Bonjour, j'ai de nombreux beug,des le démarrage de windows il y a des messages qui s'affichent sur mon écran,mon ordi est lent,de la pub s'affiche sur internet,mon poste de travail met plusieurs secondes a s'ouvrir il y a une sorte de lampe qui recherche comme si je n'avais plus de mémoire alors que j'ai plus de 6go de libre. merci de m'aider

Beug intempestifs [Résolu]

Réponse 1 / 17

douchka66 Messages postés 1693 Date d'inscription Statut Membre Dernière intervention 46

bonjour installes malwarebytes scan complet et supprime ensuite ccleaner et redémarre le pc donne réponse

tinnaa Messages postés 23 Statut Membre

j'ai déja installé malwarebytes

douchka66 Messages postés 1693 Date d'inscription Statut Membre Dernière intervention 46 > tinnaa Messages postés 23 Statut Membre

toutes les semaines un scan complet mais maintenant il faut faire une mise a jour et ccleaner

tinnaa Messages postés 23 Statut Membre > douchka66 Messages postés 1693 Date d'inscription Statut Membre Dernière intervention

j'ai fait tout ca mais ca n'y change rien

douchka66 Messages postés 1693 Date d'inscription Statut Membre Dernière intervention 46 > tinnaa Messages postés 23 Statut Membre

recommence et ccleaner apres une défragmentation

Réponse 2 / 17

Utilisateur anonyme

Salut,

Télécharge HijackThis ici :

-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp..

tinnaa

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:15, on 25/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Moon Secure Antivirus\moontray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-4082-A59B-9E7C25708DD7} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe" /silent
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Moon Secure Antivirus] "C:\Program Files\Moon Secure Antivirus\moontray.exe"
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\Media Bin.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Updater] C:\Program Files\Carpe Diem\MadameSalope[1]\CDUpdater.exe CD_UPDATER
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window math] C:\DOCUME~1\CYNTHI~1\APPLIC~1\OPTION~1\Online Web Ante.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: A3Cab1 - http://www.globalcashsolutions.com/kithtml/A3Cab1.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Daphne.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.mega-galerie.com/perso/WebInstall.dll
O16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} (Ulysse Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Penelope.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/13536/CD/ParisVoyeur.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A5173EA8-1337-4BAB-A67E-198C9919D9CC} (Loader Class) - http://213.11.100.127/websetup/websetup2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B4E0F9CB-BC06-4A33-BBB3-F75F16B6FF5E} (Tristan Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Iseult.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/dialogue-fr.exe
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Réponse 3 / 17

Utilisateur anonyme

télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

tinnaa

--------------------\\ Lop S&D 4.2.2-4 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Cynthia ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 25/07/2008 | 17:53:32,79 ] [ PC : SIEMENS ]
[ MAJ : 25-07-2008 | 17:45 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[15/12/2005|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[14/01/2007|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[14/01/2007|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[14/01/2007|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[23/07/2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\clockthisdoesamok
[22/07/2003|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[23/07/2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
[21/12/2007|14:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[24/07/2008|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[07/10/2005|23:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[29/01/2006|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/09/2003|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[09/01/2008|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[04/01/2004|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[22/07/2003|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[28/10/2007|22:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[14/09/2007|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Two Idol Wave Flag
[26/05/2004|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[28/08/2007|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[11/05/2006|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinSoftware
[28/08/2007|15:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[21/06/2008|12:29] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Adobe
[13/03/2008|20:06] C:\DOCUME~1\CYNTHI~1\APPLIC~1\AdobeUM
[24/02/2006|15:07] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Ahead
[18/06/2006|20:53] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Aim
[26/10/2006|18:26] C:\DOCUME~1\CYNTHI~1\APPLIC~1\aMule
[01/07/2005|19:42] C:\DOCUME~1\CYNTHI~1\APPLIC~1\AOL
[09/04/2005|11:35] C:\DOCUME~1\CYNTHI~1\APPLIC~1\ArcSoft
[28/10/2006|15:26] C:\DOCUME~1\CYNTHI~1\APPLIC~1\BitTorrent
[22/02/2006|14:54] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Creative
[07/04/2006|16:47] C:\DOCUME~1\CYNTHI~1\APPLIC~1\DeepBurner Pro
[22/07/2003|09:25] C:\DOCUME~1\CYNTHI~1\APPLIC~1\desktop.ini
[31/07/2007|20:50] C:\DOCUME~1\CYNTHI~1\APPLIC~1\DivX
[02/05/2005|12:21] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Ecran de veille
[18/07/2005|14:18] C:\DOCUME~1\CYNTHI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
[26/06/2008|18:54] C:\DOCUME~1\CYNTHI~1\APPLIC~1\GetRightToGo
[01/11/2005|14:04] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Google
[29/07/2005|15:03] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Help
[22/07/2003|08:36] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Identities
[16/12/2007|16:38] C:\DOCUME~1\CYNTHI~1\APPLIC~1\InfraRecorder
[13/09/2003|11:40] C:\DOCUME~1\CYNTHI~1\APPLIC~1\InterVideo
[17/12/2004|10:42] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Lycos
[20/09/2006|18:31] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Macromedia
[24/07/2008|21:35] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Malwarebytes
[21/12/2007|14:17] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Microsoft
[06/07/2005|15:08] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Mozilla
[09/07/2008|19:47] C:\DOCUME~1\CYNTHI~1\APPLIC~1\MSN6
[22/12/2007|14:44] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Nero
[19/02/2005|20:01] C:\DOCUME~1\CYNTHI~1\APPLIC~1\OLYMPUS
[23/07/2008|13:32] C:\DOCUME~1\CYNTHI~1\APPLIC~1\optionacid
[02/09/2006|11:33] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Real
[05/01/2006|23:13] C:\DOCUME~1\CYNTHI~1\APPLIC~1\SlySoft
[19/12/2005|14:02] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Sun
[04/07/2005|17:23] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Talkback
[06/07/2005|15:08] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Thunderbird
[14/12/2007|16:46] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Univ-Tchat

[22/07/2003|09:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[22/07/2003|08:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[28/08/2007|15:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[13/09/2003|00:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Adobe
[13/09/2003|00:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\AdobeUM
[28/12/2005|12:20] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Ahead
[25/09/2003|19:57] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Aim
[01/07/2005|19:42] C:\DOCUME~1\HUGOBL~1\APPLIC~1\AOL
[31/10/2005|20:46] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Creative
[22/07/2003|09:25] C:\DOCUME~1\HUGOBL~1\APPLIC~1\desktop.ini
[24/12/2007|21:12] C:\DOCUME~1\HUGOBL~1\APPLIC~1\DivX
[06/03/2008|18:49] C:\DOCUME~1\HUGOBL~1\APPLIC~1\GDIPFONTCACHEV1.DAT
[24/12/2005|22:43] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Google
[18/11/2003|14:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Help
[22/07/2003|08:36] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Identities
[13/09/2003|11:44] C:\DOCUME~1\HUGOBL~1\APPLIC~1\InterVideo
[20/06/2004|23:08] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Lycos
[24/10/2003|10:56] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Macromedia
[28/12/2005|12:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Microsoft
[15/07/2005|13:26] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Mozilla
[01/11/2003|14:49] C:\DOCUME~1\HUGOBL~1\APPLIC~1\MSN6
[24/12/2007|20:59] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Nero
[13/10/2006|15:33] C:\DOCUME~1\HUGOBL~1\APPLIC~1\OLYMPUS
[27/05/2008|19:31] C:\DOCUME~1\HUGOBL~1\APPLIC~1\optionacid
[01/09/2006|21:55] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Real
[22/01/2008|21:44] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Shareaza
[19/11/2006|12:48] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Sun
[15/07/2005|13:26] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Talkback
[19/07/2005|20:24] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Thunderbird
[26/05/2004|14:46] C:\DOCUME~1\HUGOBL~1\APPLIC~1\You've Got Pictures Screensaver

[17/07/2008|21:57] C:\DOCUME~1\JACQUE~1\APPLIC~1\Adobe
[23/06/2007|18:03] C:\DOCUME~1\JACQUE~1\APPLIC~1\AdobeUM
[15/02/2006|22:50] C:\DOCUME~1\JACQUE~1\APPLIC~1\Ahead
[02/09/2005|23:54] C:\DOCUME~1\JACQUE~1\APPLIC~1\Creative
[22/07/2003|09:25] C:\DOCUME~1\JACQUE~1\APPLIC~1\desktop.ini
[01/03/2006|23:59] C:\DOCUME~1\JACQUE~1\APPLIC~1\Google
[22/07/2003|08:36] C:\DOCUME~1\JACQUE~1\APPLIC~1\Identities
[14/07/2005|15:41] C:\DOCUME~1\JACQUE~1\APPLIC~1\Macromedia
[09/12/2005|23:52] C:\DOCUME~1\JACQUE~1\APPLIC~1\Microsoft
[14/07/2005|15:28] C:\DOCUME~1\JACQUE~1\APPLIC~1\Mozilla
[27/12/2007|23:21] C:\DOCUME~1\JACQUE~1\APPLIC~1\Nero
[23/07/2008|20:12] C:\DOCUME~1\JACQUE~1\APPLIC~1\optionacid
[23/09/2006|18:38] C:\DOCUME~1\JACQUE~1\APPLIC~1\Real
[12/12/2005|00:04] C:\DOCUME~1\JACQUE~1\APPLIC~1\Sun
[14/07/2005|15:27] C:\DOCUME~1\JACQUE~1\APPLIC~1\Talkback
[18/07/2005|21:53] C:\DOCUME~1\JACQUE~1\APPLIC~1\Thunderbird
[03/10/2007|21:14] C:\DOCUME~1\JACQUE~1\APPLIC~1\Univ-Tchat

[22/07/2003|08:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/07/2003|08:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[25/07/2008 17:00][--ah-----] C:\WINDOWS\tasks\AAF557B1918ACBF5.job
[25/07/2008 17:00][--ah-----] C:\WINDOWS\tasks\A66A8D2C918905DC.job
[25/07/2008 17:00][--ah-----] C:\WINDOWS\tasks\AD28FBD2918F6FA6.job
[25/07/2008 17:18][--a------] C:\WINDOWS\tasks\HP Usg Daily.job
[25/07/2008 09:49][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A66A8D2C918905DC.job )=( c:\docume~1\cynthi~1\applic~1\option~1\Jumperrorlive.exe )
( AAF557B1918ACBF5.job )=( c:\docume~1\jacque~1\applic~1\option~1\Jumperrorlive.exe )
( AD28FBD2918F6FA6.job )=( c:\docume~1\hugobl~1\applic~1\option~1\Jumperrorlive.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[11/09/2003|19:45] C:\Program Files\%ALLUSERSPROFILE%
[26/08/2007|19:23] C:\Program Files\Adobe
[15/09/2007|20:55] C:\Program Files\Adverts
[24/05/2008|14:29] C:\Program Files\AIM
[03/06/2006|11:32] C:\Program Files\AIM95
[09/04/2005|11:29] C:\Program Files\ArcSoft
[28/10/2006|14:42] C:\Program Files\AresFlashDownloader
[16/12/2007|16:17] C:\Program Files\AskTBar
[27/10/2006|17:31] C:\Program Files\Astonsoft
[27/06/2008|11:21] C:\Program Files\AxBx
[19/08/2005|12:08] C:\Program Files\bellesmeres
[18/02/2007|21:11] C:\Program Files\BitTorrent
[07/06/2008|17:54] C:\Program Files\CCleaner
[18/08/2005|21:23] C:\Program Files\CDLABEL
[11/05/2006|23:07] C:\Program Files\Common Files
[05/07/2006|13:31] C:\Program Files\Creative
[15/01/2004|19:00] C:\Program Files\Davilex
[10/11/2003|12:01] C:\Program Files\defaut
[30/11/2004|09:23] C:\Program Files\delete.exe
[27/06/2008|11:22] C:\Program Files\DivX
[02/09/2006|00:20] C:\Program Files\DzSoft
[28/10/2006|15:49] C:\Program Files\eDonkey2000
[02/07/2005|12:45] C:\Program Files\Empire Interactive
[25/07/2008|16:17] C:\Program Files\eMule
[28/01/2007|14:14] C:\Program Files\EPSON
[09/01/2008|15:27] C:\Program Files\Fichiers communs
[01/11/2007|18:37] C:\Program Files\Gamenext
[28/10/2007|20:23] C:\Program Files\GamesBar
[01/11/2005|14:02] C:\Program Files\Google
[21/12/2007|14:17] C:\Program Files\Hewlett-Packard
[21/12/2007|14:17] C:\Program Files\HP
[10/02/2007|22:04] C:\Program Files\INSTAFINK
[14/10/2006|18:51] C:\Program Files\InstallShield Installation Information
[04/07/2005|14:35] C:\Program Files\InterActual
[12/06/2008|14:05] C:\Program Files\Internet Explorer
[04/07/2005|16:13] C:\Program Files\Internet Optimizer
[28/10/2003|15:40] C:\Program Files\InterVideo
[10/11/2006|19:40] C:\Program Files\Java
[09/09/2005|16:48] C:\Program Files\jrqiyh2j
[04/07/2005|15:36] C:\Program Files\Kaspersky Lab
[23/10/2003|12:51] C:\Program Files\Kelloggs
[26/10/2006|18:45] C:\Program Files\lphant
[24/07/2008|21:35] C:\Program Files\Malwarebytes' Anti-Malware
[27/09/2003|11:56] C:\Program Files\Masta
[06/07/2005|03:04] C:\Program Files\Messenger
[15/09/2007|20:52] C:\Program Files\Messenger Plus! Live
[02/05/2006|18:01] C:\Program Files\MessengerPlus! 3
[22/07/2003|08:41] C:\Program Files\Microsoft AutoRoute
[22/07/2003|08:42] C:\Program Files\Microsoft Encarta
[22/07/2003|08:33] C:\Program Files\microsoft frontpage
[22/07/2003|08:41] C:\Program Files\Microsoft Money
[01/09/2006|23:56] C:\Program Files\Microsoft Office
[22/07/2003|08:42] C:\Program Files\Microsoft Picture It! 7
[22/07/2003|08:40] C:\Program Files\Microsoft Works
[22/07/2003|08:37] C:\Program Files\Microsoft Works Suite 2003
[24/04/2004|14:42] C:\Program Files\Monte Cristo
[16/07/2008|13:04] C:\Program Files\Moon Secure Antivirus
[04/07/2005|17:44] C:\Program Files\Movie Maker
[25/07/2008|17:21] C:\Program Files\Mozilla Firefox
[06/07/2005|15:09] C:\Program Files\Mozilla Thunderbird
[20/05/2004|14:19] C:\Program Files\mp3
[28/06/2006|19:03] C:\Program Files\MSN
[22/07/2003|08:29] C:\Program Files\MSN Gaming Zone
[15/09/2007|20:52] C:\Program Files\MSN Messenger
[09/07/2004|18:48] C:\Program Files\MSN Toolbar
[16/11/2006|23:55] C:\Program Files\MSXML 4.0
[22/12/2007|14:31] C:\Program Files\Nero
[04/07/2005|17:32] C:\Program Files\NetMeeting
[11/07/2008|10:52] C:\Program Files\Neuf
[16/01/2004|23:11] C:\Program Files\NovaLogic
[19/02/2005|19:04] C:\Program Files\OLYMPUS
[23/07/2008|20:10] C:\Program Files\optionacid
[13/06/2007|13:35] C:\Program Files\Outlook Express
[04/10/2003|17:56] C:\Program Files\pasdeproblemes
[15/12/2005|12:25] C:\Program Files\Philips
[19/02/2005|18:37] C:\Program Files\PIXELA
[18/08/2005|21:19] C:\Program Files\pur-sexe
[26/05/2004|15:06] C:\Program Files\QuickTime
[11/09/2003|20:13] C:\Program Files\Real
[22/07/2003|08:31] C:\Program Files\Services en ligne
[21/01/2005|02:53] C:\Program Files\SetAttrib.exe
[06/01/2006|22:02] C:\Program Files\SlySoft
[25/07/2008|17:38] C:\Program Files\Trend Micro
[12/05/2006|21:04] C:\Program Files\TV Media
[25/02/2004|13:59] C:\Program Files\Ubi Soft
[29/07/2005|14:12] C:\Program Files\Ulead Systems
[14/11/2003|23:24] C:\Program Files\Uninstall Information
[22/07/2007|12:42] C:\Program Files\Univ-Tchat
[04/07/2005|16:13] C:\Program Files\Uqyrn
[25/04/2004|19:52] C:\Program Files\Viewpoint
[05/01/2006|17:31] C:\Program Files\vso
[04/07/2005|14:55] C:\Program Files\Wanadoo
[27/09/2003|11:35] C:\Program Files\webcamlive
[26/06/2008|18:57] C:\Program Files\Webroot
[11/05/2006|23:34] C:\Program Files\WhenUSearch
[06/09/2006|21:15] C:\Program Files\Winamp
[28/08/2007|15:24] C:\Program Files\Windows Live
[17/07/2006|14:57] C:\Program Files\Windows Media Player
[04/07/2005|17:32] C:\Program Files\Windows NT
[13/07/2004|20:59] C:\Program Files\WindowsSB
[25/09/2004|18:02] C:\Program Files\WindowsUpdate
[22/07/2003|08:33] C:\Program Files\xerox
[27/12/2005|16:13] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[13/09/2003|00:37] C:\Program Files\Fichiers communs\Adobe
[14/10/2006|18:33] C:\Program Files\Fichiers communs\Ahead
[15/01/2007|13:18] C:\Program Files\Fichiers communs\AOL
[26/05/2004|14:48] C:\Program Files\Fichiers communs\aolback
[22/07/2003|08:39] C:\Program Files\Fichiers communs\Designer
[17/02/2005|14:59] C:\Program Files\Fichiers communs\DirectX
[03/01/2006|20:36] C:\Program Files\Fichiers communs\Droppix
[14/09/2003|13:49] C:\Program Files\Fichiers communs\EPSON
[28/01/2006|23:33] C:\Program Files\Fichiers communs\ErrorSafe
[24/04/2004|14:01] C:\Program Files\Fichiers communs\InstallShield
[10/11/2006|19:34] C:\Program Files\Fichiers communs\Java
[12/12/2007|00:41] C:\Program Files\Fichiers communs\Microsoft Shared
[22/07/2003|08:30] C:\Program Files\Fichiers communs\MSSoap
[26/05/2004|14:45] C:\Program Files\Fichiers communs\Nullsoft
[22/08/2005|16:36] C:\Program Files\Fichiers communs\ODBC
[01/09/2006|21:45] C:\Program Files\Fichiers communs\Real
[22/07/2003|08:30] C:\Program Files\Fichiers communs\Services
[22/07/2003|09:25] C:\Program Files\Fichiers communs\SpeechEngines
[13/06/2007|13:35] C:\Program Files\Fichiers communs\System
[29/08/2005|01:11] C:\Program Files\Fichiers communs\WinSoftware
[01/09/2006|21:46] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 41 Processus )

iexplore.exe ~ [1684]
iexplore.exe ~ [1592]
iexplore.exe ~ [3444]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Cast Delete.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Locks Part.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Media Bin.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Name remote.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Plan kind.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\road media.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Setup Defy.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\trust bash.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Two Idol Wave Flag
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\abpnbpsn.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\amzobqbk.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\bkeglhmf.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\ckdjebbk.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\crqetaak.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\DRVONCECOALSEND.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\eilmkncg.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\ffhjzgtw.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\fuhiofgw.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\ggjfmffh.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\gphyboum.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\guhudkwj.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\hensrkkd.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\hitridgs.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\iimtbvug.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\ijshstww.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\imykrfon.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\iuutniiq.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\Jumperrorlive.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\Jumpmetaonce.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\kgishamf.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\lczuumya.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\lnxtsgxd.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\mbhapksx.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\mictyhdv.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\mtoidouh.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\mxbilbhh.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\nateoeyx.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\njimoiln.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\olpvnicq.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\Online Web Ante.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\pslraebp.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\qornlrrv.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\qrbomvgz.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\qxgoonkd.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\rhdhqgcj.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\scsjpcat.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\szdlblne.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\twkcuopt.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\ucsnbzli.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\unamaiop.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\utugqcun.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\veaznmko.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\virzekgq.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\vrmcpkrh.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\wdmebhdm.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\wdqoqfms.exe
C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\zznsbdvs.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\afqxsxbv.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\DRVONCECOALSEND.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\ecngnxko.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\gnbcxefl.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\gpdvifqx.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\hlqltiur.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\iydemcva.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\jitimcip.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\Jumperrorlive.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\Jumpmetaonce.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\lmhduehd.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\Online Web Ante.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\pdintldn.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\qrjldwnv.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\rqtfnjxe.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\sqgiprtp.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\szobjybn.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\tgwuxhkb.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\tsenwrtw.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\ujjtjphq.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\vwgnmmcd.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\yiuecgxi.exe
C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\zmmnrfac.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\cofqkmlg.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\dkvcpmbg.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\DRVONCECOALSEND.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\dyphytxv.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\eiradtqi.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\guplydtl.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\Jumperrorlive.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\lvpfcbej.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\mewubycg.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\nmnjpcmf.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\ohgfxaeu.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\Online Web Ante.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\pleixgak.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\qfhzrmbh.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\rdooizos.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\tmtiqnnm.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\tvlhpcrl.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\vyqefxvk.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\xlsyzrlx.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\zdjfyzzj.exe
C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\zieqnhqk.exe
C:\Program Files\option~1
C:\Program Files\Adverts
C:\WINDOWS\Tasks\A66A8D2C918905DC.job
C:\WINDOWS\Tasks\AAF557B1918ACBF5.job
C:\WINDOWS\Tasks\AD28FBD2918F6FA6.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window math"="C:\\DOCUME~1\\CYNTHI~1\\APPLIC~1\\OPTION~1\\Online Web Ante.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stupid Data Dart Wave"="C:\\Documents and Settings\\All Users\\Application Data\\flag ace stupid data\\Media Bin.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 17:55:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:78][D:3]-> C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\CYNTHI~1\Cookies
[F:15][D:3]-> C:\DOCUME~1\CYNTHI~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 17:57:58,76

Réponse 4 / 17

Utilisateur anonyme

Relance Lop S&D

* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)

tinnaa

--------------------\\ Lop S&D 4.2.2-4 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Cynthia BLANCHET ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 25/07/2008 | 18:02:50,98 ] [ PC : SIEMENS ]
[ MAJ : 25-07-2008 | 17:45 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Cast Delete.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Locks Part.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Media Bin.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Name remote.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Plan kind.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\road media.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\Setup Defy.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data\trust bash.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\abpnbpsn.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\amzobqbk.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\bkeglhmf.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\ckdjebbk.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\crqetaak.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\DRVONCECOALSEND.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\eilmkncg.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\ffhjzgtw.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\fuhiofgw.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\ggjfmffh.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\gphyboum.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\guhudkwj.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\hensrkkd.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\hitridgs.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\iimtbvug.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\ijshstww.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\imykrfon.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\iuutniiq.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\Jumperrorlive.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\Jumpmetaonce.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\kgishamf.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\lczuumya.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\lnxtsgxd.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\mbhapksx.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\mictyhdv.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\mtoidouh.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\mxbilbhh.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\nateoeyx.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\njimoiln.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\olpvnicq.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\Online Web Ante.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\pslraebp.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\qornlrrv.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\qrbomvgz.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\qxgoonkd.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\rhdhqgcj.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\scsjpcat.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\szdlblne.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\twkcuopt.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\ucsnbzli.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\unamaiop.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\utugqcun.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\veaznmko.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\virzekgq.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\vrmcpkrh.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\wdmebhdm.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\wdqoqfms.exe
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1\zznsbdvs.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\afqxsxbv.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\DRVONCECOALSEND.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\ecngnxko.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\gnbcxefl.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\gpdvifqx.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\hlqltiur.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\iydemcva.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\jitimcip.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\Jumperrorlive.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\Jumpmetaonce.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\lmhduehd.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\Online Web Ante.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\pdintldn.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\qrjldwnv.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\rqtfnjxe.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\sqgiprtp.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\szobjybn.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\tgwuxhkb.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\tsenwrtw.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\ujjtjphq.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\vwgnmmcd.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\yiuecgxi.exe
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1\zmmnrfac.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\cofqkmlg.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\dkvcpmbg.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\DRVONCECOALSEND.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\dyphytxv.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\eiradtqi.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\guplydtl.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\Jumperrorlive.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\lvpfcbej.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\mewubycg.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\nmnjpcmf.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\ohgfxaeu.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\Online Web Ante.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\pleixgak.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\qfhzrmbh.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\rdooizos.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\tmtiqnnm.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\tvlhpcrl.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\vyqefxvk.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\xlsyzrlx.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\zdjfyzzj.exe
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1\zieqnhqk.exe
Supprime! - C:\WINDOWS\Tasks\A66A8D2C918905DC.job
Supprime! - C:\WINDOWS\Tasks\AAF557B1918ACBF5.job
Supprime! - C:\WINDOWS\Tasks\AD28FBD2918F6FA6.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Two Idol Wave Flag
Supprime! - C:\DOCUME~1\CYNTHI~1\APPLIC~1\option~1
Supprime! - C:\DOCUME~1\HUGOBL~1\APPLIC~1\option~1
Supprime! - C:\DOCUME~1\JACQUE~1\APPLIC~1\option~1
Supprime! - C:\Program Files\option~1
Supprime! - C:\Program Files\Adverts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[15/12/2005|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[14/01/2007|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[14/01/2007|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[14/01/2007|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[23/07/2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\clockthisdoesamok
[22/07/2003|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[21/12/2007|14:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[24/07/2008|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[07/10/2005|23:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[29/01/2006|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/09/2003|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[09/01/2008|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[04/01/2004|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[22/07/2003|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[28/10/2007|22:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[28/08/2007|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[11/05/2006|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinSoftware
[28/08/2007|15:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[21/06/2008|12:29] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Adobe
[13/03/2008|20:06] C:\DOCUME~1\CYNTHI~1\APPLIC~1\AdobeUM
[24/02/2006|15:07] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Ahead
[18/06/2006|20:53] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Aim
[26/10/2006|18:26] C:\DOCUME~1\CYNTHI~1\APPLIC~1\aMule
[01/07/2005|19:42] C:\DOCUME~1\CYNTHI~1\APPLIC~1\AOL
[09/04/2005|11:35] C:\DOCUME~1\CYNTHI~1\APPLIC~1\ArcSoft
[28/10/2006|15:26] C:\DOCUME~1\CYNTHI~1\APPLIC~1\BitTorrent
[22/02/2006|14:54] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Creative
[07/04/2006|16:47] C:\DOCUME~1\CYNTHI~1\APPLIC~1\DeepBurner Pro
[22/07/2003|09:25] C:\DOCUME~1\CYNTHI~1\APPLIC~1\desktop.ini
[31/07/2007|20:50] C:\DOCUME~1\CYNTHI~1\APPLIC~1\DivX
[02/05/2005|12:21] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Ecran de veille
[18/07/2005|14:18] C:\DOCUME~1\CYNTHI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
[26/06/2008|18:54] C:\DOCUME~1\CYNTHI~1\APPLIC~1\GetRightToGo
[01/11/2005|14:04] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Google
[29/07/2005|15:03] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Help
[22/07/2003|08:36] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Identities
[16/12/2007|16:38] C:\DOCUME~1\CYNTHI~1\APPLIC~1\InfraRecorder
[13/09/2003|11:40] C:\DOCUME~1\CYNTHI~1\APPLIC~1\InterVideo
[17/12/2004|10:42] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Lycos
[20/09/2006|18:31] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Macromedia
[24/07/2008|21:35] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Malwarebytes
[21/12/2007|14:17] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Microsoft
[06/07/2005|15:08] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Mozilla
[09/07/2008|19:47] C:\DOCUME~1\CYNTHI~1\APPLIC~1\MSN6
[22/12/2007|14:44] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Nero
[19/02/2005|20:01] C:\DOCUME~1\CYNTHI~1\APPLIC~1\OLYMPUS
[02/09/2006|11:33] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Real
[05/01/2006|23:13] C:\DOCUME~1\CYNTHI~1\APPLIC~1\SlySoft
[19/12/2005|14:02] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Sun
[04/07/2005|17:23] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Talkback
[06/07/2005|15:08] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Thunderbird
[14/12/2007|16:46] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Univ-Tchat

[22/07/2003|09:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[22/07/2003|08:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[28/08/2007|15:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[13/09/2003|00:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Adobe
[13/09/2003|00:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\AdobeUM
[28/12/2005|12:20] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Ahead
[25/09/2003|19:57] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Aim
[01/07/2005|19:42] C:\DOCUME~1\HUGOBL~1\APPLIC~1\AOL
[31/10/2005|20:46] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Creative
[22/07/2003|09:25] C:\DOCUME~1\HUGOBL~1\APPLIC~1\desktop.ini
[24/12/2007|21:12] C:\DOCUME~1\HUGOBL~1\APPLIC~1\DivX
[06/03/2008|18:49] C:\DOCUME~1\HUGOBL~1\APPLIC~1\GDIPFONTCACHEV1.DAT
[24/12/2005|22:43] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Google
[18/11/2003|14:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Help
[22/07/2003|08:36] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Identities
[13/09/2003|11:44] C:\DOCUME~1\HUGOBL~1\APPLIC~1\InterVideo
[20/06/2004|23:08] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Lycos
[24/10/2003|10:56] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Macromedia
[28/12/2005|12:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Microsoft
[15/07/2005|13:26] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Mozilla
[01/11/2003|14:49] C:\DOCUME~1\HUGOBL~1\APPLIC~1\MSN6
[24/12/2007|20:59] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Nero
[13/10/2006|15:33] C:\DOCUME~1\HUGOBL~1\APPLIC~1\OLYMPUS
[01/09/2006|21:55] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Real
[22/01/2008|21:44] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Shareaza
[19/11/2006|12:48] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Sun
[15/07/2005|13:26] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Talkback
[19/07/2005|20:24] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Thunderbird
[26/05/2004|14:46] C:\DOCUME~1\HUGOBL~1\APPLIC~1\You've Got Pictures Screensaver

[17/07/2008|21:57] C:\DOCUME~1\JACQUE~1\APPLIC~1\Adobe
[23/06/2007|18:03] C:\DOCUME~1\JACQUE~1\APPLIC~1\AdobeUM
[15/02/2006|22:50] C:\DOCUME~1\JACQUE~1\APPLIC~1\Ahead
[02/09/2005|23:54] C:\DOCUME~1\JACQUE~1\APPLIC~1\Creative
[22/07/2003|09:25] C:\DOCUME~1\JACQUE~1\APPLIC~1\desktop.ini
[01/03/2006|23:59] C:\DOCUME~1\JACQUE~1\APPLIC~1\Google
[22/07/2003|08:36] C:\DOCUME~1\JACQUE~1\APPLIC~1\Identities
[14/07/2005|15:41] C:\DOCUME~1\JACQUE~1\APPLIC~1\Macromedia
[09/12/2005|23:52] C:\DOCUME~1\JACQUE~1\APPLIC~1\Microsoft
[14/07/2005|15:28] C:\DOCUME~1\JACQUE~1\APPLIC~1\Mozilla
[27/12/2007|23:21] C:\DOCUME~1\JACQUE~1\APPLIC~1\Nero
[23/09/2006|18:38] C:\DOCUME~1\JACQUE~1\APPLIC~1\Real
[12/12/2005|00:04] C:\DOCUME~1\JACQUE~1\APPLIC~1\Sun
[14/07/2005|15:27] C:\DOCUME~1\JACQUE~1\APPLIC~1\Talkback
[18/07/2005|21:53] C:\DOCUME~1\JACQUE~1\APPLIC~1\Thunderbird
[03/10/2007|21:14] C:\DOCUME~1\JACQUE~1\APPLIC~1\Univ-Tchat

[22/07/2003|08:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/07/2003|08:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[25/07/2008 17:18][--a------] C:\WINDOWS\tasks\HP Usg Daily.job
[25/07/2008 09:49][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[11/09/2003|19:45] C:\Program Files\%ALLUSERSPROFILE%
[26/08/2007|19:23] C:\Program Files\Adobe
[24/05/2008|14:29] C:\Program Files\AIM
[03/06/2006|11:32] C:\Program Files\AIM95
[09/04/2005|11:29] C:\Program Files\ArcSoft
[28/10/2006|14:42] C:\Program Files\AresFlashDownloader
[16/12/2007|16:17] C:\Program Files\AskTBar
[27/10/2006|17:31] C:\Program Files\Astonsoft
[27/06/2008|11:21] C:\Program Files\AxBx
[19/08/2005|12:08] C:\Program Files\bellesmeres
[18/02/2007|21:11] C:\Program Files\BitTorrent
[07/06/2008|17:54] C:\Program Files\CCleaner
[18/08/2005|21:23] C:\Program Files\CDLABEL
[11/05/2006|23:07] C:\Program Files\Common Files
[05/07/2006|13:31] C:\Program Files\Creative
[15/01/2004|19:00] C:\Program Files\Davilex
[10/11/2003|12:01] C:\Program Files\defaut
[30/11/2004|09:23] C:\Program Files\delete.exe
[27/06/2008|11:22] C:\Program Files\DivX
[02/09/2006|00:20] C:\Program Files\DzSoft
[28/10/2006|15:49] C:\Program Files\eDonkey2000
[02/07/2005|12:45] C:\Program Files\Empire Interactive
[25/07/2008|16:17] C:\Program Files\eMule
[28/01/2007|14:14] C:\Program Files\EPSON
[09/01/2008|15:27] C:\Program Files\Fichiers communs
[01/11/2007|18:37] C:\Program Files\Gamenext
[28/10/2007|20:23] C:\Program Files\GamesBar
[01/11/2005|14:02] C:\Program Files\Google
[21/12/2007|14:17] C:\Program Files\Hewlett-Packard
[21/12/2007|14:17] C:\Program Files\HP
[10/02/2007|22:04] C:\Program Files\INSTAFINK
[14/10/2006|18:51] C:\Program Files\InstallShield Installation Information
[04/07/2005|14:35] C:\Program Files\InterActual
[12/06/2008|14:05] C:\Program Files\Internet Explorer
[04/07/2005|16:13] C:\Program Files\Internet Optimizer
[28/10/2003|15:40] C:\Program Files\InterVideo
[10/11/2006|19:40] C:\Program Files\Java
[09/09/2005|16:48] C:\Program Files\jrqiyh2j
[04/07/2005|15:36] C:\Program Files\Kaspersky Lab
[23/10/2003|12:51] C:\Program Files\Kelloggs
[26/10/2006|18:45] C:\Program Files\lphant
[24/07/2008|21:35] C:\Program Files\Malwarebytes' Anti-Malware
[27/09/2003|11:56] C:\Program Files\Masta
[06/07/2005|03:04] C:\Program Files\Messenger
[15/09/2007|20:52] C:\Program Files\Messenger Plus! Live
[02/05/2006|18:01] C:\Program Files\MessengerPlus! 3
[22/07/2003|08:41] C:\Program Files\Microsoft AutoRoute
[22/07/2003|08:42] C:\Program Files\Microsoft Encarta
[22/07/2003|08:33] C:\Program Files\microsoft frontpage
[22/07/2003|08:41] C:\Program Files\Microsoft Money
[01/09/2006|23:56] C:\Program Files\Microsoft Office
[22/07/2003|08:42] C:\Program Files\Microsoft Picture It! 7
[22/07/2003|08:40] C:\Program Files\Microsoft Works
[22/07/2003|08:37] C:\Program Files\Microsoft Works Suite 2003
[24/04/2004|14:42] C:\Program Files\Monte Cristo
[16/07/2008|13:04] C:\Program Files\Moon Secure Antivirus
[04/07/2005|17:44] C:\Program Files\Movie Maker
[25/07/2008|17:21] C:\Program Files\Mozilla Firefox
[06/07/2005|15:09] C:\Program Files\Mozilla Thunderbird
[20/05/2004|14:19] C:\Program Files\mp3
[28/06/2006|19:03] C:\Program Files\MSN
[22/07/2003|08:29] C:\Program Files\MSN Gaming Zone
[15/09/2007|20:52] C:\Program Files\MSN Messenger
[09/07/2004|18:48] C:\Program Files\MSN Toolbar
[16/11/2006|23:55] C:\Program Files\MSXML 4.0
[22/12/2007|14:31] C:\Program Files\Nero
[04/07/2005|17:32] C:\Program Files\NetMeeting
[11/07/2008|10:52] C:\Program Files\Neuf
[16/01/2004|23:11] C:\Program Files\NovaLogic
[19/02/2005|19:04] C:\Program Files\OLYMPUS
[13/06/2007|13:35] C:\Program Files\Outlook Express
[04/10/2003|17:56] C:\Program Files\pasdeproblemes
[15/12/2005|12:25] C:\Program Files\Philips
[19/02/2005|18:37] C:\Program Files\PIXELA
[18/08/2005|21:19] C:\Program Files\pur-sexe
[26/05/2004|15:06] C:\Program Files\QuickTime
[11/09/2003|20:13] C:\Program Files\Real
[22/07/2003|08:31] C:\Program Files\Services en ligne
[21/01/2005|02:53] C:\Program Files\SetAttrib.exe
[06/01/2006|22:02] C:\Program Files\SlySoft
[25/07/2008|17:38] C:\Program Files\Trend Micro
[12/05/2006|21:04] C:\Program Files\TV Media
[25/02/2004|13:59] C:\Program Files\Ubi Soft
[29/07/2005|14:12] C:\Program Files\Ulead Systems
[14/11/2003|23:24] C:\Program Files\Uninstall Information
[22/07/2007|12:42] C:\Program Files\Univ-Tchat
[04/07/2005|16:13] C:\Program Files\Uqyrn
[05/01/2006|17:31] C:\Program Files\vso
[04/07/2005|14:55] C:\Program Files\Wanadoo
[27/09/2003|11:35] C:\Program Files\webcamlive
[26/06/2008|18:57] C:\Program Files\Webroot
[11/05/2006|23:34] C:\Program Files\WhenUSearch
[06/09/2006|21:15] C:\Program Files\Winamp
[28/08/2007|15:24] C:\Program Files\Windows Live
[17/07/2006|14:57] C:\Program Files\Windows Media Player
[04/07/2005|17:32] C:\Program Files\Windows NT
[13/07/2004|20:59] C:\Program Files\WindowsSB
[25/09/2004|18:02] C:\Program Files\WindowsUpdate
[22/07/2003|08:33] C:\Program Files\xerox
[27/12/2005|16:13] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[13/09/2003|00:37] C:\Program Files\Fichiers communs\Adobe
[14/10/2006|18:33] C:\Program Files\Fichiers communs\Ahead
[15/01/2007|13:18] C:\Program Files\Fichiers communs\AOL
[26/05/2004|14:48] C:\Program Files\Fichiers communs\aolback
[22/07/2003|08:39] C:\Program Files\Fichiers communs\Designer
[17/02/2005|14:59] C:\Program Files\Fichiers communs\DirectX
[03/01/2006|20:36] C:\Program Files\Fichiers communs\Droppix
[14/09/2003|13:49] C:\Program Files\Fichiers communs\EPSON
[28/01/2006|23:33] C:\Program Files\Fichiers communs\ErrorSafe
[24/04/2004|14:01] C:\Program Files\Fichiers communs\InstallShield
[10/11/2006|19:34] C:\Program Files\Fichiers communs\Java
[12/12/2007|00:41] C:\Program Files\Fichiers communs\Microsoft Shared
[22/07/2003|08:30] C:\Program Files\Fichiers communs\MSSoap
[26/05/2004|14:45] C:\Program Files\Fichiers communs\Nullsoft
[22/08/2005|16:36] C:\Program Files\Fichiers communs\ODBC
[01/09/2006|21:45] C:\Program Files\Fichiers communs\Real
[22/07/2003|08:30] C:\Program Files\Fichiers communs\Services
[22/07/2003|09:25] C:\Program Files\Fichiers communs\SpeechEngines
[13/06/2007|13:35] C:\Program Files\Fichiers communs\System
[29/08/2005|01:11] C:\Program Files\Fichiers communs\WinSoftware
[01/09/2006|21:46] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 39 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 18:06:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:78][D:3]-> C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\CYNTHI~1\Cookies
[F:15][D:3]-> C:\DOCUME~1\CYNTHI~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 18:08:38,93

Réponse 5 / 17

Utilisateur anonyme

désinstal java car pas a jours et telecharge et instal cette version :

https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe&BHost=javadl.sun.com&File=jre-6u7-windows-i586-p-s.exe&AuthParam=1580978146_46494a57fbc0e7c89e79cfb72e28cd3a&ext=.exe

désinstal adobe acrobat reader car pas a jours et telecharge et instal cette version :

http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.0/fra/AdbeRdr90_fr_FR.exe

internet explorer n est pas a jours telecharge et instal cette version :

IE 7 : ftp://ftp.telecharger.com/01net/IE7Setup.exe

A lire : IE6 VS IE7 : https://forum.malekal.com/viewtopic.php?f=45&t=12405

ensuite refais un scan hijackthis et post le rapport stp

tinnaa

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:52, on 25/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Moon Secure Antivirus\moontray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-4082-A59B-9E7C25708DD7} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe" /silent
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Moon Secure Antivirus] "C:\Program Files\Moon Secure Antivirus\moontray.exe"
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\Media Bin.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Updater] C:\Program Files\Carpe Diem\MadameSalope[1]\CDUpdater.exe CD_UPDATER
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window math] C:\DOCUME~1\CYNTHI~1\APPLIC~1\OPTION~1\Online Web Ante.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: A3Cab1 - http://www.globalcashsolutions.com/kithtml/A3Cab1.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Daphne.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.mega-galerie.com/perso/WebInstall.dll
O16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} (Ulysse Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Penelope.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/13536/CD/ParisVoyeur.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A5173EA8-1337-4BAB-A67E-198C9919D9CC} (Loader Class) - http://213.11.100.127/websetup/websetup2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B4E0F9CB-BC06-4A33-BBB3-F75F16B6FF5E} (Tristan Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Iseult.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/dialogue-fr.exe
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Réponse 6 / 17

Utilisateur anonyme

réouvre hijackthis
fais scan only
coches ces lignes :

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-4082-A59B-9E7C25708DD7} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX

O16 - DPF: A3Cab1 - http://www.globalcashsolutions.com/kithtml/A3Cab1.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Daphne.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.mega-galerie.com/perso/WebInstall.dll
O16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} (Ulysse Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Penelope.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/13536/CD/ParisVoyeur.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A5173EA8-1337-4BAB-A67E-198C9919D9CC} (Loader Class) - http://213.11.100.127/websetup/websetup2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B4E0F9CB-BC06-4A33-BBB3-F75F16B6FF5E} (Tristan Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Iseult.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/dialogue-fr.exe
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

Tu les coches toutes et tu clic sur fix checked

ensuite fais ceci :
Démarrer > executer > tape : services.msc

- Clic droit sur le service cité - System Startup Service
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

et refais un scan hijackthis et post le rapport stp

PS : java , internet 7 et adobe ne sont pas installé/réinstallé

tinnaa

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:52, on 25/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Moon Secure Antivirus\moontray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe" /silent
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Moon Secure Antivirus] "C:\Program Files\Moon Secure Antivirus\moontray.exe"
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\Media Bin.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Updater] C:\Program Files\Carpe Diem\MadameSalope[1]\CDUpdater.exe CD_UPDATER
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window math] C:\DOCUME~1\CYNTHI~1\APPLIC~1\OPTION~1\Online Web Ante.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--

Réponse 7 / 17

Utilisateur anonyme

Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.

tinnaa

Lopxpsetup.exe ne souvre pas

Réponse 8 / 17

Utilisateur anonyme

ok

repasse lop S&D dans ce cas , option 1

tinnaa

--------------------\\ Lop S&D 4.2.2-4 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Cynthia BLANCHET ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 25/07/2008 | 19:21:13,48 ] [ PC : SIEMENS ]
[ MAJ : 25-07-2008 | 17:45 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[14/01/2007|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[14/01/2007|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[14/01/2007|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[23/07/2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\clockthisdoesamok
[22/07/2003|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[21/12/2007|14:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[24/07/2008|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[07/10/2005|23:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[29/01/2006|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/09/2003|22:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[09/01/2008|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[04/01/2004|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[22/07/2003|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[28/10/2007|22:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[28/08/2007|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[11/05/2006|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinSoftware
[28/08/2007|15:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[21/06/2008|12:29] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Adobe
[13/03/2008|20:06] C:\DOCUME~1\CYNTHI~1\APPLIC~1\AdobeUM
[24/02/2006|15:07] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Ahead
[18/06/2006|20:53] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Aim
[26/10/2006|18:26] C:\DOCUME~1\CYNTHI~1\APPLIC~1\aMule
[01/07/2005|19:42] C:\DOCUME~1\CYNTHI~1\APPLIC~1\AOL
[09/04/2005|11:35] C:\DOCUME~1\CYNTHI~1\APPLIC~1\ArcSoft
[28/10/2006|15:26] C:\DOCUME~1\CYNTHI~1\APPLIC~1\BitTorrent
[22/02/2006|14:54] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Creative
[07/04/2006|16:47] C:\DOCUME~1\CYNTHI~1\APPLIC~1\DeepBurner Pro
[22/07/2003|09:25] C:\DOCUME~1\CYNTHI~1\APPLIC~1\desktop.ini
[31/07/2007|20:50] C:\DOCUME~1\CYNTHI~1\APPLIC~1\DivX
[02/05/2005|12:21] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Ecran de veille
[18/07/2005|14:18] C:\DOCUME~1\CYNTHI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
[26/06/2008|18:54] C:\DOCUME~1\CYNTHI~1\APPLIC~1\GetRightToGo
[01/11/2005|14:04] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Google
[29/07/2005|15:03] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Help
[22/07/2003|08:36] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Identities
[16/12/2007|16:38] C:\DOCUME~1\CYNTHI~1\APPLIC~1\InfraRecorder
[13/09/2003|11:40] C:\DOCUME~1\CYNTHI~1\APPLIC~1\InterVideo
[17/12/2004|10:42] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Lycos
[20/09/2006|18:31] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Macromedia
[24/07/2008|21:35] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Malwarebytes
[21/12/2007|14:17] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Microsoft
[06/07/2005|15:08] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Mozilla
[09/07/2008|19:47] C:\DOCUME~1\CYNTHI~1\APPLIC~1\MSN6
[22/12/2007|14:44] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Nero
[19/02/2005|20:01] C:\DOCUME~1\CYNTHI~1\APPLIC~1\OLYMPUS
[02/09/2006|11:33] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Real
[05/01/2006|23:13] C:\DOCUME~1\CYNTHI~1\APPLIC~1\SlySoft
[19/12/2005|14:02] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Sun
[04/07/2005|17:23] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Talkback
[06/07/2005|15:08] C:\DOCUME~1\CYNTHI~1\APPLIC~1\Thunderbird

[22/07/2003|09:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[22/07/2003|08:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[28/08/2007|15:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[13/09/2003|00:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Adobe
[13/09/2003|00:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\AdobeUM
[28/12/2005|12:20] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Ahead
[25/09/2003|19:57] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Aim
[01/07/2005|19:42] C:\DOCUME~1\HUGOBL~1\APPLIC~1\AOL
[31/10/2005|20:46] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Creative
[22/07/2003|09:25] C:\DOCUME~1\HUGOBL~1\APPLIC~1\desktop.ini
[24/12/2007|21:12] C:\DOCUME~1\HUGOBL~1\APPLIC~1\DivX
[06/03/2008|18:49] C:\DOCUME~1\HUGOBL~1\APPLIC~1\GDIPFONTCACHEV1.DAT
[24/12/2005|22:43] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Google
[18/11/2003|14:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Help
[22/07/2003|08:36] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Identities
[13/09/2003|11:44] C:\DOCUME~1\HUGOBL~1\APPLIC~1\InterVideo
[20/06/2004|23:08] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Lycos
[24/10/2003|10:56] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Macromedia
[28/12/2005|12:37] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Microsoft
[15/07/2005|13:26] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Mozilla
[01/11/2003|14:49] C:\DOCUME~1\HUGOBL~1\APPLIC~1\MSN6
[24/12/2007|20:59] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Nero
[13/10/2006|15:33] C:\DOCUME~1\HUGOBL~1\APPLIC~1\OLYMPUS
[01/09/2006|21:55] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Real
[22/01/2008|21:44] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Shareaza
[19/11/2006|12:48] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Sun
[15/07/2005|13:26] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Talkback
[19/07/2005|20:24] C:\DOCUME~1\HUGOBL~1\APPLIC~1\Thunderbird
[26/05/2004|14:46] C:\DOCUME~1\HUGOBL~1\APPLIC~1\You've Got Pictures Screensaver

[17/07/2008|21:57] C:\DOCUME~1\JACQUE~1\APPLIC~1\Adobe
[23/06/2007|18:03] C:\DOCUME~1\JACQUE~1\APPLIC~1\AdobeUM
[15/02/2006|22:50] C:\DOCUME~1\JACQUE~1\APPLIC~1\Ahead
[02/09/2005|23:54] C:\DOCUME~1\JACQUE~1\APPLIC~1\Creative
[22/07/2003|09:25] C:\DOCUME~1\JACQUE~1\APPLIC~1\desktop.ini
[01/03/2006|23:59] C:\DOCUME~1\JACQUE~1\APPLIC~1\Google
[22/07/2003|08:36] C:\DOCUME~1\JACQUE~1\APPLIC~1\Identities
[14/07/2005|15:41] C:\DOCUME~1\JACQUE~1\APPLIC~1\Macromedia
[09/12/2005|23:52] C:\DOCUME~1\JACQUE~1\APPLIC~1\Microsoft
[14/07/2005|15:28] C:\DOCUME~1\JACQUE~1\APPLIC~1\Mozilla
[27/12/2007|23:21] C:\DOCUME~1\JACQUE~1\APPLIC~1\Nero
[23/09/2006|18:38] C:\DOCUME~1\JACQUE~1\APPLIC~1\Real
[12/12/2005|00:04] C:\DOCUME~1\JACQUE~1\APPLIC~1\Sun
[14/07/2005|15:27] C:\DOCUME~1\JACQUE~1\APPLIC~1\Talkback
[18/07/2005|21:53] C:\DOCUME~1\JACQUE~1\APPLIC~1\Thunderbird
[03/10/2007|21:14] C:\DOCUME~1\JACQUE~1\APPLIC~1\Univ-Tchat

[22/07/2003|08:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/07/2003|08:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[25/07/2008 17:18][--a------] C:\WINDOWS\tasks\HP Usg Daily.job
[25/07/2008 09:49][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[11/09/2003|19:45] C:\Program Files\%ALLUSERSPROFILE%
[26/08/2007|19:23] C:\Program Files\Adobe
[24/05/2008|14:29] C:\Program Files\AIM
[03/06/2006|11:32] C:\Program Files\AIM95
[09/04/2005|11:29] C:\Program Files\ArcSoft
[28/10/2006|14:42] C:\Program Files\AresFlashDownloader
[16/12/2007|16:17] C:\Program Files\AskTBar
[27/10/2006|17:31] C:\Program Files\Astonsoft
[27/06/2008|11:21] C:\Program Files\AxBx
[19/08/2005|12:08] C:\Program Files\bellesmeres
[18/02/2007|21:11] C:\Program Files\BitTorrent
[07/06/2008|17:54] C:\Program Files\CCleaner
[18/08/2005|21:23] C:\Program Files\CDLABEL
[11/05/2006|23:07] C:\Program Files\Common Files
[05/07/2006|13:31] C:\Program Files\Creative
[15/01/2004|19:00] C:\Program Files\Davilex
[10/11/2003|12:01] C:\Program Files\defaut
[30/11/2004|09:23] C:\Program Files\delete.exe
[25/07/2008|18:34] C:\Program Files\DivX
[02/09/2006|00:20] C:\Program Files\DzSoft
[28/10/2006|15:49] C:\Program Files\eDonkey2000
[02/07/2005|12:45] C:\Program Files\Empire Interactive
[25/07/2008|16:17] C:\Program Files\eMule
[28/01/2007|14:14] C:\Program Files\EPSON
[25/07/2008|18:23] C:\Program Files\Fichiers communs
[01/11/2007|18:37] C:\Program Files\Gamenext
[28/10/2007|20:23] C:\Program Files\GamesBar
[01/11/2005|14:02] C:\Program Files\Google
[21/12/2007|14:17] C:\Program Files\Hewlett-Packard
[21/12/2007|14:17] C:\Program Files\HP
[10/02/2007|22:04] C:\Program Files\INSTAFINK
[14/10/2006|18:51] C:\Program Files\InstallShield Installation Information
[04/07/2005|14:35] C:\Program Files\InterActual
[12/06/2008|14:05] C:\Program Files\Internet Explorer
[04/07/2005|16:13] C:\Program Files\Internet Optimizer
[28/10/2003|15:40] C:\Program Files\InterVideo
[09/09/2005|16:48] C:\Program Files\jrqiyh2j
[04/07/2005|15:36] C:\Program Files\Kaspersky Lab
[23/10/2003|12:51] C:\Program Files\Kelloggs
[25/07/2008|19:05] C:\Program Files\Lopxp
[26/10/2006|18:45] C:\Program Files\lphant
[24/07/2008|21:35] C:\Program Files\Malwarebytes' Anti-Malware
[27/09/2003|11:56] C:\Program Files\Masta
[06/07/2005|03:04] C:\Program Files\Messenger
[15/09/2007|20:52] C:\Program Files\Messenger Plus! Live
[02/05/2006|18:01] C:\Program Files\MessengerPlus! 3
[22/07/2003|08:41] C:\Program Files\Microsoft AutoRoute
[22/07/2003|08:42] C:\Program Files\Microsoft Encarta
[22/07/2003|08:33] C:\Program Files\microsoft frontpage
[22/07/2003|08:41] C:\Program Files\Microsoft Money
[01/09/2006|23:56] C:\Program Files\Microsoft Office
[22/07/2003|08:42] C:\Program Files\Microsoft Picture It! 7
[22/07/2003|08:40] C:\Program Files\Microsoft Works
[22/07/2003|08:37] C:\Program Files\Microsoft Works Suite 2003
[24/04/2004|14:42] C:\Program Files\Monte Cristo
[16/07/2008|13:04] C:\Program Files\Moon Secure Antivirus
[04/07/2005|17:44] C:\Program Files\Movie Maker
[25/07/2008|17:21] C:\Program Files\Mozilla Firefox
[06/07/2005|15:09] C:\Program Files\Mozilla Thunderbird
[20/05/2004|14:19] C:\Program Files\mp3
[28/06/2006|19:03] C:\Program Files\MSN
[22/07/2003|08:29] C:\Program Files\MSN Gaming Zone
[15/09/2007|20:52] C:\Program Files\MSN Messenger
[09/07/2004|18:48] C:\Program Files\MSN Toolbar
[16/11/2006|23:55] C:\Program Files\MSXML 4.0
[22/12/2007|14:31] C:\Program Files\Nero
[04/07/2005|17:32] C:\Program Files\NetMeeting
[11/07/2008|10:52] C:\Program Files\Neuf
[16/01/2004|23:11] C:\Program Files\NovaLogic
[19/02/2005|19:04] C:\Program Files\OLYMPUS
[13/06/2007|13:35] C:\Program Files\Outlook Express
[04/10/2003|17:56] C:\Program Files\pasdeproblemes
[15/12/2005|12:25] C:\Program Files\Philips
[19/02/2005|18:37] C:\Program Files\PIXELA
[18/08/2005|21:19] C:\Program Files\pur-sexe
[26/05/2004|15:06] C:\Program Files\QuickTime
[11/09/2003|20:13] C:\Program Files\Real
[22/07/2003|08:31] C:\Program Files\Services en ligne
[21/01/2005|02:53] C:\Program Files\SetAttrib.exe
[06/01/2006|22:02] C:\Program Files\SlySoft
[25/07/2008|17:38] C:\Program Files\Trend Micro
[12/05/2006|21:04] C:\Program Files\TV Media
[25/02/2004|13:59] C:\Program Files\Ubi Soft
[29/07/2005|14:12] C:\Program Files\Ulead Systems
[14/11/2003|23:24] C:\Program Files\Uninstall Information
[04/07/2005|16:13] C:\Program Files\Uqyrn
[05/01/2006|17:31] C:\Program Files\vso
[04/07/2005|14:55] C:\Program Files\Wanadoo
[27/09/2003|11:35] C:\Program Files\webcamlive
[26/06/2008|18:57] C:\Program Files\Webroot
[11/05/2006|23:34] C:\Program Files\WhenUSearch
[06/09/2006|21:15] C:\Program Files\Winamp
[28/08/2007|15:24] C:\Program Files\Windows Live
[17/07/2006|14:57] C:\Program Files\Windows Media Player
[04/07/2005|17:32] C:\Program Files\Windows NT
[13/07/2004|20:59] C:\Program Files\WindowsSB
[25/09/2004|18:02] C:\Program Files\WindowsUpdate
[22/07/2003|08:33] C:\Program Files\xerox
[27/12/2005|16:13] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[13/09/2003|00:37] C:\Program Files\Fichiers communs\Adobe
[14/10/2006|18:33] C:\Program Files\Fichiers communs\Ahead
[15/01/2007|13:18] C:\Program Files\Fichiers communs\AOL
[26/05/2004|14:48] C:\Program Files\Fichiers communs\aolback
[22/07/2003|08:39] C:\Program Files\Fichiers communs\Designer
[17/02/2005|14:59] C:\Program Files\Fichiers communs\DirectX
[03/01/2006|20:36] C:\Program Files\Fichiers communs\Droppix
[14/09/2003|13:49] C:\Program Files\Fichiers communs\EPSON
[28/01/2006|23:33] C:\Program Files\Fichiers communs\ErrorSafe
[24/04/2004|14:01] C:\Program Files\Fichiers communs\InstallShield
[12/12/2007|00:41] C:\Program Files\Fichiers communs\Microsoft Shared
[22/07/2003|08:30] C:\Program Files\Fichiers communs\MSSoap
[26/05/2004|14:45] C:\Program Files\Fichiers communs\Nullsoft
[22/08/2005|16:36] C:\Program Files\Fichiers communs\ODBC
[01/09/2006|21:45] C:\Program Files\Fichiers communs\Real
[22/07/2003|08:30] C:\Program Files\Fichiers communs\Services
[22/07/2003|09:25] C:\Program Files\Fichiers communs\SpeechEngines
[13/06/2007|13:35] C:\Program Files\Fichiers communs\System
[29/08/2005|01:11] C:\Program Files\Fichiers communs\WinSoftware
[01/09/2006|21:46] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 36 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 19:23:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:82][D:5]-> C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp
[F:3][D:0]-> C:\DOCUME~1\CYNTHI~1\Cookies
[F:18][D:3]-> C:\DOCUME~1\CYNTHI~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 19:25:35,53

tinnaa > tinnaa

ComboFix 08-07-24.6 - Cynthia BLANCHET 2008-07-25 19:36:53.1 - NTFSx86
Endroit: C:\Documents and Settings\Cynthia BLANCHET\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[i] ADS - svchost.exe: deleted 228 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Cynthia \err.log
C:\Documents and Settings\hugo \err.log
C:\Documents and Settings\hugo \Local Settings\Temporary Internet Files\Tvm.log
C:\Documents and Settings\jacqueline\err.log
C:\Documents and Settings\jacqueline\Local Settings\Temporary Internet Files\Tvm.log
C:\Program Files\Fichiers communs\WinSoftware
C:\Program Files\Fichiers communs\WinSoftware\CrXML.dll
C:\Program Files\Fichiers communs\WinSoftware\PCheck.dll
C:\Program Files\internet optimizer
C:\Program Files\internet optimizer\sim\aurl.dat
C:\Program Files\internet optimizer\sim\log0.txt
C:\Program Files\internet optimizer\sim\log1.txt
C:\Program Files\WhenUSearch
C:\WA6P
C:\WA6P\Quar\__dhgord
C:\WA6P\Quar\873101.tmplhsmizrf
C:\WA6P\Quar\87molsah
C:\WA6P\Quar\abiuninst.htmyrcasjdb
C:\WA6P\Quar\accesmembre.dlleqyqqftf
C:\WA6P\Quar\accesmembre.infysbikemt
C:\WA6P\Quar\acrsec.fonagvldvsz
C:\WA6P\Quar\acrsecB.fonmxodovvx
C:\WA6P\Quar\acrsecI.fonrykhuzim
C:\WA6P\Quar\adx.execdkmusmn
C:\WA6P\Quar\asmfiles.cabqyaoxsnc
C:\WA6P\Quar\audio - alternative rock.kplnrtrpacw
C:\WA6P\Quar\audio - barrington levy.kplaecbkwdk
C:\WA6P\Quar\audio - electronica.kplahnomacm
C:\WA6P\Quar\audio - fine arts militia album.kpldvshafbr
C:\WA6P\Quar\audio - folk.kplczdudkau
C:\WA6P\Quar\audio - funk.kplsarwsltu
C:\WA6P\Quar\audio - hip hop.kplsddbvpzo
C:\WA6P\Quar\audio - jazz.kpldkgolbxx
C:\WA6P\Quar\audio - pop rock.kplfqllplbj
C:\WA6P\Quar\audio - public enemy revolverlution album.kplkkeboivb
C:\WA6P\Quar\audio - r&b.kplrhnjmmbz
C:\WA6P\Quar\audio - reggae.kplzwziepaa
C:\WA6P\Quar\audio - the honey palace album.kplkcdwvbyj
C:\WA6P\Quar\autoheal.exesrmzfmxq
C:\WA6P\Quar\B_329_0_0_107400.HTMcfhasoyg
C:\WA6P\Quar\B_329_0_0_144400.GIFypouoxqu
C:\WA6P\Quar\B_329_0_0_151000.GIFmqjanqrm
C:\WA6P\Quar\B_329_0_0_268500.GIFboscieve
C:\WA6P\Quar\B_329_0_0_269100.GIFynqpnnov
C:\WA6P\Quar\B_329_0_0_282200.GIFcsjgdohe
C:\WA6P\Quar\B_329_0_0_290900.GIFzoxlrpuf
C:\WA6P\Quar\B_329_0_0_347600.GIFlpazjtar
C:\WA6P\Quar\B_329_0_0_446700.HTMilemkpip
C:\WA6P\Quar\B_329_0_0_446800.HTMxonwvbxt
C:\WA6P\Quar\B_329_0_0_446900.HTMwnuaiwgf
C:\WA6P\Quar\B_329_0_0_802200.GIFpkwkbbpu
C:\WA6P\Quar\B_329_0_1_349500.HTMwyndjrvy
C:\WA6P\Quar\B_329_0_1_384700.GIFsekzhatk
C:\WA6P\Quar\B_329_0_1_391500.GIFzdddjkie
C:\WA6P\Quar\B_329_0_1_802200.GIFgrucrgpv
C:\WA6P\Quar\B_329_0_2_123000.GIFxpuhyutu
C:\WA6P\Quar\B_329_0_2_151000.GIFcilwqwzf
C:\WA6P\Quar\B_329_0_2_269900.GIFscekibpf
C:\WA6P\Quar\B_329_0_3_123000.GIFvegsixcf
C:\WA6P\Quar\B_329_0_3_127500.GIFhmsumjfs
C:\WA6P\Quar\B_329_0_3_144400.GIFetodqtxe
C:\WA6P\Quar\B_329_0_3_151000.GIFosbnuzkv
C:\WA6P\Quar\B_329_0_3_178200.GIFmfltksgm
C:\WA6P\Quar\B_329_0_3_269900.GIFdtgqcvvd
C:\WA6P\Quar\B_329_0_3_290900.GIFzvngxjwa
C:\WA6P\Quar\B_329_0_3_347300.GIFdrnvpqdw
C:\WA6P\Quar\B_329_0_3_347500.GIFhcejiajq
C:\WA6P\Quar\B_329_0_3_347600.GIFlnjsaupb
C:\WA6P\Quar\B_329_0_3_348300.HTMzppiviiq
C:\WA6P\Quar\B_329_0_3_348300.SWFrpclfwrd
C:\WA6P\Quar\B_329_0_3_814700.GIFfsynogwi
C:\WA6P\Quar\B_329_0_4_127500.GIFuyftrdip
C:\WA6P\Quar\B_329_0_4_144400.GIFgvgislea
C:\WA6P\Quar\B_329_0_4_151100.GIFkjwlnkjf
C:\WA6P\Quar\B_329_0_4_178200.GIFxxohlcre
C:\WA6P\Quar\B_329_0_4_224900.GIFdkjhbuzw
C:\WA6P\Quar\B_329_0_4_238100.GIFdsusgbcf
C:\WA6P\Quar\B_329_0_4_238800.GIFrfevyeyj
C:\WA6P\Quar\B_329_0_4_239100.GIFwoweajbh
C:\WA6P\Quar\B_329_0_4_262700.GIFpkxuhsmr
C:\WA6P\Quar\B_329_0_4_314600.GIFgqxyggrp
C:\WA6P\Quar\B_329_0_4_348300.HTMtbudmfiv
C:\WA6P\Quar\B_329_0_4_348300.SWFcvqbeshu
C:\WA6P\Quar\B_329_0_4_349500.HTMtebtnkln
C:\WA6P\Quar\B_329_0_4_391500.GIFtsvxsati
C:\WA6P\Quar\B_329_0_4_497400.GIFdnhdxqnq
C:\WA6P\Quar\B_329_0_4_497500.GIFhjjxbeae
C:\WA6P\Quar\B_329_0_4_805300.GIFlqzgnsge
C:\WA6P\Quar\B_329_0_4_805600.GIFefnrbsij
C:\WA6P\Quar\B_329_0_4_814700.GIFbnudednw
C:\WA6P\Quar\B_329_0_4_828300.GIFpxmwseyy
C:\WA6P\Quar\B_329_0_4_828600.GIFoyudjbam
C:\WA6P\Quar\B_329_1_0_377800.HTMithfdagk
C:\WA6P\Quar\B_asplhy
C:\WA6P\Quar\B_bddjhk
C:\WA6P\Quar\B_cacpbn
C:\WA6P\Quar\B_cwpxnj
C:\WA6P\Quar\B_cwrczr
C:\WA6P\Quar\B_ectwdh
C:\WA6P\Quar\B_edehcb
C:\WA6P\Quar\B_egqarn
C:\WA6P\Quar\B_eogcls
C:\WA6P\Quar\B_erqbcp
C:\WA6P\Quar\B_fzsuaw
C:\WA6P\Quar\B_gmjgkv
C:\WA6P\Quar\B_gmkuvd
C:\WA6P\Quar\B_gyvzyh
C:\WA6P\Quar\B_hjhhty
C:\WA6P\Quar\B_hjimey
C:\WA6P\Quar\B_hrjzyg
C:\WA6P\Quar\B_huuebk
C:\WA6P\Quar\B_hyyrdo
C:\WA6P\Quar\B_jbakwu
C:\WA6P\Quar\B_jebrue
C:\WA6P\Quar\B_jpmewi
C:\WA6P\Quar\B_kmlkrt
C:\WA6P\Quar\B_kpoxuq
C:\WA6P\Quar\B_lcedap
C:\WA6P\Quar\B_lkowxw
C:\WA6P\Quar\B_mhdjvs
C:\WA6P\Quar\B_mkpcje
C:\WA6P\Quar\B_mpfcsz
C:\WA6P\Quar\B_mwdhjh
C:\WA6P\Quar\B_obxtwf
C:\WA6P\Quar\B_onigyk
C:\WA6P\Quar\B_onjukj
C:\WA6P\Quar\B_oykbht
C:\WA6P\Quar\B_oyuotb
C:\WA6P\Quar\B_pgwzqi
C:\WA6P\Quar\B_pnszwr
C:\WA6P\Quar\B_pvtfhr
C:\WA6P\Quar\B_qwygdl
C:\WA6P\Quar\B_rqmjxx
C:\WA6P\Quar\B_sbysro
C:\WA6P\Quar\B_tlnwed
C:\WA6P\Quar\B_tzbwqz
C:\WA6P\Quar\B_uesckc
C:\WA6P\Quar\B_uhdpvg
C:\WA6P\Quar\B_ulphjk
C:\WA6P\Quar\B_wcfhou
C:\WA6P\Quar\B_worzcy
C:\WA6P\Quar\B_xkgmzt
C:\WA6P\Quar\B_xvihil
C:\WA6P\Quar\B_zcxsyd
C:\WA6P\Quar\B_zfifah
C:\WA6P\Quar\B_zjlkdl
C:\WA6P\Quar\B_zultpo
C:\WA6P\Quar\B_zuwemv
C:\WA6P\Quar\bridge.infmsigtigs
C:\WA6P\Quar\btgrab.cabujtwefol
C:\WA6P\Quar\bulldownload.exeqbmplwrw
C:\WA6P\Quar\bumczfxd
C:\WA6P\Quar\c871B9.tmpwksmwhiu
C:\WA6P\Quar\c8pftxyr
C:\WA6P\Quar\ccmjjcpf
C:\WA6P\Quar\cd_clint.dlliolgywdu
C:\WA6P\Quar\csUNinst.DLLbuxqxrwe
C:\WA6P\Quar\CSV7P91.exemmnbohvz
C:\WA6P\Quar\dealhelper.infcyvjuzot
C:\WA6P\Quar\Del19.tmpqhpacamx
C:\WA6P\Quar\Dhsigned.ocxcjyjprix
C:\WA6P\Quar\djtopr1150.exeeligzjvf
C:\WA6P\Quar\doqwngvd\asm.exe
C:\WA6P\Quar\doqwngvd\ASMps.dll
C:\WA6P\Quar\EGDHTML_pack.influrkxzqo
C:\WA6P\Quar\emerging_artists.kcdgcixbfin
C:\WA6P\Quar\facrvvqb
C:\WA6P\Quar\faczvqiw
C:\WA6P\Quar\g_spot.kcdlwsmaude
C:\WA6P\Quar\HUbkdtfp
C:\WA6P\Quar\HUbvphmq
C:\WA6P\Quar\HUcboiqn
C:\WA6P\Quar\HUckkoov
C:\WA6P\Quar\HUcribyc
C:\WA6P\Quar\HUctsscf
C:\WA6P\Quar\HUdbdkal
C:\WA6P\Quar\HUdjwbne
C:\WA6P\Quar\HUdofbau
C:\WA6P\Quar\HUdzapib
C:\WA6P\Quar\HUeisjcd
C:\WA6P\Quar\HUennuzn
C:\WA6P\Quar\HUexrzeq
C:\WA6P\Quar\HUfickba
C:\WA6P\Quar\HUgejrfp
C:\WA6P\Quar\HUgnczza
C:\WA6P\Quar\HUhfhbbb
C:\WA6P\Quar\HUhxjltc
C:\WA6P\Quar\HUizedjm
C:\WA6P\Quar\HUketfeu
C:\WA6P\Quar\HUkqupmu
C:\WA6P\Quar\HUkwcslk
C:\WA6P\Quar\HUlcmtey
C:\WA6P\Quar\HUlokjbo
C:\WA6P\Quar\HUmaiwoc
C:\WA6P\Quar\HUmfdhob
C:\WA6P\Quar\HUmidaxx
C:\WA6P\Quar\HUmluexk
C:\WA6P\Quar\HUmvsybg
C:\WA6P\Quar\HUmyrszb
C:\WA6P\Quar\HUneqmos
C:\WA6P\Quar\HUnhrpfp
C:\WA6P\Quar\HUobijvf
C:\WA6P\Quar\HUoesgna
C:\WA6P\Quar\HUovzzva
C:\WA6P\Quar\HUpezukz
C:\WA6P\Quar\HUpskshf
C:\WA6P\Quar\HUqhwavx
C:\WA6P\Quar\HUqunuzg
C:\WA6P\Quar\HUrappnu
C:\WA6P\Quar\HUrbqgjh
C:\WA6P\Quar\HUrctnbm
C:\WA6P\Quar\HUrfjepw
C:\WA6P\Quar\HUrvmbds
C:\WA6P\Quar\HUrzgrcx
C:\WA6P\Quar\HUsbmgen
C:\WA6P\Quar\HUscloex
C:\WA6P\Quar\HUsipfzt
C:\WA6P\Quar\HUsotbss
C:\WA6P\Quar\HUtaxrza
C:\WA6P\Quar\HUtonpdw
C:\WA6P\Quar\HUtvnhvd
C:\WA6P\Quar\HUtwnbuq
C:\WA6P\Quar\HUtypxia
C:\WA6P\Quar\HUubxpva
C:\WA6P\Quar\HUunlusd
C:\WA6P\Quar\HUvzmxci
C:\WA6P\Quar\HUwfhlrd
C:\WA6P\Quar\HUworyzg
C:\WA6P\Quar\HUxnzvra
C:\WA6P\Quar\HUxwgglv
C:\WA6P\Quar\HUyfhxpn
C:\WA6P\Quar\HUyniovj
C:\WA6P\Quar\HUytnhpz
C:\WA6P\Quar\HUyxtajg
C:\WA6P\Quar\HUyzswot
C:\WA6P\Quar\HUzhtxpo
C:\WA6P\Quar\Index.dat
C:\WA6P\Quar\InstaFinderK_inst.exesjsbnafy
C:\WA6P\Quar\INSTAFINKTB0302.CFGbjeychoy
C:\WA6P\Quar\instafinktb0302.cfgdhhstzbu
C:\WA6P\Quar\INSTAFINKTB0302.CFGuzkccqnj
C:\WA6P\Quar\INumilwy
C:\WA6P\Quar\JAaajndy
C:\WA6P\Quar\JAapoenl
C:\WA6P\Quar\JAaugeau
C:\WA6P\Quar\JAbcuhgv
C:\WA6P\Quar\JAbjeadb
C:\WA6P\Quar\JAbnartv
C:\WA6P\Quar\JAbqkkij
C:\WA6P\Quar\JAbyuldm
C:\WA6P\Quar\JAbzimwo
C:\WA6P\Quar\JAcdvuxf
C:\WA6P\Quar\JAcqezrr
C:\WA6P\Quar\JAedeuzy
C:\WA6P\Quar\JAemshcb
C:\WA6P\Quar\JAeoesvz
C:\WA6P\Quar\JAfjurlc
C:\WA6P\Quar\JAfouvfi
C:\WA6P\Quar\JAghvjce
C:\WA6P\Quar\JAgjphyq
C:\WA6P\Quar\JAjbytuc
C:\WA6P\Quar\JAjdjryu
C:\WA6P\Quar\JAjijdje
C:\WA6P\Quar\JAjmdbtb
C:\WA6P\Quar\JAkbjyit
C:\WA6P\Quar\JAkswkyx
C:\WA6P\Quar\JAkvtmwg
C:\WA6P\Quar\JAkxvkvd
C:\WA6P\Quar\JAkzsfkt
C:\WA6P\Quar\JAledfqs
C:\WA6P\Quar\JAlelmxc
C:\WA6P\Quar\JAlkmhpg
C:\WA6P\Quar\JAlltaoj
C:\WA6P\Quar\JAllydzo
C:\WA6P\Quar\JAlnajyj
C:\WA6P\Quar\JAnfphtg
C:\WA6P\Quar\JAnisdxd
C:\WA6P\Quar\JAobqtfh
C:\WA6P\Quar\JAovtxfl
C:\WA6P\Quar\JApnyque
C:\WA6P\Quar\JApofcoo
C:\WA6P\Quar\JApqbgir
C:\WA6P\Quar\JAptpkqb
C:\WA6P\Quar\JAqjtcuk
C:\WA6P\Quar\JAqjvnvb
C:\WA6P\Quar\JAqugyir
C:\WA6P\Quar\JAqxmixc
C:\WA6P\Quar\JArpqxvm
C:\WA6P\Quar\JArqtvrv
C:\WA6P\Quar\JAsjzbdm
C:\WA6P\Quar\JAstteed
C:\WA6P\Quar\JAsvzixn
C:\WA6P\Quar\JAtaltpc
C:\WA6P\Quar\JAtotnem
C:\WA6P\Quar\JAtpwphl
C:\WA6P\Quar\JAtrbdcr
C:\WA6P\Quar\JAuhxzqx
C:\WA6P\Quar\JAujhupd
C:\WA6P\Quar\JAujsgnt
C:\WA6P\Quar\JAvhuwwx
C:\WA6P\Quar\JAvupnhb
C:\WA6P\Quar\JAvwclai
C:\WA6P\Quar\JAwqnfas
C:\WA6P\Quar\JAwxccns
C:\WA6P\Quar\JAxmprgz
C:\WA6P\Quar\JAyaiskl
C:\WA6P\Quar\JAyexovg
C:\WA6P\Quar\JAyoadhi
C:\WA6P\Quar\JAypgecg
C:\WA6P\Quar\JAzahvjf
C:\WA6P\Quar\JAzxbgak
C:\WA6P\Quar\jkxqyyjl
C:\WA6P\Quar\kazaa300_en.exellkzhrjo
C:\WA6P\Quar\kmbgwbtb
C:\WA6P\Quar\kmd38.tmpynmwpvne
C:\WA6P\Quar\kmd39.tmpyqyjsrmy
C:\WA6P\Quar\kmd3A.tmpdoumusns
C:\WA6P\Quar\kmd3B.tmpvrgyqiqz
C:\WA6P\Quar\kmd3C.tmpxxlwmaud
C:\WA6P\Quar\kmd3D.tmpalzohflr
C:\WA6P\Quar\kmd3E.tmpdgsgilqa
C:\WA6P\Quar\kmd3F.tmpfgjdguoi
C:\WA6P\Quar\kmd40.tmpvkitrzfl
C:\WA6P\Quar\kmd41.tmpdzvbrcfe
C:\WA6P\Quar\kmd42.tmpranavrpa
C:\WA6P\Quar\kmd43.tmpzpainupc
C:\WA6P\Quar\kmd44.tmpjzoagkln
C:\WA6P\Quar\kmd45.tmpugrnwwjw
C:\WA6P\Quar\kmd46.tmpzacdwldn
C:\WA6P\Quar\kmd47.tmpeyyfqffh
C:\WA6P\Quar\kmd48.tmpkkqdpciz
C:\WA6P\Quar\kmd49.tmppebsgrdq
C:\WA6P\Quar\kmd4A.tmpxtwagucj
C:\WA6P\Quar\kmenesut
C:\WA6P\Quar\kmfgpaos
C:\WA6P\Quar\kmglqjmd
C:\WA6P\Quar\kmhbrkpy
C:\WA6P\Quar\kmkwlcil
C:\WA6P\Quar\kmmcpmaw
C:\WA6P\Quar\kmmcyzmv
C:\WA6P\Quar\kmmgbmpa
C:\WA6P\Quar\kmoacreg
C:\WA6P\Quar\kmoiecbn
C:\WA6P\Quar\kmroijzl
C:\WA6P\Quar\kmtvnhvd
C:\WA6P\Quar\kmugyppu
C:\WA6P\Quar\kmuobavb
C:\WA6P\Quar\kmwuoxqt
C:\WA6P\Quar\kmwyrkbq
C:\WA6P\Quar\kmxrdsop
C:\WA6P\Quar\kmzmwcpv
C:\WA6P\Quar\kyf.datbppywxeh
C:\WA6P\Quar\launch kazaa.lnkgglwebjr
C:\WA6P\Quar\litkuecq\COPYING
C:\WA6P\Quar\litkuecq\GenericWindowsUtils.dll
C:\WA6P\Quar\litkuecq\install.log
C:\WA6P\Quar\litkuecq\LimeWire.exe
C:\WA6P\Quar\litkuecq\LimeWire.ico
C:\WA6P\Quar\litkuecq\root\magnet10\badge.img
C:\WA6P\Quar\litkuecq\root\magnet10\canHandle.img
C:\WA6P\Quar\litkuecq\root\magnet10\limewire.gif
C:\WA6P\Quar\litkuecq\root\magnet10\options.js
C:\WA6P\Quar\litkuecq\root\magnet10\silentdetect.js
C:\WA6P\Quar\MARSHAL.DLLqtjnjres
C:\WA6P\Quar\MBKWBar.exebyafbeni
C:\WA6P\Quar\msbb.exebbswsusz
C:\WA6P\Quar\msbb.exemkfblwug
C:\WA6P\Quar\msbb.exeujubxnmd
C:\WA6P\Quar\msbbhook.dllhvfstung
C:\WA6P\Quar\msegcompid.dllhwxjneow
C:\WA6P\Quar\mseggrpid.dllnzfxdxpl
C:\WA6P\Quar\MsgPlusLoader.dllkbcuaglt
C:\WA6P\Quar\msxml_cabinstall.exeddswxiwy
C:\WA6P\Quar\mykapsules.htmdwdkzzor
C:\WA6P\Quar\mykazaa.cssgkjcuege
C:\WA6P\Quar\mykazaa.htmgnupxjez
C:\WA6P\Quar\mymedia.htmiiohqwjj
C:\WA6P\Quar\myplaylists.htmapphkifv
C:\WA6P\Quar\ncmyb.dllcyjpramm
C:\WA6P\Quar\ncmyb.dlljbygmkgt
C:\WA6P\Quar\np.m3umfjieihj
C:\WA6P\Quar\NPiimqkb
C:\WA6P\Quar\npjwjjle
C:\WA6P\Quar\nsupdate.execglcrbcg
C:\WA6P\Quar\omiiovvb
C:\WA6P\Quar\p2gbiysr
C:\WA6P\Quar\p2nbloux\MARSHAL.DLL
C:\WA6P\Quar\p2nbloux\MARSHAL3.DLL
C:\WA6P\Quar\p2nbloux\P2P Networking.eng
C:\WA6P\Quar\p2nbloux\P2P Networking.exe
C:\WA6P\Quar\p2nbloux\P2P Networking.LOG
C:\WA6P\Quar\p2nbloux\P2P Networking2.eng
C:\WA6P\Quar\p2nbloux\P2P Networking2.exe
C:\WA6P\Quar\p2p networking v126.cplxmiycodp
C:\WA6P\Quar\P2P NETWORKING.ENGhcazohgn
C:\WA6P\Quar\P2P Networking.exeeazknygg
C:\WA6P\Quar\p2psetup.exewxyaxqeu
C:\WA6P\Quar\p2qjmvcq
C:\WA6P\Quar\p2yyzdcs
C:\WA6P\Quar\play poker now.icojphxmyun
C:\WA6P\Quar\play poker now.urlondzoswh
C:\WA6P\Quar\popup.ocxfzvevilf
C:\WA6P\Quar\prxeksjz
C:\WA6P\Quar\pxsohqpg
C:\WA6P\Quar\RXToolbar.exenohmolcg
C:\WA6P\Quar\rxtqjynt\RXToolBar.tmp
C:\WA6P\Quar\Sekzuqod
C:\WA6P\Quar\Sengllbc
C:\WA6P\Quar\skilledgames.kcdaazcszcz
C:\WA6P\Quar\smdat32a.systbbdxgfs
C:\WA6P\Quar\smdat32m.sysbqesscbc
C:\WA6P\Quar\tblqvbyg\tbon.exe
C:\WA6P\Quar\TBONINST.CFGbpaysejr
C:\WA6P\Quar\TBONINST.CFGoxgswxyk
C:\WA6P\Quar\topsearch.dllyvlymvoa
C:\WA6P\Quar\tv mediahingkcet
C:\WA6P\Quar\Tvm.exezmehmrzv
C:\WA6P\Quar\TvmBho.dllqdegppne
C:\WA6P\Quar\TvmCore.dllypobmogd
C:\WA6P\Quar\tvmknwrd.dlldgkvlaje
C:\WA6P\Quar\tvmknwrd.dlleigzimtd
C:\WA6P\Quar\tvmknwrd.dllfgopsnmh
C:\WA6P\Quar\tvmuknwrd.dllethofwlp
C:\WA6P\Quar\twaintec.infjrnleqag
C:\WA6P\Quar\twaintec.iniewuvebfp
C:\WA6P\Quar\uninst.exemvzjyigq
C:\WA6P\Quar\WebP2PInstaller.dlldiqpibxp
C:\WA6P\Quar\Wesvevgo
C:\WA6P\Quar\wspmnfoa
C:\WA6P\Quar\your free casino chips.icoboyeicvj
C:\WA6P\Quar\your free casino chips.urlvbabdobw
C:\WINDOWS\Downloaded Program Files\UWFX5V_0001_0802NetInstaller.exe
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\tsuninst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_VSPF
-------\Legacy_VSPF_HK

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-25 to 2008-07-25 ))))))))))))))))))))))))))))))))))))
.

2008-07-25 19:05 . 2008-07-25 19:05 <REP> d-------- C:\Program Files\Lopxp
2008-07-25 17:52 . 2008-07-25 19:25 <REP> d----c--- C:\Lop SD
2008-07-25 17:38 . 2008-07-25 17:38 <REP> d-------- C:\Program Files\Trend Micro
2008-07-24 21:35 . 2008-07-24 21:35 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 21:35 . 2008-07-24 21:35 <REP> d-------- C:\Documents and Settings\Cynthia BLANCHET\Application Data\Malwarebytes
2008-07-24 21:35 . 2008-07-24 21:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Malwarebytes
2008-07-24 21:35 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 21:35 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-12 12:30 . 2008-07-12 12:30 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-11 10:52 . 2008-07-11 10:52 <REP> d-------- C:\Program Files\Neuf
2008-06-26 18:57 . 2008-06-26 18:57 <REP> d-------- C:\Program Files\Webroot
2008-06-26 18:56 . 2008-06-26 18:56 164 --a--c--- C:\install.dat
2008-06-26 18:34 . 2008-06-26 18:54 <REP> d-------- C:\Documents and Settings\Cynthia BLANCHET\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 16:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-25 16:34 --------- d-----w C:\Program Files\DivX
2008-07-25 14:17 --------- d-----w C:\Program Files\eMule
2008-07-23 18:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\Application Data\clockthisdoesamok
2008-07-16 11:04 --------- d-----w C:\Program Files\Moon Secure Antivirus
2008-07-09 17:47 --------- d-----w C:\Documents and Settings\Cynthia BLANCHET\Application Data\MSN6
2008-06-27 09:21 --------- d-----w C:\Program Files\AxBx
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 15:54 --------- d-----w C:\Program Files\CCleaner
2008-03-06 16:49 56,592 -c--a-w C:\Documents and Settings\hugo \Application Data\GDIPFONTCACHEV1.DAT
2007-02-02 17:53 46,592 -c--a-w C:\Documents and Settings\Cynthia \fopn.sys
2006-08-26 16:10 58,166 -c--a-w C:\Documents and Settings\Cynthia \Uninstal.exe
2005-07-18 12:18 56,592 -c--a-w C:\Documents and Settings\Cynthia \Application Data\GDIPFONTCACHEV1.DAT
2005-01-21 00:53 45,056 -c----r C:\Program Files\SetAttrib.exe
2004-11-30 07:23 40,960 -c----r C:\Program Files\delete.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"MoneyAgent"="c:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 11:00 204863]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-01 21:42 180269]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 16:21 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2006-01-07 06:26 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 16:41 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2006-01-07 06:26 491520]
"Moon Secure Antivirus"="C:\Program Files\Moon Secure Antivirus\moontray.exe" [2007-01-24 20:49 1153536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CLBR"= P1001Dex.ax
"vidc.ffds"= ffdshow.ax
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-09-01 21:43 208941 C:\Program Files\Real\RealPlayer\realplay.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

S2 msav;Moon Secure Antivirus Core;C:\Program Files\Moon Secure Antivirus\msavcore.exe [2007-01-24 20:49]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]
S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 ids00102;ids00102;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00102.sys []
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []
S3 P1001VID;Creative WebCam (WDM);C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-01-30 04:25]
S4 SvcProc;System Startup Service ;C:\WINDOWS\svcproc.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e634f8be-d745-11dc-be3b-000c6e6a797c}]
\Shell\AutoRun\command - explorer.exe "https://www.laiteriedemontaigu.com/"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-25 15:18:03 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Updater - C:\Program Files\Carpe Diem\MadameSalope[1]\CDUpdater.exe
HKCU-Run-Window math - C:\DOCUME~1\CYNTHI~1\APPLIC~1\OPTION~1\Online Web Ante.exe
HKCU-Run-tbon - C:\Program Files\TBONBin\tbon.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKLM-Run-TV Media - C:\Program Files\TV Media\Tvm.exe
HKLM-Run-P2P Networking2 - C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe
HKLM-Run-InstaFinderK - C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-Stupid Data Dart Wave - C:\Documents and Settings\All Users\Application Data\flag ace stupid data\Media Bin.exe
MSConfigStartUp-NeroCheck - C:\WINDOWS\system32\NeroCheck.exe
MSConfigStartUp-WooCnxMon - C:\PROGRA~1\Wanadoo\CnxMon.exe
MSConfigStartUp-WOOTASKBARICON - C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
MSConfigStartUp-WOOWATCH - C:\PROGRA~1\Wanadoo\Watch.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://home.neuf.fr/

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 19:54:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-25 20:03:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-25 18:03:31

Pre-Run: 6,728,708,096 octets libres
Post-Run: 9,895,141,376 octets libres

583 --- E O F --- 2008-07-12 10:31:37

Réponse 9 / 17

Utilisateur anonyme

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Réponse 10 / 17

Utilisateur anonyme

ça doit aller mieux

refais un scan hijackthis et psot le rapport stp

tinnaa

oui effectivement c mieux
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:52, on 25/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Moon Secure Antivirus\moontray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Moon Secure Antivirus] "C:\Program Files\Moon Secure Antivirus\moontray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Réponse 11 / 17

Utilisateur anonyme

je te conseil vivement de désinstaller : C:\Program Files\Moon Secure Antivirus\

qui m est inconnu

met antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

ensuite :

Télecharge et instal AVG anti spyware:

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

instal le et met le a jours

ensuite lance le scan et supprime

puis poste le rapport sur le forum stp

Tuto : https://kerio.probb.fr/t387-tuto-avg-anti-spyware-anti-spyware

Qu est ce que les cookies : https://kerio.probb.fr/t161-qu-est-ce-qu-un-cookie-tracking-cookie

ensuite :

* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

et penses a faire les mises a jours

tinnaa

jarrive pas a désinstaller Moon Secure Antivirus\

Réponse 12 / 17

Utilisateur anonyme

Copie le texte ci-dessous :

File::
C:\Program Files\Moon Secure Antivirus\moontray.exe

Folder::
C:\Program Files\Moon Secure Antivirus

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Moon Secure Antivirus"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

tinnaa

j'ai du mal avc tools cleaner mais merci pr ton aide

tinnaa

c bon voila le rapport
-->- Recherche:

C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Cynthia \Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Cynthia \Bureau\Lop S&D.lnk: trouvé !
C:\Documents and Settings\Cynthia \Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Cynthia \Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Cynthia \Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Cynthia \Menu Démarrer\Programmes\Lop S&D: trouvé !
C:\Documents and Settings\Cynthia \Recent\HijackThis.lnk: trouvé !
C:\Lop SD\Lop S&D.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Cynthia \Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Cynthia \Bureau\Lop S&D.lnk: supprimé !
C:\Documents and Settings\Cynthia \Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Cynthia \Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Cynthia \Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\Cynthia \Recent\HijackThis.lnk: supprimé !
C:\Lop SD\Lop S&D.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Cynthia \Menu Démarrer\Programmes\Lop S&D: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Réponse 13 / 17

Utilisateur anonyme

Tu as fais le message 26 pour supprimer : Moon Secure Antivirus

tinnaa

oui j'ai tout fais merci

Réponse 14 / 17

Utilisateur anonyme

ok si c est ok pour toi change le satut du sujet en résolu stp

Réponse 15 / 17

tinnaa

je suis pas habituée a ce site je sais pas comment on change le statut

Réponse 16 / 17

Utilisateur anonyme

tu te connectes comme menbre avec ton pseudo et mot de passe

tu vas en haut sur ta premiere question et tu met résolu

@++

bonne vacances

tinnaa Messages postés 23 Statut Membre

oki c fait merci a toi @+

Réponse 17 / 17

Utilisateur anonyme

De rien

@+

Beug intempestifs

17 réponses

Votre réponse

Discussions similaires

Newsletters