~1\sylla\APPLIC~1\<REP>

      VgaLicenseData
      [02/07/2008|04:11] C:\DOCUME~1\sylla\APPLIC~1\<REP> vlc
      [01/07/2008|18:49] C:\DOCUME~1\sylla\APPLIC~1\<REP> WinRAR

      ----------------[ Tâches planifiées dans C:\WINDOWS\tasks

      ]---------------

      [05/07/2008 15:45 booba][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [06/09/2002 20:59 booba][-r-h-----] C:\WINDOWS\tasks\desktop.ini

      ---------------[ Listing des dossiers dans C:\Program Files

      ]--------------

      [01/07/2008|16:23] C:\Program Files\<REP> Alwil Software
      [01/07/2008|16:34] C:\Program Files\<REP> ASUS
      [01/07/2008|16:13] C:\Program Files\<REP> Attansic
      [01/07/2008|18:37] C:\Program Files\<REP> CCleaner
      [05/07/2008|00:22] C:\Program Files\<REP> Circle Developement
      [01/07/2008|15:24] C:\Program Files\<REP> ComPlus Applications
      [04/07/2008|17:07] C:\Program Files\<REP> Counter-Strike
      [02/07/2008|00:11] C:\Program Files\<REP> CyberLink
      [03/07/2008|15:46] C:\Program Files\<REP> Diino
      [02/07/2008|22:59] C:\Program Files\<REP> Diskeeper Corporation
      [02/07/2008|01:09] C:\Program Files\<REP> DivX
      [02/07/2008|00:11] C:\Program Files\<REP> Fichiers communs
      [02/07/2008|01:40] C:\Program Files\<REP> InstallShield

      Installation Information
      [01/07/2008|16:02] C:\Program Files\<REP> Intel
      [01/07/2008|15:41] C:\Program Files\<REP> Internet Explorer
      [01/07/2008|15:54] C:\Program Files\<REP> Java
      [01/07/2008|17:14] C:\Program Files\<REP> JetAudio
      [01/07/2008|15:38] C:\Program Files\<REP> JEUX
      [04/07/2008|15:06] C:\Program Files\<REP> K-Lite Codec Pack
      [02/07/2008|01:25] C:\Program Files\<REP> KONAMI
      [03/07/2008|01:03] C:\Program Files\<REP> Malwarebytes'

      Anti-Malware
      [01/07/2008|16:30] C:\Program Files\<REP> Menara
      [01/07/2008|17:11] C:\Program Files\<REP> Messenger
      [01/07/2008|17:11] C:\Program Files\<REP> Messenger Plus! Live
      [01/07/2008|15:29] C:\Program Files\<REP> microsoft frontpage
      [01/07/2008|17:51] C:\Program Files\<REP> Microsoft Office
      [04/07/2008|16:37] C:\Program Files\<REP> Microsoft Silverlight
      [01/07/2008|17:50] C:\Program Files\<REP> Microsoft Visual

      Studio
      [01/07/2008|17:45] C:\Program Files\<REP> Microsoft Visual

      Studio 8
      [01/07/2008|17:51] C:\Program Files\<REP> Microsoft Works
      [01/07/2008|17:49] C:\Program Files\<REP> Microsoft.NET
      [01/07/2008|17:10] C:\Program Files\<REP> Movie Maker
      [05/07/2008|16:29] C:\Program Files\<REP> Mozilla Firefox
      [01/07/2008|17:51] C:\Program Files\<REP> MSBuild
      [01/07/2008|17:10] C:\Program Files\<REP> msn
      [01/07/2008|15:24] C:\Program Files\<REP> MSN Gaming Zone
      [01/07/2008|15:39] C:\Program Files\<REP> MSXML 4.0
      [01/07/2008|17:31] C:\Program Files\<REP> Nero
      [01/07/2008|17:08] C:\Program Files\<REP> NetMeeting
      [01/07/2008|16:34] C:\Program Files\<REP> Nortek Keyboard Mouse

      Application
      [02/07/2008|00:13] C:\Program Files\<REP> ooVoo
      [01/07/2008|17:08] C:\Program Files\<REP> Outlook Express
      [04/07/2008|15:59] C:\Program Files\<REP> Project64 1.6
      [01/07/2008|16:08] C:\Program Files\<REP> Realtek
      [03/07/2008|00:57] C:\Program Files\<REP> RocketDock
      [03/07/2008|14:49] C:\Program Files\<REP> SereneScreen
      [01/07/2008|16:15] C:\Program Files\<REP> SuperCopier2
      [03/07/2008|14:47] C:\Program Files\<REP> TopDesk
      [01/07/2008|18:09] C:\Program Files\<REP> Trend Micro
      [01/07/2008|15:24] C:\Program Files\<REP> Uninstall Information
      [01/07/2008|15:38] C:\Program Files\<REP> UTILS
      [01/07/2008|18:36] C:\Program Files\<REP> uTorrent
      [01/07/2008|17:11] C:\Program Files\<REP> VgaLicenseData
      [02/07/2008|03:13] C:\Program Files\<REP> VideoLAN
      [01/07/2008|17:07] C:\Program Files\<REP> Windows Live
      [01/07/2008|15:52] C:\Program Files\<REP> Windows Media Connect

      2
      [01/07/2008|17:08] C:\Program Files\<REP> Windows Media Player
      [01/07/2008|17:08] C:\Program Files\<REP> Windows NT
      [01/07/2008|15:26] C:\Program Files\<REP> WindowsUpdate
      [01/07/2008|16:15] C:\Program Files\<REP> WinRAR
      [01/07/2008|15:53] C:\Program Files\<REP> WMV9_VCM
      [01/07/2008|15:38] C:\Program Files\<REP> WSTARTUP
      [01/07/2008|15:29] C:\Program Files\<REP> xerox
      [01/07/2008|16:53] C:\Program Files\<REP> Yahoo!
      [04/07/2008|23:02] C:\Program Files\<REP> YouTube Downloader

      ------[ Listing des dossiers dans C:\Program Files\Fichiers communs

      ]------

      [01/07/2008|17:33] C:\Program Files\Fichiers communs\<REP>

      Ahead
      [01/07/2008|17:14] C:\Program Files\Fichiers communs\<REP>

      COWON
      [02/07/2008|00:11] C:\Program Files\Fichiers communs\<REP>

      CyberLink
      [01/07/2008|17:50] C:\Program Files\Fichiers communs\<REP>

      DESIGNER
      [01/07/2008|16:34] C:\Program Files\Fichiers communs\<REP>

      InstallShield
      [01/07/2008|15:54] C:\Program Files\Fichiers communs\<REP> Java
      [04/07/2008|16:42] C:\Program Files\Fichiers communs\<REP>

      Microsoft Shared
      [01/07/2008|15:25] C:\Program Files\Fichiers communs\<REP>

      MSSoap
      [01/07/2008|16:17] C:\Program Files\Fichiers communs\<REP> ODBC
      [01/07/2008|15:25] C:\Program Files\Fichiers communs\<REP>

      Services
      [01/07/2008|16:35] C:\Program Files\Fichiers communs\<REP>

      snpstd3
      [01/07/2008|16:16] C:\Program Files\Fichiers communs\<REP>

      SpeechEngines
      [01/07/2008|17:44] C:\Program Files\Fichiers communs\<REP>

      System
      [01/07/2008|16:55] C:\Program Files\Fichiers communs\<REP>

      WindowsLiveInstaller

      ---------------------------[ Process ]--------------------------

      ... 42

      IEXPLORE.EXE ~ [2708]

      ----------------------[ Recherche avec S_Lop ]---------------------

      Aucun fichier / dossier Lop trouvé !

      -----------------[ Recherche de Fichiers / Dossiers Lop

      ]-----------------

      C:\Program Files\Circle Developement
      C:\DOCUME~1\sylla\Cookies\sylla@adopt.euroclick[1].txt

      ----------------------[ Verification du Registre ]----------------------

      ..... OK !

      --------------------[ Verification du fichier Hosts

      ]---------------------

      Fichier Hosts PROPRE


      ----------------[ Recherche de fichiers avec Catchme ]-----------------

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by

      Gmer, http://www.gmer.net
      Rootkit scan 2008-07-05 16:41:50
      Windows 5.1.2600 Service Pack 3 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 0

      --------------------[ Recherche d'autres infections

      ]---------------------

      => C:\DOCUME~1\sylla\MESDOC~1\Downloads\Diskeeper Pro Premier 2008

      12.0.758.0 + Crack [App][English][www.zonatorrent.com].rar
      => C:\DOCUME~1\sylla\MESDOC~1\Downloads\[HOT!] NERO 8.4.0.0 ULTRA

      Edition PRE-Release (FULL Incl CRACK! + KEYGEN!).zip
      => C:\DOCUME~1\sylla\MESDOC~1\Downloads\Autodesk.3ds.Max.2009.Keygen.rar
      => C:\DOCUME~1\sylla\MESDOC~1\Downloads\Avast! Antivirus & Antispyware

      Professional 4.8.1201 + Keygen
      => C:\DOCUME~1\sylla\MESDOC~1\Downloads\Diskeeper_ 2008 _Pro Premier

      12.0.781+Keygen
      => C:\DOCUME~1\sylla\MESDOC~1\Downloads\[HOT!] NERO 8.4.0.0 ULTRA

      Edition PRE-Release (FULL Incl CRACK! + KEYGEN!).zip
      => C:\DOCUME~1\sylla\MESDOC~1\Downloads\Avast! Antivirus & Antispyware

      Professional 4.8.1201 + Keygen\Keygen
      => C:\DOCUME~1\sylla\MESDOC~1\Downloads\Avast! Antivirus & Antispyware

      Professional 4.8.1201 + Keygen\Keygen\AvastKeygen.exe
      => C:\DOCUME~1\sylla\MESDOC~1\Downloads\Diskeeper_ 2008 _Pro Premier

      12.0.781+Keygen\Diskeeper setup.exe
      => C:\DOCUME~1\sylla\MESDOC~1\Downloads\Diskeeper_ 2008 _Pro Premier

      12.0.781+Keygen\Key
      => C:\DOCUME~1\sylla\MESDOC~1\Downloads\Diskeeper_ 2008 _Pro Premier

      12.0.781+Keygen\Key\DC Keygen.exe
      => C:\Documents and Settings\sylla\Application Data\uTorrent\Diskeeper

      Pro Premier 2008 12.0.758.0 + Crack

      [App][English][www.zonatorrent.com].rar.torrent
      => C:\Documents and Settings\sylla\Application Data\uTorrent\[HOT!] NERO

      8.4.0.0 ULTRA Edition PRE-Release (FULL Incl CRACK! + KEYGEN!).zip.torrent
      => C:\Documents and Settings\sylla\Bureau\Torrent doc\Assassins Creed

      Game PC multilanguage - With Crack [mininova].torrent
      => C:\Documents and Settings\sylla\Bureau\Torrent

      doc\Diskeeper_Premiere_PRO_12.0.758_With_Crack [mininova].torrent
      => C:\Documents and Settings\sylla\Bureau\Torrent

      doc\Diskeeper_Pro_Premier_2008_12.0.758.0___Crack_[App][English].rar.407960

      0.TPB.torrent
      => C:\Documents and Settings\sylla\Bureau\Torrent

      doc\[HOT!]_NERO_8.4.0.0_ULTRA_Edition_PRE-Release_(FULL_Incl_CRACK!_+_KEYGE

      N!).torrent
      => C:\Documents and Settings\sylla\Mes documents\Downloads\Diskeeper Pro

      Premier 2008 12.0.758.0 + Crack [App][English][www.zonatorrent.com].rar
      => C:\Documents and Settings\sylla\Mes documents\Downloads\[HOT!] NERO

      8.4.0.0 ULTRA Edition PRE-Release (FULL Incl CRACK! + KEYGEN!).zip
      => C:\Documents and Settings\sylla\Application

      Data\uTorrent\Autodesk.3ds.Max.2009.Keygen.rar.torrent
      => C:\Documents and Settings\sylla\Application Data\uTorrent\Avast!

      Antivirus & Antispyware Professional 4.8.1201 + Keygen.torrent
      => C:\Documents and Settings\sylla\Application Data\uTorrent\Diskeeper_

      2008 _Pro Premier 12.0.781+Keygen.torrent
      => C:\Documents and Settings\sylla\Application Data\uTorrent\[HOT!] NERO

      8.4.0.0 ULTRA Edition PRE-Release (FULL Incl CRACK! + KEYGEN!).zip.torrent
      => C:\Documents and Settings\sylla\Bureau\Torrent

      doc\Autodesk_3ds_Max_2009_Keygen.torrent
      => C:\Documents and Settings\sylla\Bureau\Torrent doc\Diskeeper_ 2008

      _Pro Premier 12.0.781+Keygen [mininova].torrent
      => C:\Documents and Settings\sylla\Bureau\Torrent

      doc\[HOT!]_NERO_8.4.0.0_ULTRA_Edition_PRE-Release_(FULL_Incl_CRACK!_+_KEYGE

      N!).torrent
      => C:\Documents and Settings\sylla\Mes

      documents\Downloads\Autodesk.3ds.Max.2009.Keygen.rar
      => C:\Documents and Settings\sylla\Mes documents\Downloads\Avast!

      Antivirus & Antispyware Professional 4.8.1201 + Keygen
      => C:\Documents and Settings\sylla\Mes documents\Downloads\Diskeeper_

      2008 _Pro Premier 12.0.781+Keygen
      => C:\Documents and Settings\sylla\Mes documents\Downloads\[HOT!] NERO

      8.4.0.0 ULTRA Edition PRE-Release (FULL Incl CRACK! + KEYGEN!).zip
      => C:\Documents and Settings\sylla\Mes documents\Downloads\Avast!

      Antivirus & Antispyware Professional 4.8.1201 + Keygen\Keygen
      => C:\Documents and Settings\sylla\Mes documents\Downloads\Avast!

      Antivirus & Antispyware Professional 4.8.1201 +

      Keygen\Keygen\AvastKeygen.exe
      => C:\Documents and Settings\sylla\Mes documents\Downloads\Diskeeper_

      2008 _Pro Premier 12.0.781+Keygen\Diskeeper setup.exe
      => C:\Documents and Settings\sylla\Mes documents\Downloads\Diskeeper_

      2008 _Pro Premier 12.0.781+Keygen\Key
      => C:\Documents and Settings\sylla\Mes documents\Downloads\Diskeeper_

      2008 _Pro Premier 12.0.781+Keygen\Key\DC Keygen.exe


      [F:84][D:4]-> C:\DOCUME~1\sylla\LOCALS~1\Temp
      [F:27][D:0]-> C:\DOCUME~1\sylla\Cookies
      [F:269][D:5]-> C:\DOCUME~1\sylla\LOCALS~1\TEMPOR~1\content.IE5

      --------------------[ Fin du rapport a 16:42:37,18

      ]----------------------

      et j'atend votre reponse pour y remedier mais j croi d'apres le rapport qu'il a ete supprimer mais j prefere votre reponse et merci pour l'aide sue vs m'aporter .
      0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    oui il y a bien une infection de type lop...

    pour la nettoyer utilise lopsd et execute l´option 2 post le nouveau rapport

    je voie aussi que tu as une tonne de cracks infectés...

    il va falloir les supprimer

    diskkeeper 2008
    nero
    avast

    tous les keygens ect

    qui sont dans tes documents torrent...

    passe ce scan en ligne stp

    Fais un scan en ligne Kaspersky avec Internet Explorer :
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    -> Click sur Démarrer Online-Scanner
    -> Click maintenant sur J'accepte.
    -> Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
    -> Patiente pendant l'installation des Mises à jour.
    -> Choisis par la suite l'analyse du Poste de travail.
    -> Sauvegarde puis colle le rapport généré en fin d'analyse.

    @+
    0
  9. huntermenter Messages postés 27 Statut Membre 6
     
    slt j vous ai fai un autre rapport comme vous l'avez demandé qui suit :

    -----------------------[ Lop S&D 4.2.1-9 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 3 ]
    [ USER : sylla ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 08/07/2008 | 4:02:22,09 ] [ PC : HUNTER-D73763CC ]
    [ MAJ : 01-07-2008 | 00:25 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [02/07/2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> CyberLink
    [01/07/2008|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\62 desktop.ini
    [02/07/2008|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Diskeeper Corporation
    [08/07/2008|00:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab
    [06/07/2008|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab Setup Files
    [03/07/2008|01:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Malwarebytes
    [01/07/2008|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Messenger Plus!
    [01/07/2008|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Microsoft
    [04/07/2008|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Microsoft Help
    [05/07/2008|23:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Nero
    [01/07/2008|16:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Office Genuine Advantage
    [06/07/2008|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Spybot - Search & Destroy
    [01/07/2008|16:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Windows Genuine Advantage
    [01/07/2008|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> WLInstaller
    [01/07/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Yahoo! Companion

    [01/07/2008|16:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\62 desktop.ini
    [01/07/2008|18:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<REP> Microsoft

    [01/07/2008|15:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\<REP> Microsoft

    [01/07/2008|15:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\<REP> Microsoft

    [13/04/2008|19:34] C:\DOCUME~1\sylla\APPLIC~1\23ÿ745 addon.dat
    [01/07/2008|16:49] C:\DOCUME~1\sylla\APPLIC~1\<REP> Adobe
    [01/07/2008|15:58] C:\DOCUME~1\sylla\APPLIC~1\<REP> aignes
    [01/07/2008|18:53] C:\DOCUME~1\sylla\APPLIC~1\<REP> COWON
    [02/07/2008|00:15] C:\DOCUME~1\sylla\APPLIC~1\<REP> CyberLink
    [01/07/2008|16:16] C:\DOCUME~1\sylla\APPLIC~1\62 desktop.ini
    [03/07/2008|15:46] C:\DOCUME~1\sylla\APPLIC~1\<REP> Diino
    [04/07/2008|04:11] C:\DOCUME~1\sylla\APPLIC~1\<REP> DivX
    [07/07/2008|01:21] C:\DOCUME~1\sylla\APPLIC~1\<REP> dvdcss
    [04/07/2008|20:33] C:\DOCUME~1\sylla\APPLIC~1\<REP> fltk.org
    [01/07/2008|15:58] C:\DOCUME~1\sylla\APPLIC~1\<REP> gtopala
    [01/07/2008|15:58] C:\DOCUME~1\sylla\APPLIC~1\<REP> Identities
    [01/07/2008|16:49] C:\DOCUME~1\sylla\APPLIC~1\<REP> Macromedia
    [03/07/2008|01:03] C:\DOCUME~1\sylla\APPLIC~1\<REP> Malwarebytes
    [02/07/2008|01:58] C:\DOCUME~1\sylla\APPLIC~1\<REP> Media Player Classic
    [05/07/2008|23:43] C:\DOCUME~1\sylla\APPLIC~1\<REP> Microsoft
    [01/07/2008|16:17] C:\DOCUME~1\sylla\APPLIC~1\<REP> Mozilla
    [05/07/2008|23:24] C:\DOCUME~1\sylla\APPLIC~1\<REP> Nero
    [02/07/2008|00:13] C:\DOCUME~1\sylla\APPLIC~1\<REP> ooVoo Details
    [03/07/2008|14:47] C:\DOCUME~1\sylla\APPLIC~1\<REP> OtakuSoftware
    [01/07/2008|15:54] C:\DOCUME~1\sylla\APPLIC~1\<REP> Sun
    [08/07/2008|00:02] C:\DOCUME~1\sylla\APPLIC~1\<REP> TrueCrypt
    [08/07/2008|00:57] C:\DOCUME~1\sylla\APPLIC~1\<REP> uTorrent
    [03/07/2008|01:37] C:\DOCUME~1\sylla\APPLIC~1\<REP> VgaLicenseData
    [07/07/2008|22:50] C:\DOCUME~1\sylla\APPLIC~1\<REP> Vista Start Menu
    [02/07/2008|04:11] C:\DOCUME~1\sylla\APPLIC~1\<REP> vlc
    [01/07/2008|18:49] C:\DOCUME~1\sylla\APPLIC~1\<REP> WinRAR

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [08/07/2008 00:05 booba][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [06/09/2002 20:59 booba][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [01/07/2008|16:23] C:\Program Files\<REP> Alwil Software
    [01/07/2008|16:34] C:\Program Files\<REP> ASUS
    [01/07/2008|16:13] C:\Program Files\<REP> Attansic
    [01/07/2008|18:37] C:\Program Files\<REP> CCleaner
    [05/07/2008|00:22] C:\Program Files\<REP> Circle Developement
    [07/07/2008|21:44] C:\Program Files\<REP> CommentCaMarche
    [01/07/2008|15:24] C:\Program Files\<REP> ComPlus Applications
    [04/07/2008|17:07] C:\Program Files\<REP> Counter-Strike
    [02/07/2008|00:11] C:\Program Files\<REP> CyberLink
    [02/07/2008|22:59] C:\Program Files\<REP> Diskeeper Corporation
    [02/07/2008|01:09] C:\Program Files\<REP> DivX
    [05/07/2008|23:21] C:\Program Files\<REP> Fichiers communs
    [02/07/2008|01:40] C:\Program Files\<REP> InstallShield Installation Information
    [01/07/2008|16:02] C:\Program Files\<REP> Intel
    [01/07/2008|15:41] C:\Program Files\<REP> Internet Explorer
    [01/07/2008|15:54] C:\Program Files\<REP> Java
    [01/07/2008|17:14] C:\Program Files\<REP> JetAudio
    [01/07/2008|15:38] C:\Program Files\<REP> JEUX
    [06/07/2008|23:40] C:\Program Files\<REP> Kaspersky Lab
    [04/07/2008|15:06] C:\Program Files\<REP> K-Lite Codec Pack
    [02/07/2008|01:25] C:\Program Files\<REP> KONAMI
    [01/07/2008|16:30] C:\Program Files\<REP> Menara
    [01/07/2008|17:11] C:\Program Files\<REP> Messenger
    [01/07/2008|17:11] C:\Program Files\<REP> Messenger Plus! Live
    [01/07/2008|15:29] C:\Program Files\<REP> microsoft frontpage
    [01/07/2008|17:51] C:\Program Files\<REP> Microsoft Office
    [04/07/2008|16:37] C:\Program Files\<REP> Microsoft Silverlight
    [01/07/2008|17:50] C:\Program Files\<REP> Microsoft Visual Studio
    [01/07/2008|17:45] C:\Program Files\<REP> Microsoft Visual Studio 8
    [01/07/2008|17:51] C:\Program Files\<REP> Microsoft Works
    [01/07/2008|17:49] C:\Program Files\<REP> Microsoft.NET
    [01/07/2008|17:10] C:\Program Files\<REP> Movie Maker
    [08/07/2008|00:07] C:\Program Files\<REP> Mozilla Firefox
    [01/07/2008|17:51] C:\Program Files\<REP> MSBuild
    [01/07/2008|17:10] C:\Program Files\<REP> msn
    [01/07/2008|15:24] C:\Program Files\<REP> MSN Gaming Zone
    [01/07/2008|15:39] C:\Program Files\<REP> MSXML 4.0
    [05/07/2008|23:21] C:\Program Files\<REP> Nero
    [01/07/2008|17:08] C:\Program Files\<REP> NetMeeting
    [01/07/2008|16:34] C:\Program Files\<REP> Nortek Keyboard Mouse Application
    [02/07/2008|00:13] C:\Program Files\<REP> ooVoo
    [01/07/2008|17:08] C:\Program Files\<REP> Outlook Express
    [04/07/2008|15:59] C:\Program Files\<REP> Project64 1.6
    [01/07/2008|16:08] C:\Program Files\<REP> Realtek
    [03/07/2008|00:57] C:\Program Files\<REP> RocketDock
    [03/07/2008|14:49] C:\Program Files\<REP> SereneScreen
    [06/07/2008|15:55] C:\Program Files\<REP> Spybot - Search & Destroy
    [01/07/2008|16:15] C:\Program Files\<REP> SuperCopier2
    [07/07/2008|01:43] C:\Program Files\<REP> TopDesk
    [01/07/2008|18:09] C:\Program Files\<REP> Trend Micro
    [08/07/2008|00:02] C:\Program Files\<REP> TrueCrypt
    [01/07/2008|15:24] C:\Program Files\<REP> Uninstall Information
    [01/07/2008|15:38] C:\Program Files\<REP> UTILS
    [01/07/2008|18:36] C:\Program Files\<REP> uTorrent
    [01/07/2008|17:11] C:\Program Files\<REP> VgaLicenseData
    [02/07/2008|03:13] C:\Program Files\<REP> VideoLAN
    [06/07/2008|18:40] C:\Program Files\<REP> Vista Start Menu
    [01/07/2008|17:07] C:\Program Files\<REP> Windows Live
    [01/07/2008|15:52] C:\Program Files\<REP> Windows Media Connect 2
    [01/07/2008|17:08] C:\Program Files\<REP> Windows Media Player
    [01/07/2008|17:08] C:\Program Files\<REP> Windows NT
    [01/07/2008|15:26] C:\Program Files\<REP> WindowsUpdate
    [01/07/2008|16:15] C:\Program Files\<REP> WinRAR
    [01/07/2008|15:53] C:\Program Files\<REP> WMV9_VCM
    [01/07/2008|15:38] C:\Program Files\<REP> WSTARTUP
    [01/07/2008|15:29] C:\Program Files\<REP> xerox
    [07/07/2008|23:14] C:\Program Files\<REP> Xilisoft
    [01/07/2008|16:53] C:\Program Files\<REP> Yahoo!
    [04/07/2008|23:02] C:\Program Files\<REP> YouTube Downloader

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [01/07/2008|17:14] C:\Program Files\Fichiers communs\<REP> COWON
    [02/07/2008|00:11] C:\Program Files\Fichiers communs\<REP> CyberLink
    [01/07/2008|17:50] C:\Program Files\Fichiers communs\<REP> DESIGNER
    [01/07/2008|16:34] C:\Program Files\Fichiers communs\<REP> InstallShield
    [01/07/2008|15:54] C:\Program Files\Fichiers communs\<REP> Java
    [05/07/2008|23:16] C:\Program Files\Fichiers communs\<REP> Microsoft Shared
    [01/07/2008|15:25] C:\Program Files\Fichiers communs\<REP> MSSoap
    [05/07/2008|23:22] C:\Program Files\Fichiers communs\<REP> Nero
    [01/07/2008|16:17] C:\Program Files\Fichiers communs\<REP> ODBC
    [01/07/2008|15:25] C:\Program Files\Fichiers communs\<REP> Services
    [01/07/2008|16:35] C:\Program Files\Fichiers communs\<REP> snpstd3
    [01/07/2008|16:16] C:\Program Files\Fichiers communs\<REP> SpeechEngines
    [01/07/2008|17:44] C:\Program Files\Fichiers communs\<REP> System
    [01/07/2008|16:55] C:\Program Files\Fichiers communs\<REP> WindowsLiveInstaller

    ---------------------------[ Process ]--------------------------

    ... 31

    ... OK !

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\Program Files\Circle Developement

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-08 04:07:49
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    => C:\Documents and Settings\sylla\Application Data\uTorrent\Diskeeper Pro Premier 2008 12.0.758.0 + Crack [App][English][www.zonatorrent.com].rar.torrent
    => C:\Documents and Settings\sylla\Application Data\uTorrent\[HOT!] NERO 8.4.0.0 ULTRA Edition PRE-Release (FULL Incl CRACK! + KEYGEN!).zip.torrent
    => C:\Documents and Settings\sylla\Bureau\Torrent doc\Assassins Creed Game PC multilanguage - With Crack [mininova].torrent
    => C:\Documents and Settings\sylla\Bureau\Torrent doc\Diskeeper_Premiere_PRO_12.0.758_With_Crack [mininova].torrent
    => C:\Documents and Settings\sylla\Bureau\Torrent doc\Diskeeper_Pro_Premier_2008_12.0.758.0___Crack_[App][English].rar.4079600.TPB.torrent
    => C:\Documents and Settings\sylla\Bureau\Torrent doc\[HOT!]_NERO_8.4.0.0_ULTRA_Edition_PRE-Release_(FULL_Incl_CRACK!_+_KEYGEN!).torrent
    => C:\Documents and Settings\sylla\Application Data\uTorrent\Autodesk.3ds.Max.2009.Keygen.rar.torrent
    => C:\Documents and Settings\sylla\Application Data\uTorrent\Avast! Antivirus & Antispyware Professional 4.8.1201 + Keygen.torrent
    => C:\Documents and Settings\sylla\Application Data\uTorrent\Diskeeper_ 2008 _Pro Premier 12.0.781+Keygen.torrent
    => C:\Documents and Settings\sylla\Application Data\uTorrent\[HOT!] NERO 8.4.0.0 ULTRA Edition PRE-Release (FULL Incl CRACK! + KEYGEN!).zip.torrent
    => C:\Documents and Settings\sylla\Bureau\Torrent doc\Autodesk_3ds_Max_2009_Keygen.torrent
    => C:\Documents and Settings\sylla\Bureau\Torrent doc\Diskeeper_ 2008 _Pro Premier 12.0.781+Keygen [mininova].torrent
    => C:\Documents and Settings\sylla\Bureau\Torrent doc\[HOT!]_NERO_8.4.0.0_ULTRA_Edition_PRE-Release_(FULL_Incl_CRACK!_+_KEYGEN!).torrent

    [F:51][D:2]-> C:\DOCUME~1\sylla\LOCALS~1\Temp
    [F:2][D:0]-> C:\DOCUME~1\sylla\Cookies
    [F:6][D:5]-> C:\DOCUME~1\sylla\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 4:08:43,62 ]----------------------

    j oubliai vous me dite aussi de faire un scan-online de kaspersky sur internet explorer mais j voulai faire une remarque parceque j travail la plus part du temps sur mozilla firefox et quand j"essai de faire sur mozilla ça passe pas mais j fai sur IE comme j ai pas terminer je vous enverrai plustard merci .
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    tu n´as pas vraiment supprimés les cracks de ton ordinateur ?!

    * Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

    C:\Program Files\Circle Developement
    C:\Documents and Settings\sylla\Application Data\uTorrent\Diskeeper Pro Premier 2008 12.0.758.0 + Crack [App][English][www.zonatorrent.com].rar.torrent
    C:\Documents and Settings\sylla\Application Data\uTorrent\[HOT!] NERO 8.4.0.0 ULTRA Edition PRE-Release (FULL Incl CRACK! + KEYGEN!).zip.torrent
    C:\Documents and Settings\sylla\Bureau\Torrent doc\Assassins Creed Game PC multilanguage - With Crack [mininova].torrent
    C:\Documents and Settings\sylla\Bureau\Torrent doc\Diskeeper_Pro_Premier_2008_12.0.758.0___Crack_[App][English].rar.4079600.TPB.torrent
    C:\Documents and Settings\sylla\Application Data\uTorrent\Autodesk.3ds.Max.2009.Keygen.rar.torrent
    C:\Documents and Settings\sylla\Bureau\Torrent doc\[HOT!]_NERO_8.4.0.0_ULTRA_Edition_PRE-Release_(FULL_Incl_CRACK!_+_KEYGEN!).torrent
    C:\Documents and Settings\sylla\Application Data\uTorrent\Avast! Antivirus & Antispyware Professional 4.8.1201 + Keygen.torrent
    C:\Documents and Settings\sylla\Application Data\uTorrent\Diskeeper_ 2008 _Pro Premier 12.0.781+Keygen.torrent
    C:\Documents and Settings\sylla\Application Data\uTorrent\[HOT!] NERO 8.4.0.0 ULTRA Edition PRE-Release (FULL Incl CRACK! + KEYGEN!).zip.torrent
    C:\Documents and Settings\sylla\Bureau\Torrent doc\Autodesk_3ds_Max_2009_Keygen.torrent
    C:\Documents and Settings\sylla\Bureau\Torrent doc\Diskeeper_ 2008 _Pro Premier 12.0.781+Keygen [mininova].torrent
    C:\Documents and Settings\sylla\Bureau\Torrent doc\[HOT!]_NERO_8.4.0.0_ULTRA_Edition_PRE-Release_(FULL_Incl_CRACK!_+_KEYGEN!).torrent

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

    oui post le rapport de kaspersky ainsi que celui d´ot_move it

    @+
    0